Should I use EMET with SBIE 64?

Okay so I got SBIE 64 bit on my W7. I know this protection is not as good as the 32 bit version so I was wondering if I should add EMET. Will it even work inside sandboxie? Also I would use EMET 2.1 because it has less footprint than the newer version.

 

Sandboxie 64 bit is not as strong as 32 bit based on what facts.I dont hear any one being infected by malware on 64 bit any more then 32 bit. The last I looked, seems like no one is getting malware Planted on there system thats using sandboxie. As far as EMET I dont no if it provides anything extra that sandboxie already provides.

 

Alright that puts some of my worries to rest. I really like the way MSE and SBIE work together, both extremely light on CPU.

 

FWIW, I am using SBIE 64 with EMET 3.0 on windows 7 64 bit.

I have no problems yet.

The policy I use is ALL 3rd party exe's I put into EMET so they can't use the bad program tricks EMET blocks.

IF they get tagged by EMET I take them off the setup.

 

Short answer: Yes.

Long answer: EMET makes it easy to set certain system settings that harden your computer against attacks. For example, ASLR (address space layout randomization) re-arranges certain data areas to prevent memory overflow attacks. This takes place on a level well below any piece of software, including Sandboxie. Therefore, Sandboxie can't stop it: the kernel will do it no matter what. So the settings provided by EMET will apply to everything that runs, sandboxed or not.

 

Im not sure if EMET 2.1 provides ASLR thou. Also SBIE not suppose to let anything out of its virtual system and I only use SBIE for Chrome and rarely friend's USB.

 

I'm not sure, as I have 3.0 installed. But the principle is the same: the protection provided by EMET is so low-level that Sandboxie can't affect it.

 

Sorry, my thinking is different. Since SBIE 64 is a 3rd party product I apply EMET 3.0 to IT ie SBIE itself. So on my set up I restrain SBIE and ALL 3rd party products.

 

Yes, it does apply to SBIE.

 

Yes, you should add EMET. You'll need to allow an IPC exception to every sandbox you wish to use it with. The other option is to install EMET to the sandboxes you want to use it in.

 

What is the reason for the IPC exception?

 

Apparently it's necessary for EMET to protect the program. I can't really remember the specifics - I haven't used Sandboxie in a few months.

 

EMET should automatically be detected in Software Compatibility, and enabled there... Which results in:

Template=Microsoft_EMET

appearing under [GlobalSettings] in Sandboxie.ini, thus Open*'ing the IPC path and WinClass in all sandboxes.

Actually I don't think the IPC exception is even needed for EMET to work in sandboxed processes -- the IPC "object" is seemingly created just so the EMET GUI can "see" it and display the "Running EMET" checkmark.