Anything that is considered executable by Windows. Certainly, the obvious things: EXE, DLL. MSP, MSI, MSU.
But also the non-obvious things: XLS, XLSX, DOC, DOCX. The list of things not affected might be far shorter: TXT, PS1, LOG. Actually, that list is pretty long too…anyway… From: [email protected] [mailto:[email protected]] On Behalf Of Brian Hintz Sent: Tuesday, June 10, 2014 2:04 PM To: [email protected] Subject: [NTSysADM] allow software to run or install even if the signature is invalid - file extensions? I have been asked to find the list of file extensions that a specific IE policy restricts. Does anyone know (or have better Google skills than me) what file types or extensions this specific IE setting affects? I have had no luck with my searches thus far. The full path to the setting is "Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow software to run or install even if the signature is invalid" The CIS description is "Microsoft ActiveX® controls and file downloads often have digital signatures attached that help certify the file's integrity and the identity of the signer (creator) of the software. Such signatures help ensure that unmodified software is downloaded and that you can identify active signers to determine whether you trust them enough to run their software." Thanks in advance!
