Using a web browser exposes you to special security risks; by clicking a link in an e-mail or mistyping a web address, you can find yourself on a site containing hostile script or downloadable code intended to take over your system . To mitigate these threats, Internet Explorer runs in Protected Mode . This special mode, which is active in all Internet Explorer security zones except the Trusted Sites zone, takes advantage of a wide range of security-related features, notably User Account Control (UAC). When Protected Mode is enabled (the default setting), Internet Explorer runs with severely limited privileges . These restrictions prevent a website from installing programs without your permission or changing system settings .
In Windows 7, processes run with integrity levels defined by the Mandatory Integrity Control feature. Protected Mode Internet Explorer runs in the Low privilege process . As a result, Internet Explorer is prevented from writing to areas of the file system or the registry that require a higher privilege. The information sent between processes of different integrity levels is also limited with Protected Mode. Add-ons such as ActiveX controls and toolbars run in the same Low process, preventing them from gaining access to any areas except those specifically created for storing potentially unsafe data and programs .
Behind the scenes, Windows creates a set of folders and files for use with Protected Mode Internet Explorer. These folders and files share the same Low privilege level as Internet Explorer. Windows also creates virtual folders to store files that Internet Explorer tries to save in protected locations . Instead of causing an add-on to fail when it tries to write a data file to the Program Files or Windows folders, Windows silently redirects the file write operation to a virtual equivalent. The program is able to continue, believing that it wrote the files to a system location and not realizing that the data files actually wound up in a hidden virtualized folder that mirrors the actual path and is stored under the Temporary Internet Files folder. Likewise, any attempt to write to the registry is redirected to a Low-integrity area of the registry
When Internet Explorer needs to read those virtualized files, a broker process intercepts the operation and asks for your consent before continuing. This represents an important concept of Protected Mode: whenever any action requires a higher privilege level, such as an ActiveX installation or an attempt to save a file, a broker process must be invoked.
On rare occasions, Protected Mode can prevent an application or website from working properly. If all attempts to work around the incompatibility fail, you can disable Protected Mode for the current zone. We recommend against taking this measure; if you must do so, we recommend that you re-enable Protected Mode immediately after you finish the activity that conflicts with it. Follow these steps to disable Protected Mode for the current zone:
1. From within Internet Explorer, click Tools, and then click Internet Options.
2. Click the Security tab, and clear the Enable Protected Mode check box.
3. Click OK to continue, and close the Internet Options dialog box. Windows displays a warning that the current security settings will put your computer at risk. Click OK to continue.
When Protected Mode is off, navigating to any webpage displays a warning message in the Information bar:
0 Protected mode is currently turned off for the Internet zone. Click here to open security settings. X
To re-enable Protected Mode, click the Information bar and click Open Security Settings. Select the Enable Protected Mode check box, click OK, and then close and reopen Internet Explorer
Another method for working around Protected Mode for a specific website is to add the website to the Trusted Sites zone, where Protected Mode is not in effect. We recommend that you exercise caution before choosing this technique, however; adding a site to the Trusted Sites zone enables a wide range of potentially risky behaviors, and it's easy to forget to remove the site from the Trusted Sites zone after you finish working with it.
Was this article helpful?