EMET (Enhanced Mitigation Experience Toolkit)

Discussion in 'other anti-malware software' started by luciddream, Apr 1, 2013.

  1. guest

    guest Guest

    No, he meant 40 executables, like adding chrome.exe, firefox.exe, mpc-hc.exe, etc. That's a lot though. :p
     
  2. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Yeah, 40 executables. Just out of curiosity. No issues yet.
     
  3. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    411
    Location:
    router
    hi
    i get below error for "Search Everything" program
    when i uncheck caller in ROP section i dont get any other error
    so this is a incompatibly of EMET with Search Everything or reverse?
    also this is software weakness security bug or not?
    and finally EMET Really secure system?


    http://photoload.ru/data/07/49/46/0749462845e1b2ec9ca8e6a1458664be.png
     
  4. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Isn't everything we use in here pretty much overkill?

    How about me for instance... I have no PDF reader. No Java. No .NET Framework. Flash player installed inside a sandbox, blocked from internet access, running within yet another sandbox in Firefox. All internet facing apps in restricted sandboxes with rights dropped. NoScript. Never download anything. All I do on the net are frequent a few sites like this, watch some Youtube videos, check email, and IM with some friends via Pidgin Messenger (also sandboxed). Everything also well hardened via D+ (HIPS) and a default deny SRP. I have 10 services running, the rest mostly disabled.

    What do you reckon the odds are of me coming across an exploit?

    But still... I flirted with EMET for awhile. And still plan on eventually adding a layer to combat against this vector when one comes out that suits my wants/needs. EMET wasn't it.

    Why?... because we're overkill artists here. And I did actually once in my life have (software) DEP do something useful. I don't know whether it was by accident, or malicious, but I was talking to someone new on Pidgin and it froze up on me. Then I received a message from DEP saying it was terminating the session. Then my sandbox emptied, and voila... over and done with with zero interaction on my part. So I can conceivably see benefit there. I believe DEP + SBIE can be a very powerful combo the way I described. But you already get DEP stock with the OS without needing EMET. And plus Comodo's D+ has shellcode injection protection of it's own that works much like ASLR & SEHOP. So I think I basically have most of the benefits from EMET already really. And with less attack surface, bloat, and conflict.
     
    Last edited: Jun 3, 2013
  5. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    517
    Agree.

    I'd say the chance for you to get infected is minimal even if your computer usage pattern were less stringent.

    By the way, is it possible to add .NET to EMET?
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I came across an article regarding EMET vs exploit against IE8 at Dshield, which I thought of sharing.

    -https://dshield.org/diary/Nuclear+Scientists%2C+Pandas+and+EMET+Keeping+Me+Honest/15890

    At the end, you'll note the author mentions a caveat, and hopefully something Microsoft will address... I wonder if the final release postponing may have something to do with it? :blink:
     
  7. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    That's correct to uncheck "caller" in ROP section.

    Yes, this is incompatibility of EMET with Search Everything in respect to "caller" mitigation.

    IMHO it is not software weakness security bug, just incompatibility with EMET. EMET really makes system more secure against zero-day exploits.
     
    Last edited: Jun 6, 2013
  8. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    411
    Location:
    router
    @Solarlynx,
    thank you for advice me
     
  9. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Well, been waiting all week for 4.0 so I can create a new setup, but I guess a "few days" must mean something else... :)
     
  10. Aborash

    Aborash Registered Member

    Joined:
    Jun 11, 2013
    Posts:
    13
    Location:
    Milky Way
    So, true.

    Anyway, Paranoid mode On :shifty:
     
  11. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    EMET 4.0 final has been delayed as has certainly been cited already.
    The EMET Team has not replied to my requests as to the additional delays:
    emet_feedback@microsoft.com
     
  12. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    typical microsoft
     
  13. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    the same for me (italian support)...:'(
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Thanks for trying.. :)
     
  15. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    You're welcome - as far as I know as of this writing... "I expect it to be out soon"
    Dustin Childs via a webcast that I do not have at the moment. More as I know more.

     
  16. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  17. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    I wonder one thing. Is it enough to cover with EMET only the threatgate apps - which are facing the web (then e.g. exclude from protection all office apps as they are blocked to connect to the Internet), or is it better to add all daily apps?
     
  18. Quitch

    Quitch Registered Member

    Joined:
    Apr 24, 2008
    Posts:
    94
    Well the more apps you add the better your protection, but it's a case of diminishing returns. Really it's stuff which accepts stuff from the Internet that you're going to want to focus on.

    Really I'd say you can install it, load in the popular software profile, and you're pretty much 95% of the way there. Anything beyond that is nice-to-have.
     
  19. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  20. Quitch

    Quitch Registered Member

    Joined:
    Apr 24, 2008
    Posts:
    94
    As a reminder

     
  21. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Thanks for heads up!
     
  22. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Thanks, and finally! I like the new UI, feels faster.
     
  23. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    You're most welcome.

     
  24. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I agree. And, finally now it's possible to create wildcard entries within the GUI. :)

    The only thing that still upsets me, is that the certificate pinning only works for IE. :(
     
  25. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    I had a little issue due choosing recommended settings during installation and then import apps from EMET 3.0.
    Import doesn't work in that case.
    I had to manually copy&paste strings from old EMET 3.0 .xml file into new one.
    It took me some time however.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.