Allow software to run or install even if the signature is invalid

Information

This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file.
If you enable this policy setting, users will be prompted to install or run files with an invalid signature.
If you disable this policy setting, users cannot run or install files with an invalid signature.
If you do not configure this policy, users can choose to run or install files with an invalid signature.

Solution

Policy Path: Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Policy Setting Name: Allow software to run or install even if the signature is invalid

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082/

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(4)

Plugin: Windows

Control ID: b065510d64bb74c734baa521bd8137b18a85b3444165bfee0c25281496e14140