Microsoft updates IE11 to disable Enhanced Protected Mode by default

Microsoft's monthly "Patch Tuesday" event is happening today, and one of the updates that the company is releasing has been created for Internet Explorer 11 on Windows 8.1. As revealed in a new support page, the update will disable the browser's Enhanced Protected Mode by default.

Previously, the mode was enabled by default in both the desktop and Modern UI versions of IE11 on Windows 8.1 when the OS was released in its public preview build. The support page states, "This was done so that we could receive feedback and data about sites that use add-ons that are incompatible with Enhanced Protected Mode."

However, it appears that having that mode as the default on IE11 has served its purpose. Microsoft stated, "The data we received from our releases let us identify and work site owners and software developers to update their sites to a plug-in-free experience, or to provide new versions of their plug-ins that are compatible with Enhanced Protected Mode."

Microsoft still recommends that IE11 users enable Enhanced Protected Mode if they have any compatible add-ons installed. This can be done by going to the Internet Options menu in the browser, and then clicking on the "Enable Enhanced Protected Mode" setting on the Advanced tab.

Thanks to Zlip792 for the tip!

Source: Microsoft | Image via Microsoft

Report a problem with article
Previous Story

Microsoft expands Office 365 to 17 new markets, adds four new languages

Next Story

Flixster for Windows Phone finally updated to support movie streaming

45 Comments

Commenting is disabled on this article.

The only thing I noticed that doesn't work for me with the update is Yahoo! Games.
Cant figure out how to make it work either =[

It doesn't, but they do use Flash when needed to play sounds (shouldn't be the case in modern browsers). They might also use plugins for video chat.

Avast Online browser protection currently not compatible with Enhanced Protection mode on...(currently off here in order to use Avast Browser Protection

bikeman25 said,
Avast Online browser protection currently not compatible with Enhanced Protection mode on...(currently off here in order to use Avast Browser Protection


you should rather keep EPM enabled, and disable avast browser protection, you will be more protected this way.

also, you should have just kept the default antivirus included in win8.

Yes I realize I should've just kept Default Antivirus now, I may fix that up soon, and fully remove Avast completely.. System Performance a little sluggish with sites, and in Secondlife PC game today.

link8506 said,

the information comes from Microsoft:
https://support.microsoft.com/kb/2907803

maybe does it affect only new users who upgrade from win8.0 starting from today?


Well, that could be possible but my system was originally running Windows 7 which was subsequently upgraded to 8.0 then to 8.1. That could explain it.

I installed the updates on another system I can also confirm that it doesn't get disabled on a clean Windows 8.1 install.

yowanvista said,

Well, that could be possible but my system was originally running Windows 7 which was subsequently upgraded to 8.0 then to 8.1. That could explain it.

I installed the updates on another system I can also confirm that it doesn't get disabled on a clean Windows 8.1 install.

it has been disabled on my system after applying this update.
maybe it's due to the fact that I have 1 extension detected as incompatible.

Hey microsoft, how about you make your own silverlight work with ??? Or just get rid of it altogether ?? Whats that for a crazy idea ?

dopydope said,
Hey microsoft, how about you make your own silverlight work with ??? Or just get rid of it altogether ?? Whats that for a crazy idea ?

Silverlight been disabled is embarrassing indeed.....

Fritzly said,

Silverlight been disabled is embarrassing indeed.....

IE10/11 asks the user if he wants to disable EPM in the current tab to load ActiveX controls that are not compatible with EPM, including Silverlight.

see the last screenshot on this page : http://www.julien-manici.com/b...ns_plugins_activex_disabled

so, Silverlight can still be used without totally disabling EPM.
but I don't expect it to ever be updated to support EPM since it is now deprecated (but supported until 2021)

Fritzly said,

Silverlight been disabled is embarrassing indeed.....


Thank Sinofsky for that one. Killing Silverlight solely for political reasons was probably one of the most selfish and destructive things he did at Microsoft.

Silverlight is a useless piece of crap that should never have existed at the first place.
Flash is enough of a plague ... we dont need browser plugins

BTW, the 0day IE flaw that was fixed today wasn't actually a IE flaw.

it was a flaw in Windows CardSpace. Since this is a deprecated component, MS has just decided to kill the ActiveX control that implements it (the underlying flaw was not fixed, but at least it is no longer exploitable).

one more reason to keep enhanced protected mode enabled, as this kind of legacy component won't run in EPM without user intervention (and won't run in IE Metro no matter what).

GP007 said,
Good thing I don't use plug-ins outside of Flash then. I'd rather just keep this on.

Unfortunately the real problem is not people like us here on Neowin or others alike but the average user who has no idea of what EPM is and how to enable or disable it; such people were just "unknowingly" protected. At least the patch should show a message asking the user if he wants to proceed and disable it. Just my 2 c though.

