WinSecWiki > Security Settings > Local Policies > Security Options > System Settings > Use Certificate Rules on Windows Executables For Software Restriction Policies
System Settings: Use Certificate Rules on Windows Executables For Software Restriction Policies
Windows has a security feature called Software Restrictions which are intended as a rudimentary sort of whitelisting technology for controlling what software is allowed to run based on various types of rules including Certificate Rules. Certificate Rules allow you to control whether software can execute based on its Authenticode signature – if it has one. EXE can be signed with Authenticode but frequently are not. It’s more common to see Authenticode with ActiveX controls and such.
Anyway this setting allows you to control whether or not EXEs are subject to any Certificate Rules you define in Software Restrictions.
Bottom line
I recommend leaving this policy disabled unless you want to break a lot of EXEs.
Back to top