locked
regsvr32 of IE11 dll's to resolve latency issue RRS feed

  • Question

  • One of our Desktop Engineers is running "regsvr32 *.dll /s" on eighty three DLL's that are related to Internet Explorer (IE11). I can post the list if necessary.

    My question is: will reregistering the DLL's with regsvr32 weaken the security of IE11 by "undoing" any security fixes that have been put in place with a Microsoft Update?

    There is also some concern that registering these DLL's could undo some security settings put in place by Group Policy but I suspect all GPO settings would be put back in place when Group Policy is refreshed.

    If you could comment on the security aspect of registering DLL's that is what I am looking for. Many thanks.


    • Edited by Paratus Monday, November 7, 2016 5:22 PM typo on a word
    Monday, November 7, 2016 5:21 PM

All replies

  • Hi,

    To troubleshoot latency issues devs and ops can use the Networking tab of the dev tool or a third-party network sniffer like wireshank or fiddler.(highly recommend fiddler.... telerik.com/fiddler)... When testing with the dev tool and comparing the performance with other web browser dev tools, make sure that their respective dev tools are configured to 'always refresh from the server'....or clear the cache and cookies between test cycles.

    The first step in troubleshooting web browser issues is to test in noAddons mode or inPrivate Mode (by default InPrivate mode runs with Addons disabled(not loaded)).... other browsers may have the same Addon overheads built-in natively to their browsers.

    Use the Tools>Manage Addons menu to determine any latency overheads from the loading of COM dlls.(Addons may also affect the rendering and load speed of web pages, which is not separated from the web page's performance statistics listed on the Network tab of dev tools.

    A common 'in the wild' performance overhead is legacy third-party media frameworks (flash.js) that use the incorrect feature testing for browser ActiveX support (v Plugins) or IE 10/11's ActiveX filtering feature testing (ActiveX control is deperciated in IE11)

    DLL's can host ActiveX controls for MSIE browsers using Protected Mode, that may have already been 'blocked' by GPO settings (Allowed ActiveX controls).... the IE security updates for kill bits are not affected by regsvr32..(except for outofdate Shockwave Flash)..

    The danger is that a manual dll registration, may re-establish a CLSID pointing to an out of date activeX control that has known security exploints....

    By default users can re-establish any broken COM CLSID's by running IEReset (Advanced tab, of Internet Options)....

    GPO flush and init, does not do any version testing... it only looks at the CLSID's. There are keys in the registry that does list the versions of know out of date COM dlls by version number and CLSID's.

    By default in Protected Mode, Intranet domains allow legacy 32bit ActiveX controls,signed or unsigned.. By default(in PM) Internet domains are allowed to use signed 64bit ActiveX controls, but users can over-ride the default by site to allow signed 32bit controls to run...

    Public websites that continue to use 32bit AX are chemaxon.com, designstacks.net and others. IF yours is a public facing website, and you need to continue to publish using 32bit ActiveX controls, email mailto:iepo@microsoft.com to ask to have your site/domain placed in the MS Compatibility View List (see about:compat in IE11 or Edge).

    If your company has an ongoing need to re-register IE core dlls or third-party or inhouse ActiveX controls, then probably your existing security suite is the cause? (SpyBot Search and Destroy? Nortons version?) or a third-party registry cleaner.... Legacy (XP/Vista era) security products and registry cleaners are no longer applicable to Win7 and higher.....

    Well behaved software installs will self-clear their registry entries when they are romoved/uninstalled using the Add/Remove Programs control panel....(one exception is the chromium group of browsers)

    If you are experiencing browser highjacking (a non ms browser takes of the file associations in the registry (for htm(l) suffixes, jpg and svg files), then you need to

    first: disable its Default Browser settings (chrome://settings > Default web browser). Then open IE and set it as the default browser... Internet Options>Programs tab, set IE as the default....

    second: uninstall the current version of the non MSIE browser you have using the add/remove programs control panel.

    third: download the enterprise or standalone version supplied by the browser vendor.

    https://enterprise.google.com/chrome/chrome-browser/index.html?utm_source=bing <spit>

    To obtain the CLSID's of your installed COM addons and ActiveX controls

    Tools>Manage Addons>Show All Addons... double-click on an item in the list to display its properties page, which will list all the relavant details. (version, bitness, CLSID, vendor )

    regards.

    Questions regarding Internet Explorer 8, 9 and 10 and Internet Explorer 11 for the IT Pro Audience. Topics covered are: Installation, Deployment, Configuration, Security, Group Policy, Management questions. If you are a consumer looking for answers or to raise a question, it's highly recommended you head on over to http://answers.microsoft.com/en-us


    Rob^_^

    If your latency issue involves a legacy document running in IE7 emulation (or compatibility view) and your web page contains a <table> element..... add a html5 dtd and switch the Emulation Mode to IE8 or higher using x-ua header or your Enterprise Mode Site list.

    Post questions about html, css and scripting for website development to

    http://stackoverflow.com/questions/tagged/internet-explorer




    • Proposed as answer by Tony_Tao Tuesday, November 8, 2016 9:01 AM
    • Edited by 网游 - wang'you Wednesday, November 9, 2016 5:56 AM
    Tuesday, November 8, 2016 1:18 AM
  • Thanks, Tony_Tao for your very informative answer. We may explore some of the troubleshooting steps you suggest.

    Does re-registering the DLL's jeopardize the security of the IE11 browser?

    thanks

    Tuesday, November 8, 2016 1:29 PM