Untrusted Font Blocking
Supported on: At least Windows Server 2016, Windows 10
Registry
HKLM
SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions Options
MitigationOptions_FontBocking enum - Block untrusted fonts and log events
->
1000000000000 - Do not block untrusted fonts
->
2000000000000 - Log events without blocking untrusted fonts
->
3000000000000
Description
This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory. This feature can be configured to be in 3 modes: On, Off, and Audit. By default, it is Off and no fonts are blocked. If you aren't quite ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues.