8.1.24 Set 'Run .NET Framework- reliant components not signed with Authenticode' to 'Enabled:Disable'

Information

*Description*

This policy setting allows you to manage whether .NET Framework components that are
not signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed executables
If you enable this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will prompt the
user to determine whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed
components.
If you do not configure this policy setting, Internet Explorer will execute unsigned managed
components. The recommended state for this setting is- Enabled-Disable.

*Rationale*

Unsigned components may have a greater chance of including malicious code and it is more
difficult to determine the author of the application therefore they should be avoided if
possible.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.

User Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant
components not signed with Authenticode

Then set the Run .NET Framework-reliant components not signed with Authenticode
option to Disable.


Impact-If you enable this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will prompt the
user to determine whether to execute unsigned managed components. If you disable this
policy setting, Internet Explorer will not execute unsigned managed components. If you do
not configure this policy setting, Internet Explorer will not execute unsigned managed
components.

See Also

https://workbench.cisecurity.org/files/1516

Item Details

Audit Name: CIS IE 9 v1.0.0

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(2)

Plugin: Windows

Control ID: 4dc027a7cdb12efb72d438a0514c467d2d045fb5f8a55252f607b769f3d4e76c