As in Windows 10 to prevent loading untrusted fonts
Security of the it infrastructure of the organization is one of the core tasks of each administrator fleet of computers, connected to the Central machine. Most users are not even aware that when installing third-party programs, some of them set the system fonts that are required for the correct working of the program. If the program lives up to their expectations, users continue to use it on and completely forget about the possible threat to the security of the system specific software.
Not all programs are the Ohm vulnerabilities, but some of them may be. Thus, from the point of view of security, it is important to take precautions in advance to avoid any unforeseen situation.
From this article, you will learn how to enable the new security feature in Windows 10, which allows you to further protect the system by preventing untrusted download fonts software. Font untrusted operating system will take any font installed in any directory other than the root of the Windows fonts directory (%windir%Fonts).
NOTE: «local group policy Editor» is only available in professional and enterprise editions of Windows.
So, press + R and type gpedit.msc in the string dialog box «Run». Then press Enter or OK to open «local group policy Editor».
In GPEdit window, proceed in the following way:
Computer configuration -> Administrative templates -> System -> Options-risk-reduction
In the right part of the window you will see the policy entitled «Blocking untrusted fonts» which allows you to deploy a global parameter that prohibit programs to set the system unreliable fonts. By default, this policy is not configured. Click twice to see this:
In the policy setting, click Enabled, and then specify one of three modes of operation function under «Options reduce risks»:
- «Block untrusted fonts and log events» – if you want to prevent untrusted programs to add fonts.
- «Not to block untrusted fonts» is actually the default setting, which means the policy is disabled.
- «The events of the log without blocking untrusted fonts» is a so-called «Audit» in which the system will not block untrusted fonts, but information about installing such fonts will be recorded in the Windows event log. This option allows you to ensure that blocking untrusted fonts should not cause any problems with compatibility or ease of use.
When ready, click «Apply» then «OK». Close the window of Group Policy Editor, and reboot so the changes could take effect.