Emet 2.1 + Sandboxie, Software Updaters

Sorry, bad wording. There’s a Java.exe in the System32 folder that you should also add to EMET.

 

Is that .exe ever used?

I also don't believe that EMET is able to force any programs in System32 to run with EMET.dll. Never worked on my computer.

 

I don't know. But it's better to be safe than sorry. Look at this list here: -http://www.rationallyparanoid.com/articles/microsoft-emet-2.html-

 

Yes, I've read that =p I was just curious.

Anyways, nothing in my System32 folder runs with EMET.dll. I've tried.

 

Working here on Win7 32-bit. I just tested with Notepad.

 

What's the path to notepad that you see in your running applications in the EMET GUI?

 

C:\Windows\system32\notepad.exe

 

Oh, hm. Strange that it won't work for me.

 

What OS are you running. Have you tried removing it from EMET and adding it again?

 

Hm. It seems that only some of them will run with EMET.dll. Notepad seems to. Going to see if the others will, I've reformatted recently.

 

From my understaning of EMET it should run with any forced program system wide.

 

Some system files are protected. Restarting now to see if it's working.

Some do some don't. svchost works. wininit does not. Just examples of some that aren't working. sppsvc, lsm, smss, csrss are not running with EMET.dll. Not that it's a big deal at all.

 

Thanks for testing. But as you say that’s no big deal. Those system files don’t need to be running under EMET anyway. Not much risk there. There wouldn’t be a problem with those running under maximum settings so there is still some protection as the main features DEP, SEHOP and ASLR are built in to the OS.

 

It's all good. I'm happy with EMET forcing what it does.

 

That's where the x64 Java is installed to, the 32 is in Program Files (x86). On the EMET blog that was linked here, the recommended apps section shows both the 32 and 64 bit .exe files, which threw me off at first. If you only have the 32 version installed, nothing will be in system32.

 

64bit Java is installed to Program Files. But I guess something might be dropped into system32 for 64bit java. Either way, it's running with EMET.

 

Lol, yeah I screwed that up. Anyway, if you don't have the 64 version, there's no Java.exe in there. I only bothered with it when I was taking FF8 and Flash 11 Beta for a test drive. (great browser, terrible Flash, hehe)

 

http://secunia.com/community/forum/thread/show/1752/why_is_java_exe_in_system32

Apparently you can delete that.

EDIT: I'm not going to. Not sure yet. I'll just run it with EMET and throw it in a sandbox. Seems to be a commandline version.

EDIT2: As I suspected. It's in SysWOW64 as well.