none
Testing Out-of-date ActiveX Control Blocking in IE

    Question

  • Trying to test Out-of-date ActiveX blocking on test domain before go live on Sept 9th. I installed August cumulative update on couple test Win 2008R2 and Win 7 machine. I see the IE Administrative template group policy editor, I enabled logging in Group Policy. Followed the instructions below to test it. I created AuditMode folder  in %LOCALAPPDATA%\Microsoft\Internet Explorer\ cause it didn't exist.

    I don't see the notification bar in internet Explorer when I browse a site that uses java and nothing get logged. What am I doing wrong?

    Testing the out-of-date ActiveX controls feature

    If your organization has a dependency on an outdated version of Java, you can run the following test to mirror the end-user experience on September 9, 2014.
    1. On a test computer, install the August cumulative update
    2. Set a registry key to stop downloading updated versions of the VersionList.xml file. To do this, run the following command: 
      reg add "HKCU\Software\Microsoft\Internet Explorer\VersionManager" /v DownloadVersionList /t REG_DWORD /d 0 /f
      Important After testing is complete, you must delete this registry key. Otherwise, this computer will stop receiving an updated VersionList.xml file that lists the out-of-date ActiveX controls. We do not recommend ever setting this registry key on an in-production computer. 
    3. Copy the current VersionList.xml file from
          versionlist.xml    
      to the following location: 
      %LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\versionlist.xml
      Note If you are asked to overwrite the existing file, you should agree. 
    4. To start blocking outdated versions of Java, open the VersionList.xml file, and then delete the first occurrence of latestgroup="1" (that is, the portion in bold type that follows):

      < groupentries>
      < groupentry groupname="Java(TM)" latestgroup="1"/>
      < /groupentries>   
    5. Restart Internet Explorer. You should see that websites that try to load outdated Java ActiveX controls will now display the out-of-date ActiveX control blocking notification.
    Friday, August 29, 2014 4:56 PM

All replies

  • Check my blog: http://blogs.msdn.com/b/askie/archive/2014/08/14/how-do-i-test-the-testing-the-out-of-date-activex-controls-feature.aspx

    Here are the key items to check for:

      • Install the August IE Cumulative update Ms14-051
      • Implement the following GPO and Registry settings:
      • reg add "HKCU\Software\Microsoft\Internet Explorer\VersionManager" /v DownloadVersionList /t REG_DWORD /d 0 /f
      • Download the Versionlist.xml from https://iecvlist.microsoft.com/ie11blocklist/1401746408/versionlist.xml
      • Edit the downloaded version list xml by setting the latestgroup to 0 from 1

      <groupentries>

      <groupentry latestgroup="0" fwdlink="https://go.microsoft.com/fwlink/?LinkID=401352" groupname="Java(TM)"/>

      <groupentry latestgroup="0" fwdlink="http://" groupname="Java(TM) 1.4.2_43"/>

      <groupentry latestgroup="0" fwdlink="http://" groupname="Java(TM) 1.5.0_71"/>

      <groupentry latestgroup="0" fwdlink="http://" groupname="Java(TM) 1.6.0_81"/>

      <groupentry latestgroup="0" fwdlink="http://" groupname="Java(TM) 1.7.0_65"/>

      <groupentry latestgroup="0" fwdlink="http://" groupname="Java(TM) 1.8.0_11"/>

      </groupentries>

      • Save the changes and copy the versionlist.xml to the user profile: %LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\
      • Enabled the “Turn on ActiveX logging in Internet Explorer” GPO.

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext]

      "AuditModeEnabled"=dword:00000001

      • Sites you can test with:
       
    • http://www.nvidia.com/download/scan.aspx?lang=en-us
    • http://javatester.org/version.html

    Now, open the %LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\AuditMode folder and review the VersionAuditLog.CSV file. You should see the Audit items listed.

    Sunday, August 31, 2014 6:25 PM
  •  I followed your instructions. Everything looks fine but I still don't see the notification bar and not in VersionAuditLog.CSV file. I still don't know what I am doing wrong.
    Tuesday, September 02, 2014 3:44 PM
  • Yes, I edited the versionlist.XML by changing the latestgroup = "0". I can see the VersioinAuditlog.CSV in %LOCALAPPDATA%\Microsoft\Internet Explorer\AuditMode  but nothing gets written to it when I go to java tester   site
    • Edited by kojeiwa Wednesday, September 03, 2014 3:21 PM
    Wednesday, September 03, 2014 3:21 PM
  • Hi,

    Any update here?

    For the out-of-date ActiveX control blocking, you may have interests in the below blog:

    Internet Explorer begins blocking out-of-date ActiveX controls

    As of September 9, 2014, this feature will provide users with notifications when Web pages try to load the following versions of Java ActiveX controls:

    • J2SE 1.4, everything below (but not including) update 43
    • J2SE 5.0, everything below (but not including) update 71
    • Java SE 6, everything below (but not including) update 81
    • Java SE 7, everything below (but not including) update 65
    • Java SE 8, everything below (but not including) update 11

    Please kindly check the steps and the requirements for the other parts again and see how it works this time.

    Best regards


    Michael Shao
    TechNet Community Support

    Tuesday, September 09, 2014 3:07 AM
    Moderator