Browsium

Knowledge Base

Ion and Catalyst do not work with Enhanced Protected Mode

Applies To:

Browsium Catalyst prior to version 4.0 and Browsium Ion prior to version 3.7

Summary

Starting with the release of IE10, Microsoft added an additional layer of security called Enhanced Protected Mode. Enhanced Protected Mode is designed to (in Microsoft’s words) “keep your data safe even if an attacker has exploited a vulnerability in the browser or one of its add-ons.” Enhanced Protected Mode was turned off by default in IE10 but turned on by default in IE11 … for a few weeks. In the November 2013 patch Tuesday, the Internet Explorer cumulative security update turned off Enhanced Protected Mode by default for all versions of Internet Explorer because of compatibility issues with a variety of 3rd party browser extensions – including the extensions used by Browsium Ion and Catalyst. Therefore Enhanced Protected Mode must remain off on all systems that run the Browsium Ion or Browsium Catalyst client software.

Details

Enhanced Protected Mode requires all browser extensions to be 64-bit versions. As Browsium Ion and Catalyst use 32-bit extensions, they are automatically disabled when Enhanced Protected Mode is enabled. With the extensions disabled, Browsium Ion and Catalyst will not function.

It is important to note that Browsium Ion and Catalyst function properly on 64-bit versions of Windows, using either the 32-bit versions of IE8 and IE9 or the integrated 32-bit/64-bit versions of IE10 and IE11. But they will not function at all with Enhanced Protected Mode turned on.

Though Enhanced Protected Mode is off by default, Microsoft could change it’s policy with a future Internet Explorer security update or a future Internet Explorer release. Therefore IT pros managing a Browsium Ion or Catalyst deployment should ensure that Enhanced Protected Mode is turned off on all client systems.

To inspect a client system for the Enhanced Protected Mode setting, look in Internet Options / Advanced and ensure that the box is unchecked.

epm-settings

 

Enhanced Protected Mode can be centrally disabled via Group Policy. The steps are as follows:

  1. Open the Group Policy Management Editor
  2. Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer
  3. Change the setting for ‘Turn on Enhanced Protected Mode’ to ‘Disabled’

 

epm-policy

 

 

Posted in: Catalyst Knowledge Base, Ion Knowledge Base

  • Share:  

Request Demo