In Windows 8, with Internet Explorer 10, Microsoft has further hardened and enhanced the Protected Mode, by introducing additional restrictions. Metro-style Internet Explorer will run with Enhanced Protected Mode enabled at all times.

Enhanced Protected Mode

Enhanced Protected Mode restricts Internet Explorer access to locations that contain your personal information until you grant permission to it. This helps prevent any exploits code from accessing your personal information without your permission. Let us see what Enhanced Protection Mode or EPM does.

Protects personal files

Consider Web-based email. If you want to attach a file from your Documents folder to the email, then Internet Explorer needs permission to access the file and upload it to your email provider. With Enhanced Protected Mode, a “broker process” will grant Internet Explorer temporary access to the file only if you actually click on “Open” on the file upload dialog. Brokering is done automatically after you choose to open a file. This is like providing a single safe deposit box to Internet Explorer when requested, instead of giving access to the entire safe all of the time.

Restricts access to corporate network resources

Enhanced Protected Mode restricts an exploit’s ability to access corporate network resources in three ways. First, Internet tab processes, which is where untrusted Internet pages load, do not have access to a user’s domain credentials. Second, they cannot operate as local webservers, which makes it more difficult to impersonate an Intranet site. Third, Internet tabs cannot make connections to intranet servers

64-bit processes

IE10 introduces 64-bit processes. Due to 64-bit memory addresses, protection features become more effective than on 32-bit ones, making attacks like the heap spray attacks, which are used by attackers to plant malicious code at predictable locations, become much more difficult. Metro-style Internet Explorer always runs with Enhanced Protected Mode enabled. You will have to enable it for IE desktop version.

Enable Enhanced Protected Mode in IE Desktop Version

To do so, open Internet Options and under the Advanced tab, browse down to Security. Here check the Enable Enhanced Protected Mode option. Click Apply/OK.

Once you enable Enhanced Protected Mode, incompatible add-ons will be automatically disabled. Moreover, when this option is enabled, all Content Processes that are running in Protected Mode (e.g. Internet Zone and Restricted Zone, by default) will begin to use 64bit Content Processes. If you visit a website that requires a particular add-on, you will see a message. If you trust the website, you can disable EPM, so that the site can run the control or plugin. So till such a time that all or most plugins are made to run in EPM, you may find the browsing experience, when EPM is enabled, being constrained.