How to Turn On or Off Enhanced Protected Mode in IE10 and IE11
Information
Protected Mode, which was added in IE7 for Windows Vista, is defense in depth feature that helps prevent attackers from installing software or modifying system settings if they manage to run exploit code. It is an extra layer of protection that locks down parts of your system that your browser ordinarily doesn’t need to use. For example, your browser doesn’t usually need to modify system settings or write to your Documents folder. Protected Mode is based on the principle of least privilege -- by reducing the capabilities that Internet Explorer has, the capabilities available to exploit code are reduced as well.
Enhanced Protected Mode (EPM) takes this concept further by restricting additional capabilities. EPM is a new security feature in Internet Explorer 10 that was introduced in Windows 8.
In the upcoming Internet Explorer 10 on Windows 7 and Windows Server 2008R2, the only thing that enabling Enhanced Protected Mode does is turn on 64bit Content Processes. But, when running on Windows 8, the EPM option provides even more security by also causing the sandboxed Content Process to run in a new process isolation feature called AppContainer. AppContainer, introduced by Windows 8, offers more fine-grained security permissions and which blocks Write and Read Access to most of the system.
Tabs running in Enhanced Protected Mode on Windows 8 run inside an AppContainer. On Windows 7 and Windows Server 2008 R2, AppContainer does not exist, so EPM only enables 64-bit tabs on a 64-bit OS. (That also means that enabling EPM on a 32bit Windows 7 system doesn’t do anything, because a 32-bit Windows 7 system supports neither 64-bit nor AppContainer).
In Windows 8, Metro-style IE tabs in the Internet and Restricted Zone run in Enhanced Protected mode, while tabs in other zones run in 64-bit only. You cannot disable EPM for Metro-style IE except by turning off Protected Mode entirely.
When EPM was introduced in IE10, AppContainer and 64-bit tabs (EPM) in 64-bit Windows 8 were turned on by default for Internet Explorer in the Windows UI (Metro), but turned off on the desktop IE to run in the Low Integrity Protected Mode with 32-bit tabs. In IE11, AppContainer is turned on now by default in both the Windows UI (Metro) IE11 and desktop IE11, so both environments can share cookies, cache, and other data for a better user experience. EPM is not supported in IE11 Preview on Windows 7.
When Enhanced Protected Mode is enabled, add-ons such as toolbars, browser helper objects (BHOs), and extensions are loaded only if they are compatible with Enhanced Protected Mode. If you have to load an incompatible add-on, you can turn off Enhanced Protected Mode for the desktop browser. This action lets incompatible add-ons load, but it may increase the risk of having malware or other potentially harmful software installed on your computer.
For more detailed information about Enhanced Protected Mode in Internet Explorer, see:
This tutorial will show you how to turn Enhanced Protected Mode (EPM) on or off in IE10 and IE11 for your user account in Windows 7 and Windows 8.
Enhanced Protected Mode (EPM) takes this concept further by restricting additional capabilities. EPM is a new security feature in Internet Explorer 10 that was introduced in Windows 8.
In the upcoming Internet Explorer 10 on Windows 7 and Windows Server 2008R2, the only thing that enabling Enhanced Protected Mode does is turn on 64bit Content Processes. But, when running on Windows 8, the EPM option provides even more security by also causing the sandboxed Content Process to run in a new process isolation feature called AppContainer. AppContainer, introduced by Windows 8, offers more fine-grained security permissions and which blocks Write and Read Access to most of the system.
Tabs running in Enhanced Protected Mode on Windows 8 run inside an AppContainer. On Windows 7 and Windows Server 2008 R2, AppContainer does not exist, so EPM only enables 64-bit tabs on a 64-bit OS. (That also means that enabling EPM on a 32bit Windows 7 system doesn’t do anything, because a 32-bit Windows 7 system supports neither 64-bit nor AppContainer).
In Windows 8, Metro-style IE tabs in the Internet and Restricted Zone run in Enhanced Protected mode, while tabs in other zones run in 64-bit only. You cannot disable EPM for Metro-style IE except by turning off Protected Mode entirely.
