Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Enhanced Mitigation Experience Toolkit (EMET)

Enhanced Mitigation Experience Toolkit (EMET)

Published by Brink
26 Dec 2010
Published by

information   Information
The Enhanced Mitigation Experience Toolkit(EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.

EMET 4.0 and newer versions also provide a configurable SSL/TLS certificate pinning feature that is called Certificate Trust. This feature is intended to detect man-in-the-middle attacks that are leveraging the public key infrastructure (PKI).

Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.

Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits:

1. No source code needed: Until now, several of the available mitigations (such as Data Execution Prevention) have required for an application to be manually opted in and recompiled. EMET changes this by allowing a user to opt in applications without recompilation. This is especially handy for deploying mitigations on software that was written before the mitigations were available and when source code is not available.

2. Highly configurable: EMET provides a higher degree of granularity by allowing mitigations to be individually applied on a per process basis. There is no need to enable an entire product or suite of applications. This is helpful in situations where a process is not compatible with a particular mitigation technology. When that happens, a user can simply turn that mitigation off for that process.

3. Helps harden legacy applications: Its not uncommon to have a hard dependency on old legacy software that cannot easily be rewritten and needs to be phased out slowly. Unfortunately, this can easily pose a security risk as legacy software is notorious for having security vulnerabilities. While the real solution to this is migrating away from the legacy software, EMET can help manage the risk while this is occurring by making it harder to hackers to exploit vulnerabilities in the legacy software.

4. Ease of use: The policy for system wide mitigations can be seen and configured with EMET's graphical user interface. There is no need to locate up and decipher registry keys or run platform dependent utilities. With EMET you can adjust setting with a single consistent interface regardless of the underlying platform.

5. Ease of deploy: EMET comes with built-in support for enterprise deployment and configuration technologies. This enables administrators to use Group Policy or System Center Configuration Manager to deploy, configure and monitor EMET installations across the enterprise environment.

6. Ongoing improvement: EMET is a living tool designed to be updated as new mitigation technologies become available. This provides a chance for users to try out and benefit from cutting edge mitigations. The release cycle for EMET is also not tied to any product. EMET updates can be made dynamically as soon as new mitigations are ready

The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques. These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques.

For more information about EMET, see:
Note   Note
If you install EMET and do not "Configure System" settings, it doesn't do anything to the Windows Data Execution Prevention (DEP) settings.

If you install EMET and "Configure System" settings to Recommended, it will change the DEP to Turn on for essential Windows programs and services only, if you already have it set to everything.

If you install EMET and "Configure System" settings to Maximum, it will gray out the default DEP settings since EMET will be used instead.

Name:  DEP.jpg
Views: 5360
Size:  59.1 KB

Enhanced Mitigation Experience Toolkit (EMET) 5.2

Release date: March 16th 2015
Supported Client Operating Systems: Vista (SP2), Windows 7 (SP1), Windows 8, Windows 8.1
Supported Server Operation Systems: Windows Server 2003 Service Pack 2, Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Server 2012 R2

- EMET 5.2 requires .NET Framework 4.
- For Internet Explorer 10 on Windows 8 you need to install KB2790907 a mandatory Application Compatibility update that has been released on March 12th, 2013 or any other Application Compatibility updates for Windows 8 after that.


Enhanced Mitigation Experience Toolkit (EMET) 4.1 Update 1

Release date: April 30th 2014
Supported Operating Systems: XP (SP3 and above), Vista (SP1 and above), Windows 7, Windows 8, Windows 8.1
More Information: Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1 - Security Research & Defense - Site Home - TechNet Blogs


See also: An update is available for EMET Certificate Trust default rules

Note   Note
EMET 4.1 release includes new functionality and updates, such as:
  • Updated default protection profiles, Certificate Trust rules, and Group Policy Object configuration.
  • Shared remote desktop environments are now supported on Windows servers where EMET is installed.
  • Windows Event logging mechanism allows for more accurate reporting in multi-user scenarios.
  • Addressed several application-compatibility enhancements and mitigation false positive reporting.
Please remember that EMET 4.1 requires .NET Framework 4, and in order to protect Internet Explorer 10 on Windows 8 you need to install KB2790907 a mandatory AppCompat update that has been released on March 12th.


