EMET (Enhanced Mitigation Experience Toolkit)

Same problem reappears today. Had to disable SEHOP for iexplore.exe. No further error message when closing IE11.

 

HAd the same problem reverted back to EMET 4.1 update 1

 

Have been running EMET 4.1 in conjunction with Emsisoft anti malware for a couple of months ? But my question is, how do I keep track with the newest stable releases of EMET ? Because if I go to microsoft download center, and seek on EMET. Then is my search result cluttered with links to EMET 3.5 - 4 -4.1 -version 5 and so on. There must be an easier way.

 

emet 5 tp2 is available. have you tried that?

 

Nope not yet. Is it still in " Tech Preview " ? or has it been released as stable.

 

@_Legend_

I've pm u the link

 

legend, it's a technical preview, just like the tp1 referenced earlier, just newer with some bug fixes & enhancements. see the link blase sent you for details. so far it is reasonably stable on my system. probably more so than tp1.

 

@ Windows Security

Do you always use EMET installed without NET ?
The notifications are missed.
Right ?

Have you ever try to do one test with MBAE installed ?
Browser in the list EMET + ROP (SimExecFlow) On

 

Thanks for the good hints I have received from you and blade2nd . Will do a image backup and try it out.

 

Sometimes when I exit my Firefox Browser, the firefox.exe process seems to hang in the background, which in turn requires me to manually do an "End task". Does anyone else have this problem, while running Firefox under EMETs protection?

 

Thank you JRViejo, I appreciate it.

 

And you as well

 

https://connect.microsoft.com/emet/Downloads/DownloadDetails.aspx?DownloadID=53108

 

I'm told Connect account holders may use the link above mine. You would not be able to download the software otherwise.

 

I am running EMET 5 TP1. Is there anyway to export the settings to EMET 5 TP3 if I were to download and install TP3? I am very reluctant to do this manually, since I spent some time configuring EMET to the point everything works well.

 

I found the answer shortly afterwards. Used the Export feature to export the Emet configuration file (.XML) to Documents. However, I don't need to re-import it back to EMET 5.0 TP3. After installing the latest version, I chose "Keep existing settings".

 

• Added UI elements to Application Configuration dialog of EMET_GUI to allow detailed configuration for each mitigation that supports additional settings (e.g. EAF, ASR);
• Changed the way EMET handles SEHOP IFEO entries. This fixed an issue where, in certain scenarios, EMET would not properly configure an application to work with the operating system's implementation of SEHOP.
• Added the status of global application settings (AntiDetours, DeepHooks, etc.) to the output of EMET_Conf, as well as to the Windows Event Logs.
• Internal code cleaning and refactoring, including upgrading to the latest versions of MSDIS and DETOURS libraries (you might notice a slight increase in binary sizes).
• Additional hardening for EAF/EAF+ mitigations by adding protection against breakpoint removal. This is still work in progress, further improvements will come in future releases.
• Numerous other small fixes and improvements addressing application compatibility issues.

 

Disarming Enhanced Mitigation Experience Toolkit (EMET) version 4.1 update 1

What this shows is that while EMET is definitely a good utility and raises the bar for exploit
developers, it is not a silver bullet in stopping these types of attacks.

http://www.offensive-security.com/vulndev/disarming-enhanced-mitigation-experience-toolkit-emet/

 

Today I opened FF30 outside SBIE to update 2 add-ons (https everywhere and NoScript). After selecting restart (to apply updates) an EMET notification popped up 'DEP mitigation problem, firefox.exe shutting down'. Next popups were for crash reports for EMET and FF (I sent both). After that I could not reopen FF outside SBIE so I rebooted W7.

When I open FF under SBIE, it works fine. Updated Add-ons installed. If I open FF outside sandboxie, EMET shuts down FF. I do not have deep hooks enabled and I do have all the mitigations ticked for FF exec.

I am not sure where the problem actually is: EMET, FF or SBIE. Where do I start?

Update: I assumed it was FF, so I started there. I cleaned history and cache, problem did not go away. I decided then to start unticking options that I have set. I started with unticking everything to do with history, including 'clean history when FF closes'. For some reason this worked. I can now open FF sandboxed and unsandboxed and EMET does not shut FF down. To test it I reverted back to ticking what I unticked and the problem came back. Maybe someone knows why this is so ... not me.

 

I have a similar config that works, with this thing different:
You could try changing the history setting to "Never remember history" and see if that works. With this setting FF hides all the checkbox options like "clean history when FF closes" etc. Sounds like some of these options is the problem. Never remember history is like running Private Browsing all the time which also doesn't write to disk.

Also to troubleshoot FF and the add-ons there's Safe Mode:
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode

 

Is EMET incompatible along side Comodo Internet Security?

 

Paranoya, Tnx for your suggestions. I did run FF in Safe Mode and it ran fine. Since unchecking the 'histrory clean' options, the browser, EMET and SBIE are all co-operating. As an alternative, I will be cleaning FF with ccleaner from now on.

 

EMET 5 final is OUT:

http://www.microsoft.com/en-us/download/details.aspx?id=43714

http://blogs.technet.com/b/srd/archive/2014/07/31/announcing-emet-v5.aspx

- 64-bit ROP mitigations, to anticipate future exploitation techniques- (WOW !!)

Gerardo di Giacomo informed me.
TH Gerardo.