I misunderstood this dialog and clicked Always ignore (I was thinking clicking Disable would disable Silverlight, not Enhanced Protected Mode).
I want to allow the dll to run because I think it's Silverlight.
Where can I see which sites are allowed or disallowed? Or, how can I undo my action?
I will answer the question in the title, as I just accidentally disabled Enhanced Protected Mode on a site, and wanted to return to the more locked-down configuration.
The list of sites for which Enhanced Protected Mode has been disabled is stored in HKCU\Software\Microsoft\Internet Explorer\TabProcConfig. The domain is the name, and the value is some kind of DWORD value (in my case, 0x147b). Removing the value re-enabled EPM on the site.
I found only two references to this registry key on the entire Internet. One was Eric Lawrence, the author of Fiddler and a former IE Program Manager (2004-2012), states:
The exception list is not exposed in the UI anywhere, and you can only clear the entire list by using Delete Browser History. How it works under the covers is undocumented, but if you use Process Monitor, you can see how the EPM list is written in the registry. When you exempt a site using the Notification bar, you'll see a write of the domain to a key under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabProcConfig. The value is a DWORD which has various (undocumented) flags about what type of process should be used when loading a site (e.g. its integrity level, and the strictness of its AppContainer).
Open Internet Options in the Control Panel. Go to the Programs tab, select Manage add-ons. Click Silverlight in the list. In the bottom pane, there should be a link called "More information". This brings up a dialog with a list of sites you have allowed and banned the add-on on. Remove the one you accidentally denied from the list, go there and it should ask you again.
I am running IE 10. I did not find a way to modify my list of sites that were allowed/blocked for IE Enhanced Protected Mode in the "Manage Add-ons" settings. However, visiting HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabProcConfig worked for me. Here I found a 32-bit DWORD entry for each website for which I have already made a decision to allow/block Enhanced Protected Mode. The entry's value was either:
I presume no registry entry means IE will prompt the user when a site requests to use an ActiveX control.
Note that the registry values at the above key are for an entire website (e.g. google.com). If there's a way to allow/block Enhanced Protected Mode on a per-page basis for a website, I'm not aware of how to do this.
(I did not see 0x147b observed by taoyue)
0x47b is 1147 decimal, which is probably where that confusion arose.
(0x27b = 635 decimal)
I figured out that the user choice is reset (= the prompt re-appears) after deleting "Cookies and website data" in Internet Options.
It seems to behave like cookies: the UI only allows for a blanket reset, not for a site-by-site one.
Also to note: Despite the prompt in both IE 10 and IE 11 saying that the setting is for the site, the choice is actually set for the top level domain, not the specific web site you are looking at.
