Fonts may seem harmless, but attackers can use them to sneak malware onto your system. Malicious actors can exploit fonts stored outside the default %windir%\Fonts directory, embedding harmful code that can exploit system vulnerabilities or give attackers deep system access.
To avoid these threats, Windows 11 offers a security feature called Untrusted Font Blocking. This feature restricts fonts stored in unsafe locations from loading through the Graphics Device Interface (GDI).
In this guide, you’ll learn how to configure Untrusted Font Blocking in Windows 11 using the Group Policy Editor and Registry Editor.
📌 Recommended deployment strategies:
| Click to Choose a Method | 💻 Best for Individual Users | 💻💻💻 Best for Enterprises |
| Method 1: Configure via Group Policy Editor | ✓ | |
| Method 2: Modify via Registry Editor | ✓ |
How to turn on or off the Untrusted Font Blocking in Windows 11
Method 1: Configure via Group Policy Editor
📌 Use Cases: Recommended for IT administrators who manage multiple devices in organizations.
📌 Prerequisites:
- Only applicable to Windows 11 Pro, Enterprise, and Education editions.
- Administrator privileges required. (Read #1 in ⚠️ Things to look out for.)
- Press Win + R to open the Run dialog box.
- Type gpedit.msc and click Enter to launch the Local Group Policy Editor.
- Navigate to:
Computer Configuration > Administrative Templates > System > Mitigation Options
- In the right pane, double-click the Untrusted Font Blocking policy.
- Select Enabled to activate the feature.
- Under Options, choose one of the following from the dropdown:
- Block untrusted fonts and log events: Stops untrusted fonts from loading and logs these events.
- Log events without blocking untrusted fonts: Logs font usage without blocking.
- Do not block untrusted fonts: Disables the blocking feature.
- To disable the feature completely, choose Not Configured or Disabled.
- Click Apply, then OK.
- Close the Group Policy Editor.
- Restart your PC to apply the changes. (Read #3 in ⚠️ Things to look out for.)
Method 2: Modify via Registry Editor
📌 Use Cases: This is ideal for users running Windows 11 Home edition or when the Group Policy Editor isn’t available.
📌 Prerequisites: Administrator privileges required. (Read #1 in ⚠️ Things to look out for.)
⚠️ Warning: Editing the registry can cause system issues. Create a backup before proceeding.
- Press Win + R to open the Run dialog box.
- Type regedit and click Enter to launch the Registry Editor.
- Navigate to: (Read #2 in ⚠️ Things to look out for.)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions
💡 If the MitigationOptions key doesn’t exist:
- Right-click Windows NT and select New > Key.
- Name it: MitigationOptions
- In the right pane, right-click and select New > String Value.
- Name it: MitigationOptions_FontBocking
💡 The spelling FontBocking is intentional. This is not a typo.
- Double-click MitigationOptions_FontBocking and set its value data to one of the following:
- To enable untrusted font blocking: 1000000000000
- To enable audit mode: 3000000000000
- To disable untrusted font blocking: Either delete the MitigationOptions_FontBocking value or set it to 2000000000000
(Read #4 in ⚠️ Things to look out for.)
- Click OK to save the changes.
- Close the Registry Editor.
- Restart your computer to apply the changes. (Read #3 in ⚠️ Things to look out for.)
⚠️ Things to look out for
| Risks | Potential Consequences | Reversals |
| 1. Running Group Policy or Registry tools without Admin privileges | Changes won’t save or apply properly. | Reopen tools by right-clicking and selecting Run as administrator. |
| 2. Deleting or editing the wrong registry keys | System instability, app crashes, or boot issues. | Restore the registry from your previously created backup or perform a System Restore. |
| 3. Forgetting to restart your PC after changing policy or registry settings | Settings may not apply. | Restart your computer to apply the changes. |
| 4. Entering incorrect registry values | The feature won’t function as intended. | Double-check the correct values, re-enter them, save, and restart your computer. |
Additional considerations before configuring the Untrusted Font Blocking feature
Before making changes, take these factors into account:
Audit mode
Audit mode lets you preview how the system might behave without immediately blocking fonts. Instead, Windows will simply log whenever an untrusted font loads. This lets you check for potential issues without affecting your apps or workflow.
Event logs
Once Audit mode is enabled, regularly monitor logs in the Event Viewer:
- Press Win + R to open the Run dialog box.
- Type eventvwr.msc and click Enter to launch the Event Viewer.
- Navigate to:
Application and Service Logs > Microsoft > Windows > Win32k > Operational
- Look for Event ID 260 to review untrusted font usage.
Application compatibility
Blocking untrusted fonts may negatively impact legitimate apps relying on custom fonts located outside the standard system fonts directory. Using Audit mode first, or testing critical applications, helps avoid unexpected disruptions.
Configure Untrusted Font Blocking for maximum system security
Untrusted Font Blocking is a helpful security feature that protects your system by preventing the loading of potentially malicious fonts. If you’re an advanced user or an administrator wanting to enable this feature, the simplest way is through the Group Policy Editor, available on Windows Pro, Enterprise, and Education editions.
For users of Windows Home or editions without Group Policy, the Registry Editor provides an alternative, manageable method. One piece of advice is to start in Audit mode before turning on the feature. This allows you to see how blocking untrusted fonts may affect your apps prior to full enforcement.
Related topics:
