EMET (Enhanced Mitigation Experience Toolkit)

I set EMET settings to recommended and removed the programs under its protection then did a reboot before uninstalling (but I only did that once when upgrading from EMET 3.5 to 4.0). I also deleted registry entries as indicated on this site

-http://blogs.technet.com/b/srd/archive/2013/06/17/emet-4-0-now-available-for-download.aspx

 

A while back I gave up trying to EMET Chrome on our old XP setup, even after most of the miyigations unchecked, because it would eventually freeze every time On Windows 7 it's not an issue

 

Interesting. Though it seemed to run fine on my laptop, on the desktop it actually is the Norton plugins that crash Firefox with EMET 4.1. I guess combined with the other problems I am having with Norton it is getting removed.

 

Those having problems with chrome and EMET, the following worked for me:

Disabled all ROP mitigations for "chrome.exe" and the rest are enabled. Now, chrome launches normally and all chrome processes are protected by EMET and are injected by "emet.dll".

For me it was interesting that ALL ROP mitigations (LoadLib, MemProt, Caller, SimExecFlow, StackPivot) had to be disabled in order for the Google browser to work properly.

 

I uninstalled and reinstalled EMET 4.1, going thru setting up all my application execs (rather than importing/exporting settings ... went with a clean slate on the reinstall). I added Chrome, rebooted and started all the apps one by one. They all restarted. Chrome did not crash, it froze. Other apps could be started and used, but Chrome was unusable. I rebooted and tried to reopen it. It froze again.

On disabling all ROP for Chrome, as syrog recommended, Chrome opened and was totally usable. It is now protected under EMET, but with all ROP settings disabled. TNX syrog. That setup worked for me too.

 

I would prefer to use 4.0 in order to keep ROP for Chrome.

 

Interesting thread.

I updated EMET from ver. 4.0 to 4.1, and I also experienced Chrome crashes. However, I only had to disable 1 ROP mitigation - "Caller" to get the browser working again.

I suspect there isn't a "1 shoe fits all" configuration when it comes to EMET. I wonder if other variables such as Windows version, installed Windows security updates, and even AV/FW/HIPS/App Whitelist settings all have some effect on the behavior of EMET; thus making it a uniquely different configuration challenge on every machine.

 

I've had trouble with this in the past but decided to try it again today. I download .NET 4.5.1 with EMET 4.1 and I've had no trouble so far anyway with Chrome - all settings checked for chrome.exe and deep hooks also.

No crashes so far anyway.

 

I have the same (good) experience and using the maximum security settings.
Edit:
Okay, switched back to recommended security settings because I couldn't update the Realtek HD driver.
All migrations and deep hooks enabled don't crash chrome on my system.

 

I removed 3.0, installed 4.1 and disabled ROP as you did and so far no crashes with Chrome

 

Are you running .NET 4.5.1? I was wondering if that made some difference in my setup.

 

Installed EMET 4.1 with max settings. So far working well.

 

I am beginning to warm to this statement. I am also wondering if extensions play a role as they are also user specific. Now that I have Chrome working under EMET 4.1, I will try enabling one ROP at a time, leaving Caller to the last to see if I can reproduce your experience. My Chrome setup may respond better to the sequencing in of the ROPs.

 

I have 3.5 and 4.5 from windows 8.1 itself.

And this is installed according to ASoft .Net Version Detector:

 

Has MS published what these "application-compatibility enhancements" are? I'd rather not upgrade from 4.0 unless there is a significant reason to do so.

 

Certain mitigation techniques have been weakened when used with certain programs to allow those programs to function properly

 

With having Chrome operational under EMET 4.1 without any ROP checked, I have tried to sequence-in each of the ROP mitigations. Each one failed to take. I got an error message from the EMET notifier each time indicating a DEP problem and Chrome was automatically shutdown. At least it did not freeze. Two dump files were created for each failure, which I sent to Microsoft. Chrome created a crash report too (also sent).

So for my Chrome configuration, I can not use any ROP mitigations. My extensions are WOT, Trafficlight, Adblock and ScriptSafe. I have Javascript disabled and my plugins are set to click and play. Trusteer Rapport is installed on my system, but I have never used it on Chrome. IE10 and FF working OK, no problems with ROP.

NB: Chrome updated this morning to V31, so I tried it all again. Same result.

I have NOOOO idea why.

 

I came across this website which gives tips on the installation of EMET 4.1 and problems that might arise adding web browsers such as firefox, chrome etc.. Also at the bottom of the page are some other system 32 exe's that might also be added with "caution". - http://www.winhelp.us/general-securi...soft-emet.html If this has been posted elsewhere..."apologies".
Would like some comments regarding the below suggested additions as quoted from the website as follows:

Edit: "Those requiring extra security can also add the following important Windows files to the list.
Please note that this reduces performance of your computer and prevents secondary logons (Run As / Run as administrator command) from working correctly!"

Services and Controller app - Windows\system32\services.exe
Windows Client/Server Runtime Server Subsystem - Windows\system32\csrss.exe
Windows Local Security Authentication Server - Windows\System32\lsass.exe
Windows Logon Application - Windows\system32\winlogon.exe
Windows Logon User Interface Host - Windows\system32\LogonUI.exe
Windows Print Spooler - Windows\system32\spoolsv.exe
Windows Session Manager Subsystem - Windows\system32\smss.exe
Windows Start-Up Application - Windows\system32\wininit.exe

 

http://blog.chromium.org/2010/11/compatibility-issues-with-emet.html

 

That issue is from 3 years ago and I thought it was fixed back then.

 

I am not concerned about the update issue but that it does not add anything extra to Chrome.

 

will this auto update? or updates with the monthly windows update releases?

 

I updated 2 machines, both had error messages about EMET agent not running when opening the GUI.

EMET has a lot new migitations added since v2.0, so that probably is no longer the case.

I don't think it has auto-update functionality yet, and EMET is not being distributed through Windows Update because it is not really for the average user.

 

I encountered that on my XP rig, but Win 7 it opens without that error msg. I searched online to see if others had reported it and found there were complaints when EMET 4 was in Beta.

 

Ime a reboot is always needed after uninstall/install or updating.

Agreed. DEP, ASLR, SEHOP and EAF was the max then.