Enhanced Protected Mode on desktop IE

Update your browser extensions to be compatible with Enhanced Protected Mode (EPM) for Internet Explorer 11 on the desktop.

What is EPM?

Enhanced Protected Mode (EPM) adds additional security to Protected Mode and includes AppContainer and 64-bit tabs. Internet Explorer in the new Windows UI runs in AppContainer, but AppContainer is also an available option on Internet Explorer for the desktop. AppContainer prevents pages from reading or writing to the rest of the operating system. You can also use 64-bit tabs on the desktop (on 64-bit computers). Running 64-bit tabs increases security on the desktop because 64-bit processes offer better protection against attacks that try to damage memory safety.

Better security and user experience

When AppContainer is enabled for Internet Explorer for the desktop, both Internet Explorer environments can share cookies, cache, and other data for a better user experience. Browser Helper Objects (BHO) or toolbars load when the browser starts. With AppContainer is turned on, IE11 checks the add-on registration for an AppContainer compatible flag. If it's present, the BHO or toolbar loads and runs. If it isn't present, the BHO or toolbar is blocked, and the user is notified of the EPM incompatibility. When a webpage loads an ActiveX control, the CLSID registration for the control is checked for an AppContainer compatible flag. If the flag isn't present, the user is notified that the control isn't compatible. If the user trusts the site, they can click a button to turn off EPM for the current site.

Updating browser extensions for EPM compatibility

Browser extensions (like helper objects, add ons, and ActiveX controls) will require some changes to ensure that they work correctly under EPM. When EPM is enabled, only extensions registered as AppContainer compatible load automatically. To ensure your extension loads, it's best to compile as both 32-bit and 64-bit, and to test the extension on a computer that has EPM enabled. If your extension works correctly, add code to your setup that registers your extension. For more info on registering your extension, see Understanding Enhanced Protected Mode.

Registering your extension as AppContainer compatible doesn't disable the security features, it only allows it to load and run. If your extension tries to access securable objects outside the AppContainer, it's blocked which can impact the extension's functionality. It's best to make sure it works correctly when running with EPM.

Supporting AppContainer and 64-bit tabs gives your users a higher level of security and a better browsing experience overall.

Related topics

Enhanced Protected Mode
Enhanced Protected Mode and Local Files
Understanding Enhanced Protected Mode

 

 

Show:
© 2014 Microsoft. All rights reserved.