Select the 'Untrusted Font Blocking' to block_untrusted_fonts_and_log_events This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%Fonts directory. This feature can be configured to be in 3 modes: On, Off, and Audit. By default, it is Off and no fonts are blocked. If you aren't quite ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues. Counter Measure: Enable and configure this setting depending on your organization's requirements. Potential Impact: Some applications may not be compatible with blocking untrusted fonts.

[block_untrusted_fonts_and_log_events/do_not_block_untrusted_fonts/log_events_without_blocking_untrusted_fonts]

(1) GPO: Computer ConfigurationAdministrative TemplatesSystemMitigation OptionsUntrusted Font Blocking (2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTMitigationOptionsMitigationOptions_FontBocking