Name:  EMET_4.0.jpg
Views: 5059
Size:  123.2 KB

26 Dec 2010   #1

Windows 7 Ultimate x64 SP1

Interesting, Brink! Thanks. I watched the video on the link you provided (a younger Bill Gates looking fellow was on it ) and it was very informative but I am still left with a question: Am I right in thinking EMET is not necessary unless one runs legacy applications because DEP already handles such exploits or do you believe it's something that should be installed and used by those of us not running such legacy applications.

Sorry for the newbie-like question. The fact I asked it probably indicates it's (EMET) something I don't need?

My System SpecsSystem Spec
26 Dec 2010   #2
Microsoft MVP

64-bit Windows 10 build 10130

Hello Mike,

The latest EMET version was released on 11/17/2010, and can provide better protection and customization of more than the default DEP features in Windows.

I think it would be better to install EMET, and "configure system" to have the "maximum security settings" for better protection.
My System SpecsSystem Spec
26 Dec 2010   #3

Windows 7 Ultimate x64 SP1

Thanks, again, Brink. I configured it for FF 4.0b9pre x64, just in case, and it seems to be causing no issues. My supposition is that it's (EMET) just sitting there watching. I have a few other applications that regularly use the Internet. I'll add them to the EMET App system configuration as well.
My System SpecsSystem Spec

26 Dec 2010   #4

Windows 8 Professional x64

Hi brink

I installed this but I am unable to use it.How do I do so?
My System SpecsSystem Spec
26 Dec 2010   #5

Windows 7 Ultimate x64 SP1

One more thing, Brink, when you get the time, what are the differences between these settings:

Name:  Opt.jpg
Views: 13215
Size:  9.9 KB

My System SpecsSystem Spec
26 Dec 2010   #6

Windows 7 Ultimate x64 SP1

Quote   Quote: Originally Posted by bagavan View Post
Hi brink

I installed this but I am unable to use it.How do I do so?
Why can't you use it, bagavan? Type "EMET" (without quotes, of course) into the search on the Win Start menu. You'll see it:

Name:  ScreenShot00308.jpg
Views: 13280
Size:  10.1 KB

My System SpecsSystem Spec
26 Dec 2010   #7

Windows 8 Professional x64

I repaired it and it worked..By the way why are all my processes being monitored by DEP instead of EMET?

Attached Thumbnails
My System SpecsSystem Spec
26 Dec 2010   #8

Windows 7 Ultimate x64 SP1

DEP is the default, bagavan. If you want them to also be monitored by EMET, you'll have to add them by clicking on the "Configure Apps" button.
My System SpecsSystem Spec
26 Dec 2010   #9

Windows 8 Professional x64

can I use EMET to monitor all the processes?
My System SpecsSystem Spec

 Enhanced Mitigation Experience Toolkit (EMET)

Tutorial Tools

Similar help and support threads
Windows 7 Tutorial Category
New Enhanced Mitigation Experience Toolkit (EMET) 5.1 available
Security News
New Enhanced Mitigation Experience Toolkit (EMET) 5.0
Source: General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0 - MSRC - Site Home - TechNet Blogs See also:
Security News
Announcing Enhanced Mitigation Experience Toolkit (EMET) 5.0 Preview
Source: Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview - MSRC - Site Home - TechNet Blogs Download: Download Enhanced Mitigation Experience Toolkit 5.0 Tech Preview from Official Microsoft Download Center See also:...
Security News
The Enhanced Mitigation Experience Toolkit v4.1
Enhanced Mitigation Experience Toolkit v4.1 (EMET) is out! What is the Enhanced Mitigation Experience Toolkit? Enhanced Mitigation Experience Toolkit v4.1: Download See also:
Security News
How do we use the Enhanced Mitigation Toolbar?
I have installed the tool and set it to maximum security setting. Please see attached image and tell me if I am doing anything wrong :geek:
System Security
Enhanced Mitigation Experience Toolkit 2.0 advice sought
I would be interested in hearing any suggestions/experiences using the Enhanced Mitigation Experience Toolkit. Which apps should be added to the app list? I have Win 7 Ultimate and am not running any "legacy" programs of which I am aware, I'm just getting started using EMET. The...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:40.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App