Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Allow software to run or install even if the signature is invalid is not disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15499 | DTBI350 | SV-25562r2_rule | DCMC-1 | Medium |
| Description |
|---|
| Microsoft ActiveX controls and file downloads often have digital signatures attached that vouch for both the file's integrity and the identity of the signer (creator) of the software. An invalid signature might indicate that someone has tampered with the file. |
| STIG | Date |
|---|---|
| Internet Explorer 8 STIG | 2015-03-26 |
Details
| Check Text ( C-27043r2_chk ) |
|---|
| Note: Some legitimate software and controls may have an invalid signature. You should carefully test such software in isolation before it is allowed to be used on an organization's network. The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> "Allow software to run or install even if the signature is invalid" will be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Internet Explorer\Download Criteria: If the value RunInvalidSignatures is REG_DWORD = 0, this is not a finding. |
| Fix Text (F-23144r2_fix) |
|---|
| The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> "Allow software to run or install even if the signature is invalid" will be set to “Disabled”. |