Internet Explorer Enhanced Protected Mode - Turn On or Off

How to Turn On or Off Enhanced Protected Mode in IE10 and IE11


information   Information
Protected Mode, which was added in IE7 for Windows Vista, is defense in depth feature that helps prevent attackers from installing software or modifying system settings if they manage to run exploit code. It is an extra layer of protection that locks down parts of your system that your browser ordinarily doesn’t need to use. For example, your browser doesn’t usually need to modify system settings or write to your Documents folder. Protected Mode is based on the principle of least privilege -- by reducing the capabilities that Internet Explorer has, the capabilities available to exploit code are reduced as well.

Enhanced Protected Mode (EPM) takes this concept further by restricting additional capabilities. EPM is a new security feature in Internet Explorer 10 that was introduced in Windows 8.

In the upcoming Internet Explorer 10 on Windows 7 and Windows Server 2008R2, the only thing that enabling Enhanced Protected Mode does is turn on 64bit Content Processes. But, when running on Windows 8, the EPM option provides even more security by also causing the sandboxed Content Process to run in a new process isolation feature called AppContainer. AppContainer, introduced by Windows 8, offers more fine-grained security permissions and which blocks Write and Read Access to most of the system.

Tabs running in Enhanced Protected Mode on Windows 8 run inside an AppContainer. On Windows 7 and Windows Server 2008 R2, AppContainer does not exist, so EPM only enables 64-bit tabs on a 64-bit OS. (That also means that enabling EPM on a 32bit Windows 7 system doesn’t do anything, because a 32-bit Windows 7 system supports neither 64-bit nor AppContainer).

In Windows 8, Metro-style IE tabs in the Internet and Restricted Zone run in Enhanced Protected mode, while tabs in other zones run in 64-bit only. You cannot disable EPM for Metro-style IE except by turning off Protected Mode entirely.

When EPM was introduced in IE10, AppContainer and 64-bit tabs (EPM) in 64-bit Windows 8 were turned on by default for Internet Explorer in the Windows UI (Metro), but turned off on the desktop IE to run in the Low Integrity Protected Mode with 32-bit tabs. In IE11, AppContainer is turned on now by default in both the Windows UI (Metro) IE11 and desktop IE11, so both environments can share cookies, cache, and other data for a better user experience. EPM is not supported in IE11 Preview on Windows 7.

When Enhanced Protected Mode is enabled, add-ons such as toolbars, browser helper objects (BHOs), and extensions are loaded only if they are compatible with Enhanced Protected Mode. If you have to load an incompatible add-on, you can turn off Enhanced Protected Mode for the desktop browser. This action lets incompatible add-ons load, but it may increase the risk of having malware or other potentially harmful software installed on your computer.


For more detailed information about Enhanced Protected Mode in Internet Explorer, see:



This tutorial will show you how to turn Enhanced Protected Mode (EPM) on or off in IE10 and IE11 for your user account in Windows 7 and Windows 8.





OPTION ONE

Turn On or Off Enhanced Protected Mode for IE10/IE11 in Internet Options


1. Do step 2 or 3 below for how you would like to open Internet Options.​
2. Open the Control Panel (icons view) in Windows 7 or Windows 8, click/tap on the Internet Options icon, and go to step 4 below.​
3. Open Internet Explorer (for desktop in Windows 8), click/tap on the Tools Tools.jpg button, click/tap on Internet options, and go to step 4 below. (see screenshot below)​
IE_Enhanced_Protected_Mode-1.jpg

4. Do step 5 or 6 below for what you would like to do.​
5. To Turn On Enhanced Protected Mode in your IE10 or IE11
A) In the Advanced tab, check the Enable Enhanced Protected Mode box under Security, and go to step 7 below. (see screenshot below step 7)​

6. To Turn Off Enhanced Protected Mode in your IE10 or IE11
A) In the Advanced tab, uncheck the Enable Enhanced Protected Mode box under Security, and go to step 7 below. (see screenshot below step 7)​

7. Click/tap on OK, and restart the PC to apply.​
IE_Enhanced_Protected_Mode-2.jpg








OPTION TWO

Turn On or Off Enhanced Protected Mode for IE10/IE11 using REG File


1. Do step 2 or 3 below for what you would like to do.​
2. To Turn On Enhanced Protected Mode in your IE10 or IE11
A) Click/tap on the Download button below to download the file below, and go to step 4 below.​
Turn_On_EPM_for_IE.reg
download

3. To Turn Off Enhanced Protected Mode in your IE10 or IE11
A) Click/tap on the Download button below to download the file below, and go to step 4 below.​
Turn_Off_EPM_for_IE.reg
download

4. Save the .reg file to your desktop.​
5. Double click/tap on the downloaded .reg file to merge it.​
6. Click/tap on Run, Yes (UAC), Yes, and OK when prompted to approve the merge.​
7. Restart the PC to apply.​
8. When finished, you can delete the downloaded .reg file if you like.


