ActiveX KillBits
April 10, 2008 – 5:19 AMThe CLSID for an ActiveX control is a GUID for that control. You can prevent an ActiveX control from running in Internet Explorer by setting the kill bit so that the control is never called by Internet Explorer when default settings are used.
The kill bit is a specific value for the Compatibility Flags DWORD value for the ActiveX control in the registry. This is different from revoking the “safe for scripting” option in an ActiveX control. When the “safe for scripting” option is revoked, Internet Explorer still calls for the control and then prompts you with a warning message that the ActiveX control may be unsafe. Depending on the choice you make, the control may be run. However, after the kill bit is set for an ActiveX control, that control is not called by Internet Explorer at all unless the Initialize and script ActiveX controls not marked as safe option is enabled in Internet Explorer. To set the kill bit, follow these steps:
1. Determine the CLSID for the ActiveX control that you want to disable. If you are not sure of the CLSID for the control, contact the manufacturer. If the control is installed, you may be able to determine its CLSID if you know its friendly name. To do this, examine the Default string value for the ProgID key for each of the CLSID keys in HKEY_CLASSES_ROOT\CLSID. You may have to remove as many ActiveX controls as possible, except for the one that you want to disable, to make it easier to identify the appropriate CLSID. For more information about how to remove ActiveX controls, click the following article number to view the article in the Microsoft Knowledge Base:
154850 How to remove an ActiveX control in Windows
2. Use Registry Editor to view the data value of the Compatibility Flags DWORD value of the ActiveX object CLSID in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\CLSID of the ActiveX control
where CLSID of the ActiveX Control is the class identifier of the appropriate ActiveX control.
Notes
- Typically, you will have to manually create this registry key.
- To determine the CLSID that corresponds with the ActiveX control that you want to disable, remove all the ActiveX controls that currently are installed, install the control that you want to disable, and then add the kill bit to its CLSID.
3. Change the value of the Compatibility Flags DWORD value to 0x00000400.
If a killbit is set for an ActiveX control and a new version of an ActiveX control is released with a different CLSID, you can enable Web sites that use the old CLSID to continue to work as intended. You do this by adding the new value at the same level as the Compatibility Flags value in the registry. This value should be a REG_SZ string that is named “AlternateCLSID.” The AlternateCLSID value will appear enclosed in braces. For example, it will resemble the following:
{ABCDEF12-ABCD-ABCD-ABCD-ABCDEF123456}
Internet Explorer will interpret this value and create an instance of the ActiveX control that is referenced in the AlternateCLSID value instead of the one that has received a killbit.
You must be logged in to post a comment.