Internet Explorer Enhanced Protected Mode - Turn On or Off

How to Turn On or Off Enhanced Protected Mode in IE10 and IE11


information   Information
Protected Mode, which was added in IE7 for Windows Vista, is defense in depth feature that helps prevent attackers from installing software or modifying system settings if they manage to run exploit code. It is an extra layer of protection that locks down parts of your system that your browser ordinarily doesn’t need to use. For example, your browser doesn’t usually need to modify system settings or write to your Documents folder. Protected Mode is based on the principle of least privilege -- by reducing the capabilities that Internet Explorer has, the capabilities available to exploit code are reduced as well.

Enhanced Protected Mode (EPM) takes this concept further by restricting additional capabilities. EPM is a new security feature in Internet Explorer 10 that was introduced in Windows 8.

In the upcoming Internet Explorer 10 on Windows 7 and Windows Server 2008R2, the only thing that enabling Enhanced Protected Mode does is turn on 64bit Content Processes. But, when running on Windows 8, the EPM option provides even more security by also causing the sandboxed Content Process to run in a new process isolation feature called AppContainer. AppContainer, introduced by Windows 8, offers more fine-grained security permissions and which blocks Write and Read Access to most of the system.

Tabs running in Enhanced Protected Mode on Windows 8 run inside an AppContainer. On Windows 7 and Windows Server 2008 R2, AppContainer does not exist, so EPM only enables 64-bit tabs on a 64-bit OS. (That also means that enabling EPM on a 32bit Windows 7 system doesn’t do anything, because a 32-bit Windows 7 system supports neither 64-bit nor AppContainer).

In Windows 8, Metro-style IE tabs in the Internet and Restricted Zone run in Enhanced Protected mode, while tabs in other zones run in 64-bit only. You cannot disable EPM for Metro-style IE except by turning off Protected Mode entirely.

When EPM was introduced in IE10, AppContainer and 64-bit tabs (EPM) in 64-bit Windows 8 were turned on by default for Internet Explorer in the Windows UI (Metro), but turned off on the desktop IE to run in the Low Integrity Protected Mode with 32-bit tabs. In IE11, AppContainer is turned on now by default in both the Windows UI (Metro) IE11 and desktop IE11, so both environments can share cookies, cache, and other data for a better user experience. EPM is not supported in IE11 Preview on Windows 7.

When Enhanced Protected Mode is enabled, add-ons such as toolbars, browser helper objects (BHOs), and extensions are loaded only if they are compatible with Enhanced Protected Mode. If you have to load an incompatible add-on, you can turn off Enhanced Protected Mode for the desktop browser. This action lets incompatible add-ons load, but it may increase the risk of having malware or other potentially harmful software installed on your computer.


For more detailed information about Enhanced Protected Mode in Internet Explorer, see:



This tutorial will show you how to turn Enhanced Protected Mode (EPM) on or off in IE10 and IE11 for your user account in Windows 7 and Windows 8.





OPTION ONE

Turn On or Off Enhanced Protected Mode for IE10/IE11 in Internet Options


1. Do step 2 or 3 below for how you would like to open Internet Options.​
2. Open the Control Panel (icons view) in Windows 7 or Windows 8, click/tap on the Internet Options icon, and go to step 4 below.​
3. Open Internet Explorer (for desktop in Windows 8), click/tap on the Tools Tools.jpg button, click/tap on Internet options, and go to step 4 below. (see screenshot below)​
IE_Enhanced_Protected_Mode-1.jpg

4. Do step 5 or 6 below for what you would like to do.​
5. To Turn On Enhanced Protected Mode in your IE10 or IE11
A) In the Advanced tab, check the Enable Enhanced Protected Mode box under Security, and go to step 7 below. (see screenshot below step 7)​

6. To Turn Off Enhanced Protected Mode in your IE10 or IE11
A) In the Advanced tab, uncheck the Enable Enhanced Protected Mode box under Security, and go to step 7 below. (see screenshot below step 7)​

7. Click/tap on OK, and restart the PC to apply.​
IE_Enhanced_Protected_Mode-2.jpg








OPTION TWO

Turn On or Off Enhanced Protected Mode for IE10/IE11 using REG File


1. Do step 2 or 3 below for what you would like to do.​
2. To Turn On Enhanced Protected Mode in your IE10 or IE11
A) Click/tap on the Download button below to download the file below, and go to step 4 below.​
Turn_On_EPM_for_IE.reg
download

3. To Turn Off Enhanced Protected Mode in your IE10 or IE11
A) Click/tap on the Download button below to download the file below, and go to step 4 below.​
Turn_Off_EPM_for_IE.reg
download

4. Save the .reg file to your desktop.​
5. Double click/tap on the downloaded .reg file to merge it.​
6. Click/tap on Run, Yes (UAC), Yes, and OK when prompted to approve the merge.​
7. Restart the PC to apply.​
8. When finished, you can delete the downloaded .reg file if you like.


That's it,
Shawn


 

Attachments

Last edited by a moderator:
My Enhanced button was "UNCHECKED" and I always got this annoying bar at the bottom to ask if I wanted to open or save.
ENOUGH already! WIN 8 and IE 11 are toys for kids. it's taking me more time trying to save time it's insane!
Does anyone have any real idea on how to remove the thing or not?
 
Hello tcbelle, and welcome to Eight Forums.

The Open or Save at the bottom of IE has nothing to do with Enhanced Protection Mode.

Open or Save are the options you get when you click on a link to either download a file (save) or open it if it's say a text type file.
 
tried Turn_Off_EPM_for_IE.reg but it did not work for me. Using Windows 8.1 with ie11. The box remains greyed out and check mark cannot be removed. any ideas??
 
Hello dlddemon,

It sounds like you have Enhanced Protection Mode disabled by group policy.

If you like, download and merge the .reg file below, approve merging it, and restart the computer to apply. This will remove the group policy setting to be back to default, and hopefully allow you to change the Enhanced Protection Mode setting afterwards. :)

View attachment Enable_IE_Enhanced_Protected_Mode.reg
 
Hi Brink,
I tried to remove the group policy setting as you suggested and then re applied the, turn off EPM, but unfortunately did not get rid of the greyed out check box.
 
If you like, you could do a system restore using a restore point dated before you think this happened to undo it. You may have to try using another older restore point if the first one you try turns out not to be before.
 
If you like, you could do a system restore using a restore point dated before you think this happened to undo it. You may have to try using another older restore point if the first one you try turns out not to be before.

Hi Brink,
I ran system restore twice but it did not resolve the issue.
I thought the problem might be in ie11 with some corrupt file problems so ran sfc/scannow, found no problems.
Then used the reset tool in internet explorer back to default settings and this did not help.
So I uninstalled ie11 from Windows8. restarted my computer. (using turning on and off windows features)
Then reinstalled ie11 and again rebooted.
I now have access to the enhanced protection mode check box and proceeded to follow your instructions.
All now appears to be OK.
Thanks for your input and helping me through this.:thumb:
D
 
That's great news D. Thank you for posting back with your results. :)
 
Back
Top