EMET (Enhanced Mitigation Experience Toolkit)

You should use the most secure settings your system works with.

 

Were you able to successfully pin the websites? I tried to pin a website, but it didn't stick? I don't see it in EMET's GUI. I'd imagine that if it worked, it would be shown there.

I followed a Microsoft blog article explaining how one should pin, but didn't seem to work.

 

Sequence, first create a pinning rule, next add the website and assign it a pinning rule. I use three banks ING, RABO and OHRA, rabo and ohra had the same certificate path, so I combined it to the rabo_ohra rule, see picture

 

Oh, I made confusion. I first added the domain, then the pinning rule. This time it stick.

Anyway, I'd prefer a similar method to the one Chromium uses. That way we wouldn't have to install certificates. Or, at least, a more automatic method that would do it in our behalf; it would download the certificate and pin it to the specified domain.

I just need to figure out Chromium's way first.


Thanks!

 

Depends on your 3rd party software but I am running 64 bit Windows 8 with EMET set on Maximum and no issues so far.

 

Okay, here is how to do it in Chrome/Chromium, enter this text and follow explanation on picture

chrome://net-internals/#hsts

Don;t forget to use the --hsts-host command switch when starting Chrome

 

What is this for? to check if it's working?

And what it's the point of this EMET? if you enter to this domain and the cert is not the same EMET will block the website?

 

@ MODS,

Please, move post #134 of Boerenkoolmetworst (how to add Chrome to certificate pinning feature of EMET, which is enabled for IE by default)

and post #153 (how to add certificate pinning in EMET) and #156 (how to add a domain to chrome's hsts set)

To CISCODISCO's thread "Ms EMET Certificatre Pinning)

Thanks

 

You are right confusing, asked mods to move it to another thread. I like to use what is allready available in stead of installing software, sort of security minimalist with maximum protection

 

I'm afraid that's not how it works. First, the chrome://net-internals/#hsts only works for the browser session. That's the intended design. Second, the command flag --hsts-hosts seems to no longer exist?

Check here:
-http://peter.sh/experiments/chromium-command-line-switches/
and here: -https://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc

Freakish moment.

 

Since this is a new version, I was a bit lost in comparison to previous versions of EMET. I've selected Maximum protection as well, thanks for the tip.

Everything is working great so far

 

I like its new feature that you can "Configure Process..." via the "Running Processes" pane.

 

There are some skins even there. Somehow dull they are.

 

Has anyone seen EMET 4.0 phoning home anything? I haven't, I'm just asking, thanks.

 

they need really online database of rules for various apps and theirs versions ...

unfortunately my old compatibility list of v3 and v3.5 is gone ...

so writing new one is going to be PITA

 

Had the same situation it only needs some extra time to fix it.

 

I'm really digging this new version, definitely a keeper

 

I really don't understand why it has skins at all. Especially irritating is that it doesn't have the option to just use the damn look of the system!

 

Agreed. Not liking the skins and it would be nice if it just had the native OS look as an option. The dark skin looks nice but is difficult to read.

 

Isn't the default skin a Windows 8 kind of look? Also, there is a skin that looks like a Windows 7 style skin. I don't remember what it's called but it's in there.

 

No, it's the Office 2013 look, there is no Windows 8 look because that'd be called "No skin".

The Windows 7 skin matches Windows 7 basic. Note that the minimise, maximise and close icons are wrong for Windows 8.

 

Oh, I haven't used Office 2013 so that's why I didn't know the difference. I saw the Windows 7 one and then the dark one. The dark one won hands down Haven't spent any time with the Windows 7 one to notice.

 

related to theme,in xp
they forgot cover theme on right click menu on systray icon of EMET
and Also when open main window in running processes section when right click
and select configure process... its not covered by theme
and still menu is like office 2003

 

Are skins really necessary for a security application? Do you protect your office applications too?

 

For the regular Joe skins make big difference in terms of user experience, for IT folks command line would be enough
MS probably wants invite/encourage to use EMET more people which is good