Enable or Disable Untrusted Font Blocking in Windows 10

How to Enable or Disable Untrusted Font Blocking in Windows 10

A font is a graphical representation of text that may include a different typeface, point size, weight, color, or design.

The Untrusted Font Blocking security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the C:\Windows\Fonts directory. This feature can be configured to be in 3 modes: On, Off, and Audit.

If you aren’t quite ready to enable Untrusted Font Blocking, you can run it in Audit mode to see if not loading untrusted fonts causes any usability or compatibility issues.

You can exclude specific apps, allowing them to load untrusted fonts, even while Untrusted Font Blocking is turned on.

Untrusted Font Blocking Mode Description

On (enable) Block untrusted fonts and log events. Turns the feature on, blocking untrusted fonts and logging installation attempts to the event log.

Off (default - disable) Turns the feature off.

Audit Log events without blocking untrusted fonts. Turns the feature on, logging installation attempts to the event log, but not blocking untrusted fonts.

See also: Block untrusted fonts in an enterprise | Microsoft Docs

This tutorial will show you how to enable or disable Untrusted Font Blocking for all users in Windows 10.

You must be signed in as an administrator to enable or disable Untrusted Font Blocking.

CONTENTS:

Option One: Enable or Disable Untrusted Font Blocking in Local Group Policy Editor
Option Two: Enable or Disable Untrusted Font Blocking using a REG file

OPTION ONE

Enable or Disable Untrusted Font Blocking in Local Group Policy Editor

The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

All editions can use Option Two below.

1. Open the Local Group Policy Editor.

2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)

Computer Configuration\Administrative Templates\System\Mitigation Options

3. In the right pane of Mitigation Options in Local Group Policy Editor, double click/tap on the Untrusted Font Blocking policy to edit it. (see screenshot above)

4. Do step 5 (enable), step 6 (disable), or step 7 (audit) below for what you would like to do.

5. To Enable Untrusted Font Blocking

A) Select (dot) Enabled, select Block untrusted fonts and log events in the "Mitigation Options" drop menu, click/tap on OK, and go to step 8 below. (see screenshot below)

6. To Disable Untrusted Font Blocking

A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 8 below. (see screenshot below)

Not Configured is the default setting.

7. To Use Audit Mode for Untrusted Font Blocking

A) Select (dot) Enabled, select Log events without blocking untrusted fonts in the "Mitigation Options" drop menu, click/tap on OK, and go to step 8 below. (see screenshot below)

8. When finished, you can close the Local Group Policy Editor.

OPTION TWO

Enable or Disable Untrusted Font Blocking using a REG file

The downloadable .reg files below will add and modify the string value in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions

MitigationOptions_FontBocking string value (REG_SZ)

delete = Disable (off)
1000000000000 = Enable (on)
3000000000000 - Audit

1. Do step 2 (enable), step 3 (disable), or step 4 (audit) below for what you would like to do.

2. To Enable Untrusted Font Blocking

A) Click/tap on the Download button below to download the file below, and go to step 5 below.

Untrust_Font_Blocking-Block_untrusted_fonts_and_log_events.reg

Download

3. To Disable Untrusted Font Blocking

This is the default setting.

A) Click/tap on the Download button below to download the file below, and go to step 5 below.

Untrust_Font_Blocking-Do_not_block_untrusted_fonts.reg

Download

4. To Use Audit Mode for Untrusted Font Blocking

A) Click/tap on the Download button below to download the file below, and go to step 5 below.

Untrust_Font_Blocking_Log_events_without_blocking_untrusted_fonts.reg

Download

5. Save the .reg file to your desktop.

6. Double click/tap on the downloaded .reg file to merge it.

7. When prompted, click/tap on Run, OK (UAC), Yes, and OK to approve the merge.

8. Restart the computer to apply.

9. You can now delete the downloaded .reg file if you like.

That's it,
Shawn

Related Tutorials

How to Read Event Viewer Log for Untrusted Font Blocking in Windows 10
How to Exclude Specific Apps for Untrusted Font Blocking in Windows 10
How to Install Fonts in Windows 10
How to Get Fonts from the Microsoft Store in Windows 10
How to Preview Fonts in Windows 10
How to Delete Fonts in Windows 10
How to Change the Default System Font in Windows 10
How to Create Custom Font with Microsoft Font Maker app in Windows 10
How to Hide or Show Fonts in Windows
How to Backup and Restore Font Settings in Windows
How to Restore Default Font Settings in Windows
How to Enable or Disable Font Smoothing in Windows
How to Rebuild Font Cache in Windows 10

Windows 11 Tutorials

Untrusted Font Blocking Mode	Description
On (enable)	Block untrusted fonts and log events. Turns the feature on, blocking untrusted fonts and logging installation attempts to the event log.
Off (default - disable)	Turns the feature off.
Audit	Log events without blocking untrusted fonts. Turns the feature on, logging installation attempts to the event log, but not blocking untrusted fonts.