"Software\Microsoft\Internet Explorer\Download"

당일 악성 샘플 (Rogue) 을 살펴보던 도중 위 키에 대해서 로그가 남는 것을 확인하였다.
그 기능이 어떤 것인지 검색하였고, 정보를 노트해놓는다.

참고 : http://www.insidetheregistry.com/regdatabase
예제 :
     [HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Download]
     "CheckExeSignatures"="no"
     "RunInvalidSignatures"=dword:00000001

Policy: Check for signatures on downloaded programs

This policy setting is contained within the "INETRES.ADMX" policy template file.

This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs. If you enable this policy setting, Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers. If you disable this policy setting, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers. If you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers

설명에 따르면 Internet Explorer 를 통해서 다운로드 받는 '실행 가능한 파일' 에 대해서 디지털 서명을 검사한다는 말인데.
서명의 유효성까지는 모르겠고, 파일 변조 여부를 검사하는 차원일 것으로 생각된다.

기본값 : "No"

Supported on At least Internet Explorer 6.0 in Windows 2003 Service Pack 1

Policy: Allow software to run or install even if the signature is invalid

This policy setting is contained within the "INETRES.ADMX" policy template file.

This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file. If you enable this policy setting, users will be prompted to install or run files with an invalid signature. If you disable this policy setting, users cannot run or install files with an invalid signature. If you do not configure this policy, users can choose to run or install files with an invalid signature

설명에 따르면 Internet Explorer 를 통해서 실행되는 파일들 (ActiveX, 다운로드및실행) 이 잘못된 서명을 달고 있을 때 실행할지 말지 여부를 설정하는 항목이다.

기본값 : "0x01"

Supported on At least Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1