Firefox/EMET/Rapport Conflict

Discussion in 'other anti-malware software' started by JimboW, Jul 28, 2011.

Thread Status:
Not open for further replies.
  1. JimboW

    JimboW Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    280
    With Firefox setup under the ‘Configure Apps’ section of EMET with everything ticked Firefox fails to load if ‘Block Browser Process Alteration’ is set to ‘always’ under Rapport.

    If I set ‘Block Browser Process Alteration’ to ‘never’ Firefox loads or if I delete Firefox from the ‘Configure Apps’ section of EMET Firefox will load.

    I have contacted Rapport about it to see if EMET can be whitelisted.

    Question is, what would give better protection. Running Firefox with Rapports ‘Block Browser Process Alteration’ or running Firefox under EMET?
     
  2. JimboW

    JimboW Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    280
    Update:

    I’ve heard back from Trusteer and they are aware of the issue and are working to get it solved in a future release.

    In the meantime I’m still left with the conundrum of what would provide better protection. Rapports Block Browser Process Alteration feature or EMET.

    I would have thought EMET would be better and not using this feature in Rapport seems like it could create a big hole in it's protection. Unless anyone has any better advice or suggestions I may have to remove Rapport until this is fixed and go back to Neo's Safekeys for Internet banking and online shopping.
     
  3. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,910
    Location:
    North of the 38th parallel.
    Hello JimboW:

    At least with the "Firefox Setup" exe, the executable's real exposure to danger is quite limited to only the time it takes to do the install. At least you will still have the opportunity to use the EMET shim with the actual firefox.exe itself.

    Given your probable attention to all other security matters, perhaps little is out there, in the wild, that looks for that installer.

    Cheers.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.