Check: DTBI1020
Title
Internet Explorer Processes Restrict ActiveX Install (IExplorer) property is properly set. (Cat II impact)
Discussion
This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you do not configure this policy setting, the user’s preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.
Check Content
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict ActiveX Install -> “Internet Explorer Processes” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: If the value iexplore.exe is REG_SZ = 1 , this is not a finding.
Fix Text
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Restrict ActiveX Install -> “Internet Explorer Processes” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: Set the value iexplore.exe to REG_SZ = 1.
Additional Identifiers
Rule ID:
Vulnerability ID: V-22688
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |