EMET (Enhanced Mitigation Experience Toolkit)

Nice, thanks. Just installed. A little OT, but I am really liking the Visual Studio 2013 Dark theme they included with it. It would be nice if Windows itself had that theme.

 

Usually I have them compatible.
(Incredibly quick answer LOL)

 

There are some 64-bit mitigations, but there are no 64-bit Caller or SimExecFlow mitigations, as stated in the manual.

 

Thanks, updating.

 

I have already checked.
Let's see what he says Gerardo di Giacomo:

http://www.ilsoftware.it/forum/viewtopic.php?f=32&t=87765&start=600

 

Updated without issues after uninstalling previous version, haven't rebooted yet though.

 

Just installed the 5.0 general availability and I gotta say the themes are quite nice but loading firefox is sloooooow
and I mean sloooow. I could make a hollandaise sauce before firefox was done loading.
Any clue from anyone whats causing this slow down?

 

Do we have to uninstall 4.1 Update 1 before installing 5?

Thanks.

 

4.1.1 will be uninstalled automatically (explained in the manual).

 

I found the problem with firefox and EMET 5.0 it was EAF and EAF+
How important are these mitigations in windows 7 64bit?

 

Thanks.

I've just read Mark Loman's post so I might wait a while before installing EMET 5.

 

I noticed that EMET 5.0 Final is now a complete service, rather than a startup item.

I like that, because now EMET loads instantly after restart.

 

I see its a lot more lightweight now, almost no cpu cycles wasted on EMET.dlls.

 

Upgrade went fine I noticed some migitations have new detailed options, for example, you can set the number of simulated instructions for SimExecFlow.
If you use IE, you can set the Certificate Pinning to block connections instead of only warning.

 

EAF+ is off by default for all apps. Did you try with just EAF+ off and EAF on?

 

I have a problem with IE 11 - i can not even launch it - only if i deactivate EAF - so i am thinking the same ...how important is it ?
But it works alright with version 4.1.1 and EAF enabled - hmm ! ?
Will see what the net says - or someone here who knows about it .

 

The same for some other apps in my PC. I had to check off some mitigations in 5.0 which were on in 4.1.

 

If you keep your existing configuration, advanced EAF+ rules will not be added.

I found some advanced EAF+ rules in the Popular Software Profile:
-Acrobat.exe: AcroRd32.dll;Acrofx32.dll;AcroForm.api
-AcroRd32.exe: AcroRd32.dll;Acrofx32.dll;AcroForm.api
-firefox.exe: mozjs.dll;xul.dll
-iexplore.exe: mshtml.dll;flash*.ocx;jscript*.dll;vbscript.dll;vgx.dll

And to be sure, the default ASR rules:
-EXCEL.EXE: flash*.ocx
-iexplore.exe: Modules: npjpi*.dll;jp2iexp.dll;vgx.dll;msxml4*.dll;wshom.ocx;scrrun.dll
Internet Zone Exceptions: Local intranet; Trusted sites
-POWERPNT.EXE: flash*.ocx
-WINWORD.EXE: flash*.ocx

 

EMET 5 runs nicely with ViRobot APT Shield

 

I had to ask why EMET was so much optimized, glad I did, seems they improved under the hood a lot, EMET 5 is a must have:

 

Just a general comment, but does it make any sense to run EMET together with tools like HMP.A and MBAE? I think it´s asking for trouble. IMO it´s best to choose only one of these tools.

 

I would say you're right, it is asking for trouble.

I would just stick with EMET, instead of adding redundancy against exploits.

 

Well if my understanding is correct the HMPA 3.0 version wont offer any exploit mitigations in it's free version. https://www.wilderssecurity.com/posts/2391824/ so they would be compatible, right?

 

Actually I need to correct myself a bit, while I still think it isn´t a good idea to run all of these tools together, MBAE is able to stop certain exploits that manage to bypass EMET. On the other hand, certain protection methods in EMET might be more advanced than the ones offered by MBAE. But it´s probably better to combine EMET with anti-exe tools like EXE Radar or AppGuard.

 

And AppGuard already have memory protection. I personally think it's not needed to add another anti-exploit software if one is using EMET and vice versa.