Internet Explorer Loads ActiveX Controls That Have Been DisabledUnder Internet Explorer, ActiveX controls which are regarded as unsafe, undesirable, or incompatible with an environment can be disabled using the so-called “Kill Bit”. Microsoft issues regular updates via Automatic Updates which set the Kill Bit on a specific list of ActiveX controls which have security vulnerabilities, but in some cases it can be necessary to “kill” other controls manually. If you have a script or an automated process which sets the Kill Bit on certain ActiveX controls, those ActiveX controls may still run. This is because there are different locations the Kill Bit needs to be set depending on whether Windows is 32- or 64-bit. For example, the commands to set the Kill Bit on an ActiveX control with a CLSID of {F0E42D50-368C-11D0-AD81-00A0C90DC8D9} should be: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}" /v "Compatibility Flags" /d 1024 /t REG_DWORD /f reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}" /v "Compatibility Flags" /d 1024 /t REG_DWORD /f This ensures the control is blocked no matter the bitness of the operating system. |