Those are the exact kind of users who are not informed/caring enough that they need additional protection, like what EPM provides. Disabling it for them is like telling a user who keeps forgetting his or her password that you'll just remove the password so they don't need to worry about it anymore. The solution is not to remove protection to enable laziness and illiteracy.

If it's served it's purpose and 3rd-parties have adapted, why not just leave it as the default?

This change makes no sense.

Athernar said,
If it's served it's purpose and 3rd-parties have adapted, why not just leave it as the default?

This change makes no sense.


I don't get it either.

Athernar said,
If it's served it's purpose and 3rd-parties have adapted, why not just leave it as the default?

This change makes no sense.

Sounds like a huge step backwards

Athernar said,
If it's served it's purpose and 3rd-parties have adapted, why not just leave it as the default?.

Because 3rd-parties haven't adapted. It served the purpose of compiling a list of sites to contact and work with to adapt.

Athernar said,
If it's served it's purpose and 3rd-parties have adapted, why not just leave it as the default?

This change makes no sense.

this change means that there have been more complains from (professional) users than expected.

basically, the only plugin that has been updated to be compatible with enhanced protected mode so far is Flash Player.

even microsoft's own plugins such as Silverlight and office document cache handler haven't been updated.

I guess JAVA users were also unhappy of that change.

read this if you want to learn more about the consequences of Enhanced Protected Mode being on by default (well, not anymore) :

http://www.julien-manici.com/b...ns_plugins_activex_disabled

This is what I am figuring, but the "let us" in Microsoft stated, "The data we received from our releases let us identify and work site owners and software developers to update their sites to a plug-in-free experience, or to provide new versions of their plug-ins that are compatible with Enhanced Protected Mode." means that it is past tense, as in they have worked with the owners, and developers, and they have updated their plugins.

rfirth said,

Because 3rd-parties haven't adapted. It served the purpose of compiling a list of sites to contact and work with to adapt.

That is a horrifically poor method of compiling such a list, and it still makes no sense to revert the change. Your reasoning doesn't add up.

link8506 said,

this change means that there have been more complains from (professional) users than expected.

I understand the impact just fine, it's the reasoning behind making such a change only to revert it I'm disputing.

Athernar said,

I understand the impact just fine, it's the reasoning behind making such a change only to revert it I'm disputing.

pretty sure that it is PR bull****.

I don't think MS planned to disable EPM at some point after the product launch.

obviously they are afraid that enterprises will block IE11 deployment because of the EPM blocking every legacy plugin. I guess they were too optimistic when they decided 6months ago to ship win8.1 with EPM enabled.

at this point they may as well change the IE11 user agent to something more like the one used in previous versions of IE. Because obviously on the short term it will cause a lot of troubles.

link8506 said,

pretty sure that it is PR bull****.

I don't think MS planned to disable EPM at some point after the product launch.

obviously they are afraid that enterprises will block IE11 deployment because of the EPM blocking every legacy plugin. I guess they were too optimistic when they decided 6months ago to ship win8.1 with EPM enabled.

at this point they may as well change the IE11 user agent to something more like the one used in previous versions of IE. Because obviously on the short term it will cause a lot of troubles.

Enterprises will block IE11 deployment regardless of EPM. That explanation doesn't fit either.

The point about the user agent compounds the issue too. Arguably a far more impactful change at that too.

Athernar said,

Enterprises will block IE11 deployment regardless of EPM. That explanation doesn't fit either.

the EPM is supported only on windows 8.1.
it didn't affect IE11 on win7.

that move will just prevent professional users (in small businesses without sysadmins) from losing compatibility with some BHO or ActiveX control after upgrading from win8 to win8.1. I guess Microsoft's technical support received lots of complains from users who didn't know about EPM and how to disable it.

Off tangent a bit, but geez, if Microsoft sells their consumer business, we'll be seeing more news like this, or "Office 365 rolls out to more markets". What a snooze fest.

ZipZapRap said,
Off tangent a bit, but geez, if Microsoft sells their consumer business, we'll be seeing more news like this, or "Office 365 rolls out to more markets". What a snooze fest.

true, but think of the other headlines..
"Microsoft subsidiary, MDOT, releases awesome consumer only product for exactly what only consumers want without an enterprise plan in the long term."

What IE level does that emulate these days? Back in IE8 and 9, this emulated IE7 if I remember correctly. Does it still emulate IE7 in IE11 compat mode?

WAR-DOG said,
I wish they would disable intranet compatibility mode by default, this is simply ridiculous.

How is it ridiculous?

WAR-DOG said,
I wish they would disable intranet compatibility mode by default, this is simply ridiculous.

actually, with the new user agent in IE11, it's a good thing the intranet mode is still enabled by default, otherwise a lot of intranet apps requiring IE will break.

Not only that, but it allows for relaxed security in your corporate environment like pass your windows credentials for authentication automatically as the most common example. Little things that make a huge difference to the end user.