Details
This policy setting allows you to manage whether Internet Explorer checks for digital
signatures (which identifies the publisher of signed software and verifies it hasn’t been
modified or tampered with) on user computers before downloading executable programs.
If you enable this policy setting, Internet Explorer will check the digital signatures of
executable programs and display their identities before downloading them to user
computers.
If you disable this policy setting, Internet Explorer will not check the digital signatures of
executable programs or display their identities before downloading them to user
computers.
If you do not configure this policy, Internet Explorer will not check the digital signatures of
executable programs or display their identities before downloading them to user
computers. The recommended state for this setting is- Enabled.
*Rationale*
Although digitally signing software does not guarantee that it includes no malware it does
reduce the risk and it provides another potential path of investigation should the software
include a dangerous payload.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.
Computer ConfigurationAdministrative TemplatesWindows ComponentsInternet
ExplorerInternet Control PanelAdvanced PageCheck for signatures on downloaded
programs
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.