Software without valid signature are allowed to run or install through internet explorer
Disable "Allow software to run or install even if the signature is invalid", since this setting allows software and file downloads to be installed or executed by the user even if the signature is invalid. An invalid signature might indicate that someone has tampered with the file.
Internet Explorer Hardening
Follow the below steps in GPO to resolve the misconfiguration.
The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> "Allow software to run or install even if the signature is invalid" will be set to Disabled.
Does remediation require reboot?
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.