This guide will show you simple steps to block or allow untrusted fonts on your Windows 11 PC. Blocking untrusted fonts helps keep your computer safe from harmful files.
What Are Fonts and Untrusted Fonts?
Fonts are the styles of letters and numbers you see on your screen. Windows stores its fonts in the folder: C:\Windows\Fonts. You can add new fonts by copying font files into this folder.
Untrusted fonts are fonts that are installed outside this main fonts folder. They might come from unknown or unsafe sources, which can cause security problems.
Why Block Untrusted Fonts?
Sometimes, attackers use bad fonts to try to harm your computer. Windows 11 has a feature called Blocking Untrusted Fonts that helps protect you by stopping unsafe fonts from running.
How to Control Untrusted Fonts in Windows 11
There are 3 ways you can control untrusted fonts:
| Option | What It Does |
|---|---|
| On | Blocks unsafe fonts from loading outside the trusted font folder and records these events. |
| Audit | Does not block fonts but keeps a log of apps that use untrusted fonts. |
| Exclude apps | Lets you allow certain apps to use untrusted fonts, even if blocking is on. |
Method 1: Use the Local Group Policy Editor
The easiest way to turn this feature on or off is through the Local Group Policy Editor.
- Press Windows key + R, type
gpedit.msc, and press Enter to open the Local Group Policy Editor.
(If you don’t know how to open it, see this guide: How to open Local Group Policy Editor) - In the editor, go to:
Computer Configuration > Administrative Templates > System > Mitigation Options - On the right side, find and double-click Untrusted Font Blocking.
- Choose one of these options:
- Not Configured (default) – No fonts are blocked.
- Enabled – Blocks untrusted fonts and logs events.
- Disabled – Same as Not Configured, no fonts are blocked.
- Click OK to save your changes and close the window.
Method 2: Use the Windows Registry Editor
If you can’t open the Group Policy Editor (for example, on Windows Home editions), you can use the Windows Registry Editor instead.
- Press Windows key + R, type
regedit, and press Enter to open the Registry Editor.
(If you need help, see: How to open Windows Registry Editor) - In Registry Editor, go to this folder:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions - If you don’t see the
MitigationOptionsfolder, right-clickWindows NT, select New > Key, and name itMitigationOptions. - Right-click on the right side of the
MitigationOptionsfolder and select New > DWORD (32-bit) Value. - Name this new value:
MitigationOptions_FontBlocking. - Double-click this new value to edit it. Set the base to Hexadecimal and use one of these values:
- 1000000000000 – Turn on blocking.
- 2000000000000 – Turn off blocking.
- 3000000000000 – Audit only (log events, don’t block).
- Click OK and close the Registry Editor.
- Restart your computer for the changes to take effect.
Summary
- Blocking untrusted fonts helps protect your Windows 11 PC from harmful files.
- You can control this setting using either the Local Group Policy Editor or the Registry Editor.
- Choose to block, audit, or allow untrusted fonts based on your needs.
- Remember to restart your PC after making changes.
If you want to learn more about fonts on Windows 11, check out this easy guide on how to install fonts in Windows 11.
References:
If you have questions or want to share your experience, please leave a comment below!
Leave a Reply Cancel reply