That's it,
Shawn


 

Attachments

  • Turn_Off_EPM_for_IE.reg
    594 bytes · Views: 14,379
  • Turn_On_EPM_for_IE.reg
    594 bytes · Views: 8,447
  • Metro_IE.png
    Metro_IE.png
    2 KB · Views: 310
Last edited by a moderator:
My Enhanced button was "UNCHECKED" and I always got this annoying bar at the bottom to ask if I wanted to open or save.
ENOUGH already! WIN 8 and IE 11 are toys for kids. it's taking me more time trying to save time it's insane!
Does anyone have any real idea on how to remove the thing or not?
 

My Computer

System One

  • OS
    windows 8
    Computer type
    PC/Desktop
Hello tcbelle, and welcome to Eight Forums.

The Open or Save at the bottom of IE has nothing to do with Enhanced Protection Mode.

Open or Save are the options you get when you click on a link to either download a file (save) or open it if it's say a text type file.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
tried Turn_Off_EPM_for_IE.reg but it did not work for me. Using Windows 8.1 with ie11. The box remains greyed out and check mark cannot be removed. any ideas??
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus CM1855
    CPU
    3.1 Ghz AMD Eight-Core FX-8120
    Motherboard
    unknown
    Memory
    10 GB
    Graphics Card(s)
    AMD Radeon HD7670 2GB DDR3
    Browser
    IE10
    Antivirus
    Trend Micro
Hello dlddemon,

It sounds like you have Enhanced Protection Mode disabled by group policy.

If you like, download and merge the .reg file below, approve merging it, and restart the computer to apply. This will remove the group policy setting to be back to default, and hopefully allow you to change the Enhanced Protection Mode setting afterwards. :)

View attachment Enable_IE_Enhanced_Protected_Mode.reg
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Hi Brink,
I tried to remove the group policy setting as you suggested and then re applied the, turn off EPM, but unfortunately did not get rid of the greyed out check box.
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus CM1855
    CPU
    3.1 Ghz AMD Eight-Core FX-8120
    Motherboard
    unknown
    Memory
    10 GB
    Graphics Card(s)
    AMD Radeon HD7670 2GB DDR3
    Browser
    IE10
    Antivirus
    Trend Micro

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Thanks again Brink but no luck with this either.
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus CM1855
    CPU
    3.1 Ghz AMD Eight-Core FX-8120
    Motherboard
    unknown
    Memory
    10 GB
    Graphics Card(s)
    AMD Radeon HD7670 2GB DDR3
    Browser
    IE10
    Antivirus
    Trend Micro
If you like, you could do a system restore using a restore point dated before you think this happened to undo it. You may have to try using another older restore point if the first one you try turns out not to be before.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Yes, Thanks Brink.
I think that is what I will have to do.
Will let you know how I make out.
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus CM1855
    CPU
    3.1 Ghz AMD Eight-Core FX-8120
    Motherboard
    unknown
    Memory
    10 GB
    Graphics Card(s)
    AMD Radeon HD7670 2GB DDR3
    Browser
    IE10
    Antivirus
    Trend Micro
If you like, you could do a system restore using a restore point dated before you think this happened to undo it. You may have to try using another older restore point if the first one you try turns out not to be before.

Hi Brink,
I ran system restore twice but it did not resolve the issue.
I thought the problem might be in ie11 with some corrupt file problems so ran sfc/scannow, found no problems.
Then used the reset tool in internet explorer back to default settings and this did not help.
So I uninstalled ie11 from Windows8. restarted my computer. (using turning on and off windows features)
Then reinstalled ie11 and again rebooted.
I now have access to the enhanced protection mode check box and proceeded to follow your instructions.
All now appears to be OK.
Thanks for your input and helping me through this.:thumb:
D
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus CM1855
    CPU
    3.1 Ghz AMD Eight-Core FX-8120
    Motherboard
    unknown
    Memory
    10 GB
    Graphics Card(s)
    AMD Radeon HD7670 2GB DDR3
    Browser
    IE10
    Antivirus
    Trend Micro
That's great news D. Thank you for posting back with your results. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Back
Top