Title

Launching programs and unsafe files property is properly set (Internet Zone). (Cat II impact)

Discussion

This policy setting controls whether or not the “Open File – Security Warning” prompt is shown when launching executables or other unsafe files. If you do not configure this policy setting, users can configure the prompt behavior. By default, execution is blocked in the Restricted Zone, enabled in the Intranet and Local Computer Zone, and set to prompt in the Internet and Trusted Zones.

Check Content

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> “Launching programs and unsafe files” will be set to “Enabled” and “Prompt”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: If the value 1806 is REG_DWORD = 1, this is not a finding.

Fix Text

The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone -> “Launching programs and unsafe files” will be set to “Enabled” and “Prompt”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Criteria: Set the value 1806 to REG_DWORD = 1.

Additional Identifiers

Rule ID:

Vulnerability ID: V-22154

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.