WinSecWiki > Security Settings > Local Policies > Security Options > System Settings > Use Certificate Rules on Windows Executables For Software Restriction Policies

System Settings: Use Certificate Rules on Windows Executables For Software Restriction Policies

Windows has a security feature called Software Restrictions which are intended as a rudimentary sort of whitelisting technology for controlling what software is allowed to run based on various types of rules including Certificate Rules. Certificate Rules allow you to control whether software can execute based on its Authenticode signature – if it has one. EXE can be signed with Authenticode but frequently are not. It’s more common to see Authenticode with ActiveX controls and such.

Anyway this setting allows you to control whether or not EXEs are subject to any Certificate Rules you define in Software Restrictions.

Bottom line

I recommend leaving this policy disabled unless you want to break a lot of EXEs.

Back to top

 

Additional Resources
    Optional Subsystems
    Use Certificate Rules on Windows Executables For Software Restriction Policies