How to Exclude Specific Apps for Untrusted Font Blocking in Windows 10


A font is a graphical representation of text that may include a different typeface, point size, weight, color, or design.

The Untrusted Font Blocking security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the C:\Windows\Fonts directory. This feature can be configured to be in 3 modes: On, Off, and Audit.

After you turn this feature on, or start using Audit mode, you can look at your event logs for details.

Users may still need apps that have problems because of blocked fonts, so it is suggested that you first run this feature in Audit mode to determine which fonts are causing the problems. After you figure out the problematic fonts, you can try to fix your apps in one of two ways: by directly installing the fonts into the %windir%/Fonts directory or by excluding the underlying processes (apps) and letting the fonts load. As the default solution, it is highly recommend that you install the problematic font. Installing fonts is safer than excluding apps because excluded apps can load any font, trusted or untrusted.

Untrusted Font Blocking Mode Description
On (enable) Block untrusted fonts and log events. Turns the feature on, blocking untrusted fonts and logging installation attempts to the event log.
Off (default - disable) Turns the feature off.
Audit Log events without blocking untrusted fonts. Turns the feature on, logging installation attempts to the event log, but not blocking untrusted fonts.

See also: Block untrusted fonts in an enterprise | Microsoft Docs

This tutorial will show you how to exclude specific apps from Untrusted Font Blocking for all users in Windows 10.

You must be signed in as an administrator to exclude apps from Untrusted Font Blocking.




Here's How:

1. Check the Untrusted Font Blocking event logs to see which app (iexplorer.exe) you want to exclude. (see screenshot below)

Exclude Specific Apps for Untrusted Font Blocking in Windows 10-untrusted_font_blocking_event_log-1.jpg

2. Press the Win+R keys to open Run, type regedit into Run, and click/tap on OK to open Registry Editor.

3. Navigate to the key below in the left pane of Registry Editor. (see screenshot below)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Exclude Specific Apps for Untrusted Font Blocking in Windows 10-exclude_apps_for_untrusted_font_blocking-1.jpg

4. Under the expanded open Image File Execution Options key in the left pane, look to see if a subkey (ex: "iexplorer.exe") for the app already exists. If not, then right click on the Image File Execution Options key, click/tap on New, click/tap on Key, type the file name of the app (ex: "iexplorer.exe") for the key's name, and press Enter. (see screenshot below step 3)

5. In the right pane of the app's key (ex: "iexplorer.exe"), double click/tap on the MitigationOptions QWORD to modify it. (see screenshot below step 3)

If there is not a MitigationOptions QWORD, then right click on an empty area in the right pane of the app's key (ex: "iexplorer.exe"), click/tap on New, click/tap on QWORD (64-bit) Value, type MitigationOptions for the name, and press Enter.

6. Select (dot) Hexadecimal, type the data value in the table below you want to use, and click/tap on OK. (see screenshot below)

Exclude Specific Apps for Untrusted Font Blocking in Windows 10-exclude_apps_for_untrusted_font_blocking-2.png

QWORD data value (hex) Description
100 Default. Uses what you set (block or audit) when enabling Untrusted Font Blocking.
1000000000000 Block untrusted fonts from app and log events.
2000000000000 Exclude. Do not block untrusted fonts from app, and do not log events.
3000000000000 Audit mode. Do not block untrusted fonts from app, and log events.

7. When finished managing exclusions for Untrusted Font Blocking, you can close Registry Editor.


That's it,
Shawn