How to stop an ActiveX control from running in Internet Explorer (240797)

MORE INFORMATION

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Warning Microsoft does not recommend unkilling (undoing the kill action on) an ActiveX control. If you do so, you may create security vulnerabilities. The kill bit is typically set for a reason that may be critical, and because of this, extreme care must be used when you unkill an ActiveX control. Also, because the following procedure is highly technical, do not continue unless you a very comfortable with the procedure and you it is a good idea to read the whole procedure before you start.

The CLSID for an ActiveX control is a GUID for that control. You can prevent an ActiveX control from running in Internet Explorer by setting the kill bit so that the control is never called by Internet Explorer when default settings are used.

The kill bit is a specific value for the Compatibility Flags DWORD value for the ActiveX control in the registry. This is different from revoking the "safe for scripting" option in an ActiveX control. When the "safe for scripting" option is revoked, Internet Explorer still calls for the control and then prompts you with a warning message that the ActiveX control may be unsafe. Depending on the choice you make, the control may be run. However, after the kill bit is set for an ActiveX control, that control is not called by Internet Explorer at all unless the Initialize and script ActiveX controls not marked as safe option is enabled in Internet Explorer. To set the kill bit, follow these steps:

1. Determine the CLSID for the ActiveX control that you want to disable. If you are not sure of the CLSID for the control, contact the manufacturer. If the control is installed, you may be able to determine its CLSID if you know its friendly name. To do this, examine the Default string value for the ProgID key for each of the CLSID keys in HKEY_CLASSES_ROOT\CLSID. You may have to remove as many ActiveX controls as possible, except for the one that you want to disable, to make it easier to identify the appropriate CLSID. For more information about how to remove ActiveX controls, click the following article number to view the article in the Microsoft Knowledge Base:

   154850 How to remove an ActiveX control in Windows

2. Use Registry Editor to view the data value of the Compatibility Flags DWORD value of the ActiveX object CLSID in the following registry key

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\CLSID of the ActiveX control

   where CLSID of the ActiveX Control is the class identifier of the appropriate ActiveX control.
   
   Notes
   • Typically, you will have to manually create this registry key.
   • To determine the CLSID that corresponds with the ActiveX control that you want to disable, remove all the ActiveX controls that currently are installed, install the control that you want to disable, and then add the kill bit to its CLSID.
3. Change the value of the Compatibility Flags DWORD value to 0x00000400.

ActiveX control developers can use the TreatAs or AlternateCLSID registry values with the "kill bit" to have Internet Explorer check to see if an updated ActiveX control has been provided for use instead of a disabled ActiveX control. For information about how to use the TreatAs value, visit the following Microsoft Web site: To set the AlternateCLSID value, follow these steps:

1. Use Registry Editor to locate the disabled ActiveX object CLSID in the following registry key:

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\CLSID of the ActiveX control

   Where CLSID of the ActiveX Control is the class identifier of the appropriate ActiveX control.
   
   You can see the value of the Compatibility Flags is set to DWORD 00000400.
2. Add an AlternateCLSID string value to the CLSID key.
3. Set the data of the AlternateCLSID string value to {CLSID of the alternate ActiveX control}, where {CLSID of the ActiveX Control} is the class identifier of the updated ActiveX control.

The AlternateCLSID value instructs Internet Explorer to redirect to the CLSID for the updated ActiveX control. You can chain redirects up to ten levels deep.

The AlternateCLSID value is supported on the following versions of Internet Explorer.

• Internet Explorer 5.01 Service Pack 2 or later for Windows 2000 with MS03-004 or later
• Internet Explorer 5.5 Service Pack 2 with MS02-068 or later
• Internet Explorer 6 Service Pack 1
• Internet Explorer 6 for Windows XP with MS02-068 or later
• Internet Explorer 6 for Windows Server 2003

Note Versions of Internet Explorer that are not listed in this article are either in the extended phase of the product life cycle or are no longer supported. Although you can set the kill bit on these versions of Windows and of Internet Explorer, Microsoft recommends that you also upgrade to a supported version of Internet Explorer and apply all appropriate updates. For more information about how to determine the version of Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base: