It's best practice to configure Internet Explorer to enforce the verification of signatures for downloaded files, and to disallow running or installing files when an invalid signature is detected. This identifies the publisher of signed software and verifies it hasn't been modified or tampered with.

https://www.stigviewer.com/stig/microsoft_internet_explorer_11/2018-06-08/finding/V-46625