ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
An XCCDF Rule
Description
This policy setting allows management of whether ActiveX controls marked safe for scripting can interact with a script. If you enable this policy setting, script interaction can occur automatically without user intervention. ActiveX controls not marked as safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked safe, it should not be initialized and executed.
- ID
- SV-223059r879630_rule
- Version
- DTBI116-IE11
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> 'Script ActiveX controls marked safe for scripting' to 'Enabled', and select 'Disable' from the drop-down box.