BHO restrictions in Internet Explorer may cause it to misbehave when accessing Internet websites

Browser Helper Objects (BHOs) are add-ons in Internet Explorer that extend the functionality of IE. Many custom BHOs are written in .NET but what these BHOs are allowed to do is determined by the Zone in which they run.

 

If you access an Intranet site (Intranet Zone) then your BHO has a medium level trust but if you access an Internet site (Internet Zone) then it has a Low level of trust. If your BHO is writing to say some log file, then it is very possible that the File.Open() call will fail due to these restrictions. If you find IE is misbehaving (kept crashing in my case) whenever you access an Internet website, then read on. (Note I discovered this issue on a Windows 8.1 + IE 11 Surface Pro 3, but have not tried it on an older OS).

 

As it turns out, besides the usual NTFS permissions, all files and folders also have an 'integrity' level, which is 'Medium' by default. You can use the handy icacls command to find information about your integrity level:

icacls "c:\\Log"

You can look for the presence of this in the displayed output:

 Mandatory Label\Low Mandatory Level:(OI)(CI)(NW)

The default is Medium if the above is not displayed.

 

So what do you do if you need write access in the Internet Zone (low trust)? Issue the icacls command as follows:

icacls "c:\Log" /T /setintegritylevel (OI)(CI)L​

 

This will allow BHOs in the Internet Zone to Write to the c:\Log folder. The Zone restrictions are meant to prevent malicious code from unauthorized access to your files and folders so be carefull with this command and only give access to a specific folder.