1.2.1.6 Ensure 'Saved from URL' is set to Enabled - pptview.exe

Information

This setting controls whether Internet Explorer evaluates URLs passed to it by Office applications for Mark of the Web (MOTW) comments. The recommended state for this setting is: Enabled. (Check: groove.exe, excel.exe, mspub.exe, powerpnt.exe, pptview.exe, visio.exe, winproj.exe, outlook.exe, spDesign.exe, exprwd.exe, msaccess.exe, onent.exe, mse7.exe) Typically, when Internet Explorer loads a Web page from a UNC share that contains a Mark of the Web (MOTW) comment that indicates the page was saved from a site on the Internet, Internet Explorer runs the page in the Internet security zone instead of the less restrictive Local Intranet security zone. This functionality can be controlled separately for instances of Internet Explorer spawned by Office applications (for example, if a user clicks a link in an Office document or selects a menu option that loads a Web page). If Internet Explorer does not evaluate the page for a MOTW, potentially dangerous code could be allowed to run.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled. Computer Configuration\Administrative Templates\Microsoft Office 2016 (Machine)\Security Settings\IE Security\Saved from URL Impact: Enabling this setting can cause some Web pages saved on UNC shares to run in a more restrictive security zone when opened from Office applications than they would if the setting were disabled or not configured. However, a page with a MOTW indicating it was saved from an Internet site is presumed to have been designed to run in the Internet zone in the first place, so most users should not experience significant usability issues.

See Also

https://workbench.cisecurity.org/files/571

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.1

Plugin: Windows

Control ID: 67141c438828746919571d89e62758e8b63d01218b853bdd1b792b490b081a68