Powered by AMD FX-4170

Select a Tip

There's no place like 

HostsNews blog & Updates

Adding Entries to the Restricted Sites Zone

Adding unwanted sites to the Internet Explorer Restricted Zone

Manually adding entries to the Restricted Sites zone will help prevent installs of unwanted software, this also greatly reduces the amount of unwanted pop-ups! IE will not run scripts that originate from sites the user places in the Restricted zone. To protect your privacy further, IE will not send cookies to sites in the Restricted Sites zone.

New to Internet Explorer is the ability to add IP addresses to the Restricted Zone. You'll find many times these parasites use an IP address rather than a URL. They do this to avoid being blocked by an entry in a HOSTS file. However you can still add a layer of protection to your system by adding those IP addresses to the Restricted Sites zone.

Editors Note: adding a large amount of sites to the Restricted Zone in Windows may cause slow-down problems in some applications. You can reduce the amount of entries by the use of Wildcards, so rather than adding a huge amount of DoubleClick entries, you can use (example) *.doubleclick.net

Adding entries to the Restricted sites can also eliminate the Back Button issue ...


Editors Note: The new Windows 10 Edge browser does NOT use the Restricted Sites zone ... perhaps Microsoft will offer more options in the future?

To remove all the sites listed in the Restricted Sites Zone

Download: DelDomains.inf - Right-click and select: Save Target As
To use: right-click and select: Install (no need to restart - there is no on-screen action)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also. DelDomains was revised (01-16-05) to include the "Enhanced Security Configuration Zones" as some of these newer infections are targeting the "Enhanced" Zone.

Microsoft decided to group both Zones into the same registry key [duh!]
To remove individual entries: Click "Sites", highlight the entry - Click Remove.

The "Reset Internet Explorer settings" will remove all sites in the Trusted and Restricted Zones.

Setting the Restricted Sites Zone

Internet Options | Security tab and highlight the Restricted sites icon ...

Click the Custom Level button and set all sections to Disable.
Note: do not disable the Pop-up blocker or the Phishing Filter.
This will prevent any sites listed from running ActiveX or Javascript file or installing files.
Note: this will also prevent you from mistakenly downloading files from a listed site. (pop-up image on the right)

Setting the Internet Zone for Additional Security

There are quite a few new categories and settings in Internet Explorer. The default has been increased from Medium to Medium-High. However there are still a few options that need to be reset to harden the Internet Zone.

Font Download = reset to Disable ... don't worry the page will still display properly ...

Launching programs and files in a IFrame = reset to Disable ...
This is the single most exploited setting in Internet Explorer!
There are no legitimate sites that I know of that use this option ...

Websites in less privileged web content can navigate into this zone = reset to Disable
This affects sites that are added to the Restricted Zone ... so no you don't want them doing anything!

Editors Note: changing other setting my affect how websites are displayed or may cause problems with them displaying correctly. If you do set your own preferences and experience problems or prompts, simply reset the Zone to the default and start over again ...

Next: Click on the "Content" tab, Click the "Publishers" button
By default you should not have anything listed under "Trusted Publishers"
You can ignore the "Trusted Root Certification Authorities" section.
Highlight and click "Remove" any unknowns, click Ok. Why? read the below carefully.

List of Trusted Publishers and Credentials Agencies
This list controls whose software can be installed on your system without asking you first.
The list can contain both individual software publishers and commercial software publishers. Software that has been published by a publisher in this list can be installed without your explicit approval.
The list can also contain one or more credentials agencies. Similar to a notary, a credentials agency is an organization in the business of attesting to the identity of software publishers. If a credentials agency is in this list, then any publisher certified by that agency is considered trusted, allowing software they publish to be installed on your system without asking you first.

Testing your Setup

Various Troubleshooting Articles


To contribute a listing for our resources, or any other comments: Contact

If you found the MVPS HOSTS file useful ... please consider a donation 

Reproduction of information on this site, in any form, is prohibited without express written permission.
Microsoft and or MVPS.org are in no way affiliated with, nor offers endorsement of, this site.

Copyright 1998 - 2017 All rights reserved.
Creative Commons License
This work is licensed under a Creative Commons License.