Enhanced protected mode (EPM) may be enabled on the desktop

As of IE11, enhanced protected mode may be enabled for Internet Explorer for the desktop. Update add-ins, Browser Helper Objects (BHOs), and applications using local HTML resources to support enhanced protected mode. For more info, see Supporting Enhanced Protected Mode (EPM).

Enhanced protected mode (EPM) refers to a collection of security improvements:

  • 64-bit tab processes, which make memory-based security measures more effective.
  • Access restrictions on personal and machine configuration resources.
  • Access restrictions to corporate and other local resources.

EPM effectively creates a sandbox (an isolated environment) between untrusted content and sensitive system data. As a result, malicious behavior is harder to carry out and its impact is reduced.

EPM was introduced for IE10 on Windows 8 and enabled for new Windows 8 experience. This didn't affect many add-ons because add-ons are enabled only for Internet Explorer for the desktop; however, EPM may now enabled for IE on the desktop. Update add-ons accordingly.

To learn more about EPM and how to support it, see:

Note A user can disable enhanced protected mode, however, it's not a good idea. Consumers should be highly skeptical of requests to relax browser security restrictions.

Enhanced protected mode (EPM) may be enabled on the desktop

Supporting enhanced protected mode (EPM)

Granting resource access to AppContainers

Determining integrity level and isolation

Creating and opening securable objects