When EPM was introduced in IE10, AppContainer and 64-bit tabs (EPM) in 64-bit Windows 8 were turned on by default for Internet Explorer in the Windows UI (Metro), but turned off on the desktop IE to run in the Low Integrity Protected Mode with 32-bit tabs. In IE11, AppContainer is turned on now by default in both the Windows UI (Metro) IE11 and desktop IE11, so both environments can share cookies, cache, and other data for a better user experience. EPM is not supported in IE11 Preview on Windows 7.
When Enhanced Protected Mode is enabled, add-ons such as toolbars, browser helper objects (BHOs), and extensions are loaded only if they are compatible with Enhanced Protected Mode. If you have to load an incompatible add-on, you can turn off Enhanced Protected Mode for the desktop browser. This action lets incompatible add-ons load, but it may increase the risk of having malware or other potentially harmful software installed on your computer.
For more detailed information about Enhanced Protected Mode in Internet Explorer, see:
- Enhanced Protected Mode - IEBlog - Site Home - MSDN Blogs
- Understanding Enhanced Protected Mode - IEInternals - Site Home - MSDN Blogs
- Enhanced Protected Mode on desktop IE (Preliminary)
This tutorial will show you how to turn Enhanced Protected Mode (EPM) on or off in IE10 and IE11 for your user account in Windows 7 and Windows 8.
OPTION ONE
Turn On or Off Enhanced Protected Mode for IE10/IE11 in Internet Options
1. Do step 2 or 3 below for how you would like to open Internet Options.
2. Open the Control Panel (icons view) in Windows 7 or Windows 8, click/tap on the Internet Options icon, and go to step 4 below.
3. Open Internet Explorer (for desktop in Windows 8), click/tap on the Tools
button, click/tap on Internet options, and go to step 4 below. (see screenshot below)
4. Do step 5 or 6 below for what you would like to do.
5. To Turn On Enhanced Protected Mode in your IE10 or IE11
A) In the Advanced tab, check the Enable Enhanced Protected Mode box under Security, and go to step 7 below. (see screenshot below step 7)
6. To Turn Off Enhanced Protected Mode in your IE10 or IE11
A) In the Advanced tab, uncheck the Enable Enhanced Protected Mode box under Security, and go to step 7 below. (see screenshot below step 7)
7. Click/tap on OK, and restart the PC to apply.
OPTION TWO
Turn On or Off Enhanced Protected Mode for IE10/IE11 using REG File
1. Do step 2 or 3 below for what you would like to do.
2. To Turn On Enhanced Protected Mode in your IE10 or IE11
A) Click/tap on the Download button below to download the file below, and go to step 4 below.
Turn_On_EPM_for_IE.reg
3. To Turn Off Enhanced Protected Mode in your IE10 or IE11
A) Click/tap on the Download button below to download the file below, and go to step 4 below.
Turn_Off_EPM_for_IE.reg
4. Save the .reg file to your desktop.
5. Double click/tap on the downloaded .reg file to merge it.
6. Click/tap on Run, Yes (UAC), Yes, and OK when prompted to approve the merge.
7. Restart the PC to apply.
8. When finished, you can delete the downloaded .reg file if you like.
That's it,
Shawn
Related Tutorials
- How to Enable 32-bit or 64-bit Internet Explorer 10 (IE10) in Windows 7
- How to Enable 64 Bit Tab Processes for Internet Explorer 10 in Windows 8
- How to Enable 64-bit Processes for Enhanced Protected Mode in Internet Explorer 11 (IE11)
- How to Turn Protected Mode On or Off in Internet Explorer
- How to Turn SmartScreen Filter On or Off in Internet Explorer
- How to Turn Pop-up Blocker On or Off in Internet Explorer
- How to Turn "ActiveX Filtering" On or Off in IE9, IE10, and IE11
- How to Allow or Prevent Websites to Request Your Location in IE9, IE10, and Firefox
Attachments
Last edited by a moderator: