AppGuard vs EMET (Memory Protection)

Are AppGuard and EMET about equal when it comes to memory protection?

 

There was a test where AppGuard outclassed EMET, which only is logical.

EMET is free though.

This thread will probably be closed as it's A vs B.

 

I would say that EMET is a good addition to any security app but it cannot substitute any app. So to OP you would better chose to use AG with/or without EMET but not EMET only.

 

Are they incompatible?

Hardly...

 

It's quite different, EMET uses techniques like DEP and ASLR and others limit exploitation of code in memory from a process, for example by setting certain limitations to prevent making code executable or randomizing the place where the code is 'residing'. AppGuard's Memory Guard prevents Guarded processes from writing to the memory of other processes and can also prevent it from reading memory of other processes.

 

I assume AppGuard also prevents other processes (EMET) from injecting DLLs also? Or is there another reason why both can't be used?

 

Ok so AppGuard is more like a standard HIPS, and can´t be compared to EMET at all.

I´ve been reading about this app, if I´m correct it´s basically a sandbox HIPS.

It´s interesting but the spartan GUI is a turn off for me.

 

Appguard, like Peter said, is policy based with some "anti-execute-like" features but not really an anti-execute program either. EMET from what I understand was designed to be an anti-exploit type program to compliment other security apps that lacked such protection. The way they protect memory is quite different. EMET makes many of the ways attackers use to exploit your machine unusable, really only putting Windows native obstacles in the way. AG isolates processes and prevents them from "hijacking" or tampering with one another. In my opinion AG's way is more forward looking and simple; unless of course AG itself has an exploit then you would want emet to protect AG too.

 

@ Peter2150

That´s what I call sandbox HIPS. So no pop ups, but just restricting apps.

@ 1000db

I think you will always need EMET, at least if you´re really paranoid.

 

I think that AppGuard approach is better: it doesn't block only exe attacks or similar, but sandboxs and isolates completely the applications that can be exploited in very much ways and from many different kinds of malwares, first the browsers... anyway, I couldn't live alone classical HIPSs

 

When I use Process Explorer or Hacker I see Emet.dll in the Guarded browser process so I think it works correctly together. In the AG log I can also see Logitech Setpoint being blocked from reading and writing to the browser's process, so I'm not sure what Emet does different to make it work. You can add processes to the Memory Guard exception btw(read, write or both) but I haven't added Emet to exceptions, there are no blocked entries about it in the log and like I said Emet.dll is listed in the DLL list of the browser process.

 

So, is EMET good to use to protect AppGuard from exploits? Anyone have any idea? In other regards, I think AppGuard and EMET overlapses each other quite much but AppGuard being the stronger defender.

 

No they don´t overlapse, they are completely different tools. EMET is not really a HIPS, you should read this:

http://krebsonsecurity.com/2013/06/windows-security-101-emet-4-0/