Ion 3.0 and above.
Disabling Data Execution Prevention (DEP) for Internet Explorer is not recommended, but some legacy web applications may require disabling DEP in order to allow the application to function as expected. Ion v3 offers the ability to control DEP settings at the managed application level to ensure default system security policies remain intact.
Controlling DEP settings for a managed application in Ion v3 is easy. Simply add a Custom Registry setting to an existing Profile using following example:
Open the Custom Registry Manager node for the Profile. This example is using an Adaptive IE Quirks Profile, but DEP can be disabled for any Profile type.
Click ‘Add Custom Registry Entry’ and create an entry for
Hive – Local Machine
Key – “Software\Policies\Microsoft\Internet Explorer\Main”.
Value Name – DEPOff
Type – DWORD
Value – 1
Create a Rule to load this Profile and save the Project file to the local machine.
When Managed Internet Explorer instance starts, in Windows Task Manager, you will see DEP status turn to “Disabled” for the Internet Explorer tab running in Managed Internet Explorer instance.
When viewing process information using Process Explorer (versus Windows Task Manager), DEP status will be displayed as “DEP” (instead of “DEP (Permanent)”) for the Internet Explorer tab running the Profile with DEP disabled.
Some web developers and system admins may notice behavior difference between Internet Explorer versions when disabling DEP. On IE 9 and below, the IE Frame process will have DEP disabled. Whereas on IE 10 and above, the IE Frame process will continue to have DEP enabled and this custom registry setting is only visible to IE tab process.
Posted in: Ion Knowledge Base