Enhanced Mitigation Experience Toolkit (EMET)
-
In addition to Callender's post:
If you meant what EMET mitigations to exclude for a specific program, then that's adjusted in the xml import files for every new EMET release. So when you import a program list these programs should work with the default settings/mitigations. If they don't it's likely that you have some other security software installed that conflicts with EMET, for example an antivirus, HIPS, or another exploit blocker.
If you have to disable a lot of mitigations in the new EMET version and you can't troubleshoot it, it's probably better and easier to go back to EMET 4.1 if you could have more mitigations enabled there.
-
-
I mentioned firefox as on other forums like wilders people are mentioning a lot having to disable certian protections for firefox and chrome. I dont mean to exclude the app entirely, and on 4.1 I also had to turn of some ROP for firefox as it kept crashing with it on, I dont have HIPS on any a/v so isnt any conflict.
-
What AV do you have? Some have their own exploit/behavior blocker that might conflict
-
eset nod32 a/v not the full nod32.
-
-
-
Two users in the EMET thread at Wilderssecurity have posted their experience about potential conflicts with EMET:
Just as a potential FYI, here's a list of AVs which have any kind of behavior-based anti-exploit I'm currently aware of, so potentially more possibility of conflicts though not always the case.
ESET ver 7+
F-secure (all products which have DeepGurad 6.0+)
G-Data (don't know which version)
KIS 2013+
Norton 2010+
Pand Cloud v2.2+
My observations.
ESET NOD32 - seems to work fine with EMET 5.0.
F-Secure AV - default Deepguard settings cause major issues with EMET 5.0
Solution:
Deepguard - select 'Use the Compatibility Mode'. Note - they say it lowers security. OTH you're using EMET.
In EMET 5.0 EAF+ is OK in Firefox but delete advanced rules [eg: mozjs.dll;xul.dll] otherwise Firefox start-ups are very slow.
Otherwise select all mitigations in Firefox except ASR, as recommended by MS.
Post 765: EMET (Enhanced Mitigation Experience Toolkit) | Page 31 | Wilders Security Forums
and post 768
For F-Secure an alternative solution for using the compatibility mode is to exclude only the programs that conflict with EMET in settings - Virus protection - Exclude files from the scan - tab Objects. This will exclude the programs from the real-time scan which also means Deepguard won't hook into these processes. For known programs that's the preferred solution until the conflict between EMET and Deepguard has been resolved.
-
New Enhanced Mitigation Experience Toolkit (EMET) 5.2 released. See first post for more details. :)
-
-
-
Thank you David. Tutorial updated. :)
-
New Enhanced Mitigation Experience Toolkit (EMET) 5.5 released. See first post for more details. :)