Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Enhanced Mitigation Experience Toolkit 2.0 advice sought

17 Jan 2011   #1
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 
Enhanced Mitigation Experience Toolkit 2.0 advice sought

I would be interested in hearing any suggestions/experiences using the Enhanced Mitigation Experience Toolkit.

Which apps should be added to the app list?

I have Win 7 Ultimate and am not running any "legacy" programs of which I am aware,

I'm just getting started using EMET.

The concept of EMET impresses me but I'm interested in real-world, practical experiences with EMET.

thanks, karl


My System SpecsSystem Spec
.

17 Jan 2011   #2
marsmimar

Microsoft Community Contributor Award Recipient

 
 

I had some issues trying to run various browser apps with EMET installed. Shawn has a nice tut as well as some user comments.

Enhanced Mitigation Experience Toolkit (EMET)

http://www.sevenforums.com/1183094-post17.html
My System SpecsSystem Spec
17 Jan 2011   #3
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

marsmimar,
Thanks for the links. I didn't know that Shawn had written a tutorial on it.

Despite all of the reading I've done aqt the MS sites, I still find there are too many unanswered questions from the user's perspective.

I don't use IE so haven't encountered ie9 problems.

Will start adding some apps and see if it complains.

With "system" set to max, so far I've had no problems, although have some peculiar behaviour using JouleMeter from research.microsoft.com but that could very well be due to the "alpha" level of that program.

I like the idea of the joulemeter and it does show the influence of varying monitor brightness on power consumption, although I don't trust the numerical accuracy of the wattage values.

karl
My System SpecsSystem Spec
.


17 Jan 2011   #4
Airbot

Windows 7 Ultimate x64 SP1
 
 

Haven't seen any problems with it since using it, other than having to uncheck EAF (Export Address Table Access Filtering) for Dropbox, as it wouldn't let it run without that unchecked.

Some of the processes I have it configured for atm.

-capture.jpg

Here is a little email I shot off to them a month ago about some questions I had. You could always send them off something just like I did and see if you can get anymore info on it.

Quote:
Hi,

I'm just starting to look into using EMET 2.0.0.3 for myself on my personal Windows 7 x64 system, and I have a couple questions regarding the Configure System settings.

For instance, when choosing the Maximum Security Settings which lists as:

DEP Always On
SEHOP Application Opt Out
ASLR Application Opt In

Why is SEHOP listed as Application Opt Out? Does this mean that no processes will be using it? Should it be set to Opt In to be used by processes?

Also, if choosing one of the Configure System settings, does this apply to all processes and .exe running at any given time? If so, why does it not show any of the running processes marked off under Running EMET on the EMET GUI?

Or does one have to add each process under Configure Apps section also?


Any clarification on this would be appreciated. Thank your for your time.

Regards,
Quote:
Hello Aaron,

Application opt-out means that the application will opt-in always unless it explicitly says it does not want to have this mitigation.
Please note ASLR opt-out is not present as an option by default (please refer to the user guide in order to have that option) since it has some compatibility issues with some programs.

EMET also provides some extra mitigations such as Mandatory ASLR, EAT Filtering ,etc. In order to opt-in applications into these you have to configure them through the GUI. Please refer to section 2.3 at the User guide for detailed steps on how to do this.

Thank you,

-
Fermin J. Serna
MSRC Engineering (REACT)


My System SpecsSystem Spec
17 Jan 2011   #5
Fayla

Windows 7 Professional 64 Bit SP1
 
 

All of the programs I added to the emit list work perfectly, I didn't need to un-check any of the protection options.

On a side note though, I did have to leave hardware dept as 'opt-out' since leaving hardware dept as forced caused my computer lag. Well, opt-out is better than opt-in, at at least now all my apps (cept a few core system processes) use hardware DEP (they didn't before.)

Quote   Quote: Originally Posted by karlsnooks View Post
I would be interested in hearing any suggestions/experiences using the Enhanced Mitigation Experience Toolkit.
My System SpecsSystem Spec
17 Jan 2011   #6
Jaxryley

 
 

Tried it here a while and won't bother using it as I found it be less than beneficial.

Some of the Wilders folks reckon it's OK.
EMET - A new Windows security mitigation toolkit - Wilders Security Forums
My System SpecsSystem Spec
17 Jan 2011   #7
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

Progress report:
Have not been able to "break" emet.

Have not added all apps yet but majority have been added.

Have not had to uncheck any of the components on any of the apps.

Have not tried Belarc or PSI or RevoUninstaller yet.

karl
My System SpecsSystem Spec
17 Jan 2011   #8
Jaxryley

 
 

Quote   Quote: Originally Posted by karlsnooks View Post
Progress report:
Have not been able to "break" emet.
What is emet supposed to protect?

Name:  em.JPG
Views: 11
Size:  19.3 KB

Name:  emet2.JPG
Views: 12
Size:  25.3 KB

Name:  reg.JPG
Views: 11
Size:  25.6 KB

Name:  tm.JPG
Views: 10
Size:  22.9 KB


My System SpecsSystem Spec
17 Jan 2011   #9
marsmimar

Microsoft Community Contributor Award Recipient

 
 

Are you running an anti-malware program called Security Tool or are these pop-ups that suddenly appeared? If these Security Tool notices are pop-ups then Security Tool is probably the malware.
My System SpecsSystem Spec
17 Jan 2011   #10
Jaxryley

 
 

Security Tool is an exe killing rogue security app.

I added Regedit, Task Manager and Notepad to Emet's protection but Security Tool still killed em.

Emet's gui was killed as well.
My System SpecsSystem Spec
Reply

 Enhanced Mitigation Experience Toolkit 2.0 advice sought




Thread Tools





Similar help and support threads
Thread Forum
Enhanced Mitigation Experience Toolkit (EMET)
The Enhanced Mitigation Experience Toolkit(EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author...
Tutorials
New Enhanced Mitigation Experience Toolkit (EMET) 5.1 available
See: http://www.sevenforums.com/tutorials/133386-enhanced-mitigation-experience-toolkit-emet.html
Security News
New Enhanced Mitigation Experience Toolkit (EMET) 5.0
Source: General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0 - MSRC - Site Home - TechNet Blogs See also: http://www.sevenforums.com/tutorials/133386-enhanced-mitigation-experience-toolkit-emet.html
Security News
Announcing Enhanced Mitigation Experience Toolkit (EMET) 5.0 Preview
Source: Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview - MSRC - Site Home - TechNet Blogs Download: Download Enhanced Mitigation Experience Toolkit 5.0 Tech Preview from Official Microsoft Download Center See also:...
Security News
The Enhanced Mitigation Experience Toolkit v4.1
Enhanced Mitigation Experience Toolkit v4.1 (EMET) is out! What is the Enhanced Mitigation Experience Toolkit? Enhanced Mitigation Experience Toolkit v4.1: Download See also: http://www.sevenforums.com/tutorials/133386-enhanced-mitigation-experience-toolkit-emet.html
Security News
How do we use the Enhanced Mitigation Toolbar?
I have installed the tool and set it to maximum security setting. Please see attached image and tell me if I am doing anything wrong :geek:
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:23.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App