EMET (Enhanced Mitigation Experience Toolkit)

Discussion in 'other anti-malware software' started by luciddream, Apr 1, 2013.

  1. taytong888

    taytong888 Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    168
    Same problem reappears today. Had to disable SEHOP for iexplore.exe. No further error message when closing IE11.
     
  2. HAd the same problem reverted back to EMET 4.1 update 1
     
  3. _Tempus_

    _Tempus_ Guest

    Have been running EMET 4.1 in conjunction with Emsisoft anti malware for a couple of months ? But my question is, how do I keep track with the newest stable releases of EMET ? Because if I go to microsoft download center, and seek on EMET. Then is my search result cluttered with links to EMET 3.5 - 4 -4.1 -version 5 and so on. There must be an easier way.
     
  4. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    359
    Location:
    CSA Consulate, Glos., UK
    emet 5 tp2 is available. have you tried that?
     
  5. _Tempus_

    _Tempus_ Guest

    Nope not yet. Is it still in " Tech Preview " ? or has it been released as stable.
     
  6. blasev2nd

    blasev2nd Registered Member

    Joined:
    Mar 27, 2014
    Posts:
    47
  7. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    359
    Location:
    CSA Consulate, Glos., UK
    legend, it's a technical preview, just like the tp1 referenced earlier, just newer with some bug fixes & enhancements. see the link blase sent you for details. so far it is reasonably stable on my system. probably more so than tp1.
     
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,902
    Location:
    Italy
    @ Windows Security

    Do you always use EMET installed without NET ?
    The notifications are missed.
    Right ?

    Have you ever try to do one test with MBAE installed ?
    Browser in the list EMET + ROP (SimExecFlow) On
     
  9. _Tempus_

    _Tempus_ Guest

    Thanks for the good hints I have received from you and blade2nd . Will do a image backup and try it out. :)
     
  10. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    Sometimes when I exit my Firefox Browser, the firefox.exe process seems to hang in the background, which in turn requires me to manually do an "End task". Does anyone else have this problem, while running Firefox under EMETs protection?
     
  11. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    60,450
    Location:
    U.S.A.
    TyRidian, that issue might not be related to EMET. See this Post of mine. Just FYI.
     
  12. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    Thank you JRViejo, I appreciate it. :thumb:
     
  13. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    60,450
    Location:
    U.S.A.
    TyRidian, you're welcome! Take care.
     
  14. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    And you as well
     
  15. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,458
    Location:
    Outer space
  16. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    I'm told Connect account holders may use the link above mine. You would not be able to download the software otherwise.
     
  17. taytong888

    taytong888 Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    168
    I am running EMET 5 TP1. Is there anyway to export the settings to EMET 5 TP3 if I were to download and install TP3? I am very reluctant to do this manually, since I spent some time configuring EMET to the point everything works well.
     
  18. taytong888

    taytong888 Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    168
    I found the answer shortly afterwards. Used the Export feature to export the Emet configuration file (.XML) to Documents. However, I don't need to re-import it back to EMET 5.0 TP3. After installing the latest version, I chose "Keep existing settings".
     
  19. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    • Added UI elements to Application Configuration dialog of EMET_GUI to allow detailed configuration for each mitigation that supports additional settings (e.g. EAF, ASR);
    • Changed the way EMET handles SEHOP IFEO entries. This fixed an issue where, in certain scenarios, EMET would not properly configure an application to work with the operating system's implementation of SEHOP.
    • Added the status of global application settings (AntiDetours, DeepHooks, etc.) to the output of EMET_Conf, as well as to the Windows Event Logs.
    • Internal code cleaning and refactoring, including upgrading to the latest versions of MSDIS and DETOURS libraries (you might notice a slight increase in binary sizes).
    • Additional hardening for EAF/EAF+ mitigations by adding protection against breakpoint removal. This is still work in progress, further improvements will come in future releases.
    • Numerous other small fixes and improvements addressing application compatibility issues.
     
  20. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,217
    Disarming Enhanced Mitigation Experience Toolkit (EMET) version 4.1 update 1

    What this shows is that while EMET is definitely a good utility and raises the bar for exploit
    developers, it is not a silver bullet in stopping these types of attacks.

    http://www.offensive-security.com/vulndev/disarming-enhanced-mitigation-experience-toolkit-emet/
     
  21. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,413
    Location:
    Triassic
    Today I opened FF30 outside SBIE to update 2 add-ons (https everywhere and NoScript). After selecting restart (to apply updates) an EMET notification popped up 'DEP mitigation problem, firefox.exe shutting down'. Next popups were for crash reports for EMET and FF (I sent both). After that I could not reopen FF outside SBIE so I rebooted W7.

    When I open FF under SBIE, it works fine. Updated Add-ons installed. If I open FF outside sandboxie, EMET shuts down FF. I do not have deep hooks enabled and I do have all the mitigations ticked for FF exec.

    I am not sure where the problem actually is: EMET, FF or SBIE. Where do I start?

    Update: I assumed it was FF, so I started there. I cleaned history and cache, problem did not go away. I decided then to start unticking options that I have set. I started with unticking everything to do with history, including 'clean history when FF closes'. For some reason this worked. I can now open FF sandboxed and unsandboxed and EMET does not shut FF down. To test it I reverted back to ticking what I unticked and the problem came back. Maybe someone knows why this is so ... not me.
     
    Last edited: Jul 4, 2014
  22. Paranoya

    Paranoya Registered Member

    Joined:
    Nov 4, 2013
    Posts:
    59
    I have a similar config that works, with this thing different:
    You could try changing the history setting to "Never remember history" and see if that works. With this setting FF hides all the checkbox options like "clean history when FF closes" etc. Sounds like some of these options is the problem. Never remember history is like running Private Browsing all the time which also doesn't write to disk.

    Also to troubleshoot FF and the add-ons there's Safe Mode:
    https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode
     
  23. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    Is EMET incompatible along side Comodo Internet Security?
     
    Last edited: Jul 4, 2014
  24. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,413
    Location:
    Triassic
    Paranoya, Tnx for your suggestions. I did run FF in Safe Mode and it ran fine. Since unchecking the 'histrory clean' options, the browser, EMET and SBIE are all co-operating. As an alternative, I will be cleaning FF with ccleaner from now on.
     
  25. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,902
    Location:
    Italy
    Last edited: Jul 31, 2014
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.