Hi everyone!

Shahinur again, with an IE8 topic this time…

If you have been using IE7, you are probably used to all your tabs opening under the same iexplore.exe process. The only exception is if you are on a Windows Vista machine and you are moving from Protected to Unprotected mode.

Internet Explorer 8 had a big makeover in this area. You will now notice that new tabs typically open in a new process.  By default,  IE8 will start with two instances of iexplore.exe (one for the Frame, one for the tab) and grows the number of tab processes as needed based on the amount of available RAM, the number of tabs, the integrity levels for tabs, and the number of distinct IE sessions .

You do have control over this new design through a registry key:

HKCU\Software\Microsoft\Internet Explorer\Main - TabProcGrowth (string or dword)

Tab Process Growth : Sets the rate at which IE creates New Tab processes.  There are two algorithms used by Internet Explorer.

1. Context-based: By default, the context-based algorithm is used and the curve is chosen based on the amount of physical memory on the machine. In addition, the TabProcGrowth string registry value may be manually forced to:

  • small: Maximum 5 tab processes in a logon session, requires 15 tabs to get the 3rd tab process.
  • medium: Maximum 9 tab processes in a logon session, requires 17 tabs to get the 5th tab process.
  • large: Maximum 16 tab processes in a logon session, requires 21 tabs to get the 9th tab process.

2. The "Max-Number" algorithm: This specifies the maximum number of tab processes that may be executed for a single isolation session for a single frame process at a specific mandatory integrity level (MIC). Relative values are:

  • TabProcGrowth=0 : tabs and frames run within the same process; frames are not unified across MIC levels.
  • TabProcGrowth =1: all tabs for a given frame process run in a single tab process for a given MIC level.

Note: On Terminal Server, the default value is the integer of 1.

  • TabProcGrowth >1: multiple tab processes will be used to execute the tabs at a given MIC level for a single frame process. In general, new processes are created until the TabProcGrowth number is met, and then tabs are load balanced across the tab processes.

Note: that the frame process is no longer allowed to execute at low-MIC. If this is attempted, the process will exit.

You may select the Max-Number algorithm by specifying the registry value as an integer. The registry value may be a string value containing an integer (eg, "5") or a DWORD value containing an integer (eg, 5).

In general, you have to restart IE to use a different TPG value.

The above changes in design are a result of our new Loosely Coupled IE (LCIE) framework. LCIE separates the frame and tab code to the point they can be run in different processes. You can read more about it in the following blog.

The most obvious value of doing this is to increase reliability of IE; that is, even if a tab (process) crashes, IE (the frame) survives, along with any tabs that were in other tab processes. The second benefit of frame/tab separation is to enhance the Low Rights IE (protected mode) experience and security. Because tabs run in other processes, we can "unify the low and medium IL" frames into a single frame. As a result, we no longer have to open new frame windows to move from protected to unprotected mode. Further, infection of a given tab process is more isolated from the frame and other tab processes.

That’s all for now!

Thank you,

The IE Support Team