f09f451c-2ec0-4a03-b578-637db9c8ffbf
It's best practice that Internet Explorer is configured to verify the signature of downloaded executables. This identifies the publisher of signed software and verifies it hasn't been modified or tampered with.
https://www.stigviewer.com/stig/microsoft_internet_explorer_11/2018-06-08/finding/V-46633
Enabling this setting via GPO: https://www.stigviewer.com/stig/microsoft_internet_explorer_11/2017-12-12/finding/V-46633
Stig IE11: https://www.stigviewer.com/stig/microsoft_internet_explorer_11/2018-06-08/finding/V-46633