Powered by AMD FX-4170

Select a Tip

There's no place like 127.0.0.1 
MVPS Hosts News blog

Adding Entries to the Restricted Sites Zone

Adding unwanted sites to the Internet Explorer Restricted Zone

Manually adding entries to the Restricted Sites zone will help prevent installs of unwanted software, this also greatly reduces the amount of unwanted pop-ups! IE will not run scripts that originate from sites the user places in the Restricted zone. To protect your privacy further, IE will not send cookies to sites in the Restricted Sites zone.

New to Internet Explorer is the ability to add IP addresses to the Restricted Zone. You'll find many times these parasites use an IP address rather than a URL. They do this to avoid being blocked by an entry in a HOSTS file. However you can still add a layer of protection to your system by adding those IP addresses to the Restricted Sites zone.

Editors Note: adding a large amount of sites to the Restricted Zone in Windows may cause slow-down problems in some applications. You can reduce the amount of entries by the use of Wildcards, so rather than adding a huge amount of DoubleClick entries, you can use (example) *.doubleclick.net

Adding entries to the Restricted sites can also eliminate the Back Button issue ...

To determine sites that are getting thru your Layered Protection

Clear your browser cache, then browse for a while. Then go to:
Internet Options | General [tab] | Settings [button] | View Files [button]

Next: click the "Internet Address" header to sort the files by URL. Scroll the list, if you find a undesired address, either a URL or IP address - right-click the culprit in the "Name" header, and select: Properties. From there you can copy the entry. Once you have determined that this is an undesired site add the entry to the "Restricted sites". In the event you are not sure, you can usually determine the "owner" from DomainTools or DNSstuff.

To remove all the sites listed in the Restricted Sites Zone

Download: DelDomains.inf - Right-click and select: Save Target As
To use: right-click and select: Install (no need to restart - there is no on-screen action)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also. DelDomains was revised (01-16-05) to include the "Enhanced Security Configuration Zones" as some of these newer infections are targeting the "Enhanced" Zone.

Microsoft decided to group both Zones into the same registry key [duh!]
To remove individual entries: Click "Sites", highlight the entry - Click Remove.

The "Reset Internet Explorer settings" will remove all sites in the Trusted and Restricted Zones.

Setting the Restricted Sites Zone

Internet Options | Security tab and highlight the Restricted sites icon ...

Click the Custom Level button and set all sections to Disable.
Note: do not disable the Pop-up blocker or the Phishing Filter.
This will prevent any sites listed from running ActiveX or Javascript file or installing files.
Note: this will also prevent you from mistakenly downloading files from a listed site. (pop-up image on the right)

Setting the Internet Zone for Additional Security

There are quite a few new categories and settings in Internet Explorer. The default has been increased from Medium to Medium-High. However there are still a few options that need to be reset to harden the Internet Zone.

Font Download = reset to Disable ... don't worry the page will still display properly ...

Launching programs and files in a IFrame = reset to Disable ...
This is the single most exploited setting in Internet Explorer!
There are no legitimate sites that I know of that use this option ...

Websites in less privileged web content can navigate into this zone = reset to Disable
This affects sites that are added to the Restricted Zone ... so no you don't want them doing anything!

Editors Note: changing other setting my affect how websites are displayed or may cause problems with them displaying correctly. If you do set your own preferences and experience problems or prompts, simply reset the Zone to the default and start over again ...

Next: Click on the "Content" tab, Click the "Publishers" button
By default you should not have anything listed under "Trusted Publishers"
You can ignore the "Trusted Root Certification Authorities" section.
Highlight and click "Remove" any unknowns, click Ok. Why? read the below carefully.
Editors Note: a good example of this unsavory practice is eTrust.Win32.Wintrim.U

List of Trusted Publishers and Credentials Agencies
This list controls whose software can be installed on your system without asking you first.
The list can contain both individual software publishers and commercial software publishers. Software that has been published by a publisher in this list can be installed without your explicit approval.
The list can also contain one or more credentials agencies. Similar to a notary, a credentials agency is an organization in the business of attesting to the identity of software publishers. If a credentials agency is in this list, then any publisher certified by that agency is considered trusted, allowing software they publish to be installed on your system without asking you first.

Testing your Setup

Various Troubleshooting Articles

Editors Note: some of these newer parasites have been adding themselves to the "Trusted Zone" to bypass common security measures. There is no easy method to detect these new entries, you can either check them manually by highlighting the Trusted Zone icon, and press the Sites button. Or you can run HijackThis!, which displays Trusted Zone entries.

[Example]
O15 - Trusted Zone: *.pluginaccess.com
Note: this Dialer adds itself to the Trusted Zone during the install. To avoid this, place the site in the Restricted Zone - the thought being IE will not allow the same site to exist in two zones.

Important There are now a whole host of Trojans that will write multiple sites to the Trusted Zone. The majority of these culprits are now entries in the HOSTS file and marked as:  [Trojan.TrustedZones] You can add another "Layer of Protection" by using Microsoft Defender or Microsoft Security Essentials (Win7) which monitors the entries added to the Registry.

 


To contribute a listing for our resources, or any other comments: Contact

If you found the MVPS HOSTS file useful ... please consider a donation 

Reproduction of information on this site, in any form, is prohibited without express written permission.
Microsoft and or MVPS.org are in no way affiliated with, nor offers endorsement of, this site.


Copyright 1998 - 2013 All rights reserved.
Creative Commons License
This work is licensed under a Creative Commons License.
http://winhelp2002.mvps.org/restricted.htm