Enhanced Mitigation Experience Toolkit (EMET)

Page 7 of 9 FirstFirst ... 56789 LastLast

  1. Posts : 71,977
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #60

    Thank you Loki. Tutorial updated. :)
      My Computer


  2. Posts : 1,049
    Windows 7 Pro 32
       #61

    EMET 5.0 has some major changes and was not as easy as previous versions to configure. Many apps crashed. I spent a lot of time testing and reading about problems with it. Here's what's good to know:


    • The setting Deep Hooks under Configuration of Apps, has due to compatibility issues always been disabled by default in previous EMET versions. Now it's on by default, but that doesn't mean it'll work on every system
    • EAF isn't compatible with some programs
    • Crashes that don't give alerts from EMET might be caused by the mitigation StackPivot. It's been modified in 5.0, so it might not be compatible for some programs anymore
    • New mitigation ASR blocks certain plug-ins from being loaded, sometimes with exceptions from defined Internet Zones (Trusted Sites, Local Intranet)
    • New mitigation EAF+ blocks some memory read operations commonly used as information leaks

    ASR and EAF+ are advanced settings that come predefined for some MS applications when importing settings for the Recommended Software or Popular Software list. There's a bug that if you disable and re-enable any of these two new mitigations, the settings for it is deleted.
      My Computer


  3. Posts : 529
    windows 8.1 Pro x64
       #62

    Is EMET 4.1 still considered good enough?

    With 4.1 I found the ROP protections crash firefox randomly. Also the game 'godus' had issues with EMET and I had to whitelist it (no idea if dev's ever made it compatible as is a game still in development). Apart from that tho seems fine with all my other apps.
      My Computer


  4. Posts : 71,977
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #63

    Hello Chrysalis,

    It would be recommended to update to the latest EMET 5.0 version. You can install it on top of any previous version to update.

    I only left EMET 4.1 Update 1 listed since it's the last version that officially supports XP.
      My Computer


  5. Posts : 1,049
    Windows 7 Pro 32
       #64

    chrysalis said:
    Is EMET 4.1 still considered good enough?
    Not if you want the best protection. The EMET bypasses reports lately was for 4.1 and to some extent v5 preview:
    http://www.offensive-security.com/vu...-toolkit-emet/
    Brink said:
    You can install it on top of any previous version to update.
    True if you use a fairly recent version. If older than version 3 follow the instructions in the User Guide.
      My Computer


  6. Posts : 71,977
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #65

    EMET 5.1 released. See first post for more details. :)
      My Computer


  7. Posts : 1,049
    Windows 7 Pro 32
       #66

    I've been testing 5.1 and I like it. I can enable more mitigations than in 5.0, mostly StackPivot.

    Good to know:
    I had lots of problems with 5.0 and I've now learned that EMET itself is not necessarily the reason for these problems(crashes). It's very likely that another security product is causing conflicts. In my case it was the HIPS functionality in my AV software. With that disabled, or at least the dll injection/monitoring part of the HIPS, I wouldn't have had to disable ANY mitigation for the "Popular Software" import XML file in EMET 5.1
      My Computer


  8. Posts : 1,049
    Windows 7 Pro 32
       #67

    Latest Patch Tuesday(Windows Updates - November) might cause incompatibility issues with EMET 5.0

    If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation. Alternatively, you can temporarily disable EAF+ on EMET 5.0. Details on how to disable the EAF+ mitigation are available in the User Guide. In general we recommend upgrading to the latest version of EMET to benefit from all the enhancements.
      My Computer


  9. Posts : 529
    windows 8.1 Pro x64
       #68

    Does anyone have a app list for emet 5.1 and what to exclude firefox etc? I am on still on 4.1 but I guess thats getting dated now security wise.
      My Computer


  10. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #69

    App List for EMET


    chrysalis said:
    Does anyone have a app list for emet 5.1 and what to exclude firefox etc? I am on still on 4.1 but I guess thats getting dated now security wise.
    As far as I know you just open the EMET GUI and choose "Import" and then select the .xml file that you want to import. Right click on each .xml file and open with your text editor to see what's in it.

    I really don't think that you should exclude Firefox or any other browser.

    Just add any of the following:

    * Any/all web browsers installed on your computer (Internet Explorer, Firefox, Chrome, Opera)
    * Entire MS Office suite (Access, Excel, Outlook, PowerPoint, Word)
    * Sun (now Oracle) Java
    * Any media player (Windows Media Player, VLC, iTunes, RealPlayer, QuickTime, Winamp)
    * Any software that waits and listens for a network connection
    * Any application that can be automatically invoked by browsing the internet
    * Any Adobe product that you see frequently listed within Adobe's Security bulletins and advisories.

    You will need to know what software you have installed and what to add. There's no all inclusive list of all available software and anyway you only want to load it with apps that you actually use.
      My Computer


 
Page 7 of 9 FirstFirst ... 56789 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:26.
Find Us