Enhanced protected mode (EPM) may be enabled on the desktop
As of IE11, enhanced protected mode may be enabled for Internet Explorer for the desktop. Update add-ins, Browser Helper Objects (BHOs), and applications using local HTML resources to support enhanced protected mode. For more info, see Supporting Enhanced Protected Mode (EPM).
Enhanced protected mode (EPM) refers to a collection of security improvements:
- 64-bit tab processes, which make memory-based security measures more effective.
- Access restrictions on personal and machine configuration resources.
- Access restrictions to corporate and other local resources.
EPM effectively creates a sandbox (an isolated environment) between untrusted content and sensitive system data. As a result, malicious behavior is harder to carry out and its impact is reduced.
EPM was introduced for IE10 on Windows 8 and enabled for new Windows 8 experience. This didn't affect many add-ons because add-ons are enabled only for Internet Explorer for the desktop; however, EPM may now enabled for IE on the desktop. Update add-ons accordingly.
To learn more about EPM and how to support it, see:
- IE DevTeam blog: Introducing enhanced protected mode
- IEInternals blog: Understanding enhanced protected mode
- IEInternals blog: Enhanced protected mode and local files
Note A user can disable enhanced protected mode, however, it's not a good idea. Consumers should be highly skeptical of requests to relax browser security restrictions.
- Enhanced protected mode (EPM) may be enabled on the desktop
- Supporting enhanced protected mode (EPM)
- Granting resource access to AppContainers
- Determining integrity level and isolation
- Creating and opening securable objects