Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Enhanced Mitigation Experience Toolkit (EMET)

01 Aug 2014   #60
Brink
Microsoft MVP

64-bit Windows 10 Pro
 
 

Thank you Loki. Tutorial updated.


My System SpecsSystem Spec
17 Aug 2014   #61
Tookeri

Windows 7 Pro 32
 
 

EMET 5.0 has some major changes and was not as easy as previous versions to configure. Many apps crashed. I spent a lot of time testing and reading about problems with it. Here's what's good to know:

  • The setting Deep Hooks under Configuration of Apps, has due to compatibility issues always been disabled by default in previous EMET versions. Now it's on by default, but that doesn't mean it'll work on every system
  • EAF isn't compatible with some programs
  • Crashes that don't give alerts from EMET might be caused by the mitigation StackPivot. It's been modified in 5.0, so it might not be compatible for some programs anymore
  • New mitigation ASR blocks certain plug-ins from being loaded, sometimes with exceptions from defined Internet Zones (Trusted Sites, Local Intranet)
  • New mitigation EAF+ blocks some memory read operations commonly used as information leaks
ASR and EAF+ are advanced settings that come predefined for some MS applications when importing settings for the Recommended Software or Popular Software list. There's a bug that if you disable and re-enable any of these two new mitigations, the settings for it is deleted.
My System SpecsSystem Spec
19 Aug 2014   #62
chrysalis

windows 8.1 Pro x64
 
 

Is EMET 4.1 still considered good enough?

With 4.1 I found the ROP protections crash firefox randomly. Also the game 'godus' had issues with EMET and I had to whitelist it (no idea if dev's ever made it compatible as is a game still in development). Apart from that tho seems fine with all my other apps.
My System SpecsSystem Spec
19 Aug 2014   #63
Brink
Microsoft MVP

64-bit Windows 10 Pro
 
 

Hello Chrysalis,

It would be recommended to update to the latest EMET 5.0 version. You can install it on top of any previous version to update.

I only left EMET 4.1 Update 1 listed since it's the last version that officially supports XP.
My System SpecsSystem Spec
.

19 Aug 2014   #64
Tookeri

Windows 7 Pro 32
 
 

Quote   Quote: Originally Posted by chrysalis View Post
Is EMET 4.1 still considered good enough?
Not if you want the best protection. The EMET bypasses reports lately was for 4.1 and to some extent v5 preview:
http://www.offensive-security.com/vu...-toolkit-emet/
Quote   Quote: Originally Posted by Brink View Post
You can install it on top of any previous version to update.
True if you use a fairly recent version. If older than version 3 follow the instructions in the User Guide.
My System SpecsSystem Spec
10 Nov 2014   #65
Brink
Microsoft MVP

64-bit Windows 10 Pro
 
 

EMET 5.1 released. See first post for more details.
My System SpecsSystem Spec
10 Nov 2014   #66
Tookeri

Windows 7 Pro 32
 
 

I've been testing 5.1 and I like it. I can enable more mitigations than in 5.0, mostly StackPivot.

Good to know:
I had lots of problems with 5.0 and I've now learned that EMET itself is not necessarily the reason for these problems(crashes). It's very likely that another security product is causing conflicts. In my case it was the HIPS functionality in my AV software. With that disabled, or at least the dll injection/monitoring part of the HIPS, I wouldn't have had to disable ANY mitigation for the "Popular Software" import XML file in EMET 5.1
My System SpecsSystem Spec
14 Nov 2014   #67
Tookeri

Windows 7 Pro 32
 
 

Latest Patch Tuesday(Windows Updates - November) might cause incompatibility issues with EMET 5.0

If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation. Alternatively, you can temporarily disable EAF+ on EMET 5.0. Details on how to disable the EAF+ mitigation are available in the User Guide. In general we recommend upgrading to the latest version of EMET to benefit from all the enhancements.
My System SpecsSystem Spec
17 Nov 2014   #68
chrysalis

windows 8.1 Pro x64
 
 

Does anyone have a app list for emet 5.1 and what to exclude firefox etc? I am on still on 4.1 but I guess thats getting dated now security wise.
My System SpecsSystem Spec
18 Nov 2014   #69
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
App List for EMET

Quote   Quote: Originally Posted by chrysalis View Post
Does anyone have a app list for emet 5.1 and what to exclude firefox etc? I am on still on 4.1 but I guess thats getting dated now security wise.
As far as I know you just open the EMET GUI and choose "Import" and then select the .xml file that you want to import. Right click on each .xml file and open with your text editor to see what's in it.

I really don't think that you should exclude Firefox or any other browser.

Just add any of the following:

* Any/all web browsers installed on your computer (Internet Explorer, Firefox, Chrome, Opera)
* Entire MS Office suite (Access, Excel, Outlook, PowerPoint, Word)
* Sun (now Oracle) Java
* Any media player (Windows Media Player, VLC, iTunes, RealPlayer, QuickTime, Winamp)
* Any software that waits and listens for a network connection
* Any application that can be automatically invoked by browsing the internet
* Any Adobe product that you see frequently listed within Adobe's Security bulletins and advisories.

You will need to know what software you have installed and what to add. There's no all inclusive list of all available software and anyway you only want to load it with apps that you actually use.
My System SpecsSystem Spec
Comment

 Enhanced Mitigation Experience Toolkit (EMET)




Tutorial Tools




Similar help and support threads
Windows 7 Tutorial Category
How do we use the Enhanced Mitigation Toolbar?
I have installed the tool and set it to maximum security setting. Please see attached image and tell me if I am doing anything wrong :geek:
System Security
Enhanced Mitigation Experience Toolkit 2.0 advice sought
I would be interested in hearing any suggestions/experiences using the Enhanced Mitigation Experience Toolkit. Which apps should be added to the app list? I have Win 7 Ultimate and am not running any "legacy" programs of which I am aware, I'm just getting started using EMET. The...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:19.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App