System settings: Use Certificate Rules on Windows Executables for Software Restriction PoliciesID: oval:org.secpod.oval:def:8811 | Date: (C)2013-01-21 (M)2022-10-10 |
Class: COMPLIANCE | Family: windows |
The System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies setting should be configured correctly.
This policy setting determines whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). With software restriction policies, you can create a certificate rule that will allow or disallow the execution of Authenticode-signed software, based on the digital certificate that is associated with the software. For certificate rules to take effect in software restriction policies, you must enable this policy setting.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies
(2) KEY: HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled
Platform: |
Microsoft Windows Server 2008 R2 |