Details

This policy setting allows you to manage whether software such as ActiveX controls and file downloads can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file.

If you enable this policy setting users will be prompted to install or run files with an invalid signature.

If you disable this policy setting users cannot run or install files with an invalid signature.

If you do not configure this policy users can choose to run or install files with an invalid signature.

Solution

Policy Path: Windows ComponentsInternet ExplorerInternet Control PanelAdvanced Page
Policy Setting Name: Allow software to run or install even if the signature is invalid

Supportive Information

The following resource is also helpful.

• https://blogs.technet.microsoft.com/secguide/2018/04/30/security-baseline-for-windows-10-april-2018-update-v1803-final/

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

• 800-53|SC-18(4)

Source

• Tenable.com/audits