Security is prime concern when we employ Windows operating system to an organization where we have to manage considerable number of other systems connected to central machine. When we install a third-party software, sometimes these software may add additional fonts to your system for proper working of the program itself. Most of the users aren’t aware of this and what they only look for is the working of program. If the program fulfills their aim as they expected from it, they forgot the security concerns which the program may compromise with the system.
Recommended : Disable Automatic Updates For Store Apps In Windows 10
Not all programs will inject vulnerability to your system, but some may be – exceptional cases. Thus from the security point of view, it becomes important that we should take precautions in advance to avoid any unexpected situation. Well, Windows 10 comes with some additional security features that will allow you to safeguard your system and prevent programs from loading untrusted fonts on it.
Its worth to mention here that untrusted fonts are not installed to Windows root font directory (%windir%\Fonts). So it becomes more challenging for us to identify where the program installed third-party or unknown vendor supplied fonts. Here is how you can prevent this from happening:
How To Prevent Programs From Loading Untrusted Fonts In Windows 10
NOTE : Local Group Policy Editor is only available in Windows Enterprise and Pro editions.
1. Press + R and put gpedit.msc in Run dialog box to open Local Group Policy Editor. Click OK.
2. Next, in the Local Group Policy Editor window, navigate here:
Computer Configuration -> Administrative Templates -> System -> Mitigation Options
3. At this Group Policy path, highlight the Mitigation Options folder in left pane (refer above shown window) and in the corresponding right pane, look for the Setting named Untrusted Font Blocking. This policy helps us to deploy a global setting that will prevent applications or programs from adding additional third-party fonts to the system. By default, this policy is set to Not Configured or Disabled. Double click on it to get this:
4. Finally, you can configure the policy in the above shown window. Click Enabled and in the Mitigation Options drop-down select:
Block untrusted fonts and log events – if you want to completely block programs from adding untrusted fonts.
Do not block untrusted fonts – this is actually default setting, alternatively it implies that policy is Disabled.
Log events without blocking untrusted fonts – this is called Audit mode, and in it programs won’t block untrusted fonts but they would create logs if they install those fonts. This option is to ensure program compatibility and usability issues on the verge of applying this policy.
When you’re done with your choice, click Apply followed by OK. Close the Group Policy Editor and make a restart to make changes effective.
Hope you find the article useful! Don’t forgot to checkout the way to customize Start List in Windows 10.