The Configure Security Policy for Scripted Diagnostics machine setting should be configured correctly. Determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers. If you enable this policy setting, the scripted diagnostics execution engine will validate the signer of any diagnostic package and only run those signed by trusted publishers. If you disable this policy setting, the scripted diagnostics execution engine will run all digitally signed packages. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Scripted Diagnostics\Configure Security Policy for Scripted Diagnostics (2) KEY: HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics\ValidateTrust