8.3.22 Set 'Run .NET Framework- reliant components signed with Authenticode' to 'Enabled:Disable'

Information

*Description*

This policy setting allows you to manage whether .NET Framework components that are
signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed executables

*Rationale*

If you enable this policy setting, Internet Explorer will execute signed managed
components, it may be possible for someone to host malicious content on a website that
takes advantage of these components.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET
Framework-reliant components signed with Authenticode\Run .NET Framework-reliant
components signed with Authenticode

Then set the Run .NET Framework-reliant components signed with Authenticode
option to Disable.

Impact-If you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will prompt the
user to determine whether to execute signed managed components. If you disable this
policy setting, Internet Explorer will not execute signed managed components. If you do
not configure this policy setting, Internet Explorer will not execute signed managed
components.

See Also

https://workbench.cisecurity.org/files/1516

Item Details

Audit Name: CIS IE 9 v1.0.0

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(2)

Plugin: Windows

Control ID: 18c163201e0ad71a060fd7a47c760cc3ea8b632cc9fa5f4cf4c94296078803d2