Block launching desktop programs associated with a file.ID: oval:org.secpod.oval:def:28889 | Date: (C)2015-10-14 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to minimize the risk involved when an app launches the default program for a file. Because desktop programs run at a higher integrity level than apps, there is a risk that an app could compromise the system by launching a file in a desktop program.
If you enable this policy setting, Windows prevents apps from launching files that would open in a desktop program. When you enable this policy setting, apps may only launch files that can be opened by another app.
If you disable or do not configure this policy setting, apps could launch files that would open in a desktop program.
Fix:
(1) GPO: User Configuration\Administrative Templates\Windows Components\App runtime!Block launching desktop programs associated with a file.
(2) REG: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockFileElevation
Platform: |
Microsoft Windows 8.1 |