Free Microsoft security tool Enhanced Mitigation Evaluation Toolkit locks down apps

Discussion in 'other security issues & news' started by MrBrian, Mar 7, 2010.

Thread Status:
Not open for further replies.
  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Those are the system settings, settings for applications are different and have more protection techniques, those are also shown in the EMET column. If you want max. security you should add important programs like PDF readers, browsers, programs that open documents or media files etc. to EMET with the application rules. You can also set ASLR in the system settings to always on, though it's a hidden setting(some graphics drivers are incompatible and might cause blue screens, but if yours works fine then there's no risk. Read the manual for more info.)
     
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Basically if you just go to 'Configure Apps' you can select the executables for whichever software you wish to protect.You can disable individual protections for each app. but you're best just leaving everything checked.I've had no problems at all (so far) but to start off I'd suggest just adding the most targeted applications (web browser,java etc).It's certainly worthwhile utilizing the full protection offered given the volume of exploits that are doing the rounds nowadays.

    *Edit BoerenkoolMetWorst got in there while I was slowly typing*:D
     
  3. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    So the suggestions for adding apps would be, IE8 - Foxit - Windows Live Mail -Windows Media Player? I'm using Win 7 Pro?
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    'Application Opt Out' means it's on by default, but apps can be configured to opt out if desired.

    'Application Opt In' means it's off by default, but apps can be configured to opt in if desired.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    No - that's what the EMET system-wide setting is for.
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If you create an app rule for NitroPDF using EMET's max settings, you're getting more protection than without using EMET.
     
  7. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    What does your System Status screen look like?
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I didn't install EMET on my real system yet. I did try it in a virtual machine.

    Is my post incorrect?
     
  9. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Negative, I'm trying to learn from you. I've tried adding net apps to the configurable apps section but none will work with NullPage, HeapSpray, EAF options checked. It could be all three or just one of the three. Haven't tested enough. Presently I have MaxSecurity enabled and added net facing apps with ASLR, SEHOP and DEP checked. I welcome any advice
     
  10. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    If,for whatever reason you can't enable all the options on some programs,even partially enabled you gain some benefit.
     
  11. JuanP1000

    JuanP1000 Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    43
    I have EMET at maximum system settings and all my internet facing applications (iexplorer.exe, AcroRd32.exe, FlashUtil10i.exe, outlook.exe, winword.exe, etc) running EMET (DEP,SEHOP,NullPage,HeapSpray,EAF,ASLR)

    Everything works fine...I am on Win7 x86 Professional
     
  12. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Does EMET also protect against the latest Adobe Flash exploit?
     
  13. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Yes. Currently EMET is only solution for latest Adobe exploit.
     
  14. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Ok, thanks for the answer :)
     
  15. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    It's a good idea to use EMET running an HIPS, or there are risks of conflict or HIPS bad or limit working ?
     
  16. Reimer

    Reimer Registered Member

    Joined:
    Apr 6, 2008
    Posts:
    217
    and how do I get EMET to mitigate this flash exploit?

    Do I simply add my browsers to EMET and it will simply cover the plugin since plugins are in DLL form?
     
  17. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Depends on your browser, for example firefox latest versions use out of process plugins, so for FF you'll also need to EMET plugin-container.exe. Just to be sure also EMET FlashUtil10iActiveX.exe and FlashUtil10iPlugin.exe(normally found in System32 or SysWOW64/Macromed/Flash.) Though I'm not really sure if this is needed, because those processes are not running while flash is used by the browser.

    EDIT: It seems those two files are the uninstallers for Flash.
     
  18. microbial

    microbial Registered Member

    Joined:
    Aug 26, 2009
    Posts:
    156
    Location:
    UK
    Thanks. That makes sense. The Help file needs a bit of polishing but otherwise a nice app.
     
  19. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    You shouldn't have any problem at all running EMET & HIPS together.
     
  20. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    I also believe so, but I would like if someone who tested it post here.
     
  21. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    I have installed (just recently) EMET v2 on my security setup. I have included all those applications, which I have allowed to connect to internet (via KIS firewall). No problem/slowdown/crash so far. I have also tested Mamutu on my setup. It also works fine without any conflict with EMET.
     
  22. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Well I'm running CIS + EMET with no issues at all.CIS has inbuilt BO protection running (what used to be CMF) so if any HIPS were to conflict I'd expect it to be D+.
     
  23. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I'm using Malware Defender, no problems at all.
     
  24. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    Thanks for your answer. :)
     
  25. yeow

    yeow Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    225
    for SYSTEM, is there a opt-in/out config window to select what to opt-in/out? i can't seem to find it.

    and just to check, the original DEP settings selection (in windows performance options) is now greyed out - that is normal right?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.