Check: DTBI870
Title
Launching programs and unsafe files property is properly set (Restricted Sites Zone). (Cat II impact)
Discussion
This policy setting controls whether or not the “Open File – Security Warning” prompt is shown when launching executables or other unsafe files. If you do not configure this policy setting, users can configure the prompt behavior. By default, execution is blocked in the Restricted Zone, enabled in the Intranet and Local Computer Zones, and set to prompt in the Internet and Trusted Zones.
Check Content
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> “Launching programs and unsafe files” will be set to “Enabled” and “Disable”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: If the value 1806 is REG_DWORD = 3, this is not a finding.
Fix Text
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> “Launching programs and unsafe files” will be set to “Enabled” and “Disable”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Criteria: Set the value 1806 to REG_DWORD = 3.
Additional Identifiers
Rule ID:
Vulnerability ID: V-22159
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |