EMET (Enhanced Mitigation Experience Toolkit)

Discussion in 'other anti-malware software' started by luciddream, Apr 1, 2013.

  1. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,026
    Location:
    USA
    Nice, thanks. Just installed. A little OT, but I am really liking the Visual Studio 2013 Dark theme they included with it. It would be nice if Windows itself had that theme.
     
  2. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,011
    Usually I have them compatible.
    (Incredibly quick answer LOL):)
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Thanks, updating.
     
  5. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,895
    Location:
    Italy
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Updated without issues after uninstalling previous version, haven't rebooted yet though.
     
  7. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    Just installed the 5.0 general availability and I gotta say the themes are quite nice but loading firefox is sloooooow
    and I mean sloooow. I could make a hollandaise sauce before firefox was done loading.
    Any clue from anyone whats causing this slow down?
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,530
    Location:
    Among the gum trees
    Do we have to uninstall 4.1 Update 1 before installing 5?

    Thanks.
     
  9. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,546
    4.1.1 will be uninstalled automatically (explained in the manual).
     
  10. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    I found the problem with firefox and EMET 5.0 it was EAF and EAF+
    How important are these mitigations in windows 7 64bit?
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,530
    Location:
    Among the gum trees
    Thanks. :)

    I've just read Mark Loman's post so I might wait a while before installing EMET 5.
     
  12. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    I noticed that EMET 5.0 Final is now a complete service, rather than a startup item.

    I like that, because now EMET loads instantly after restart.
     
  13. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    I see its a lot more lightweight now, almost no cpu cycles wasted on EMET.dlls.
     
  14. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,457
    Location:
    Outer space
    Upgrade went fine :) I noticed some migitations have new detailed options, for example, you can set the number of simulated instructions for SimExecFlow.
    If you use IE, you can set the Certificate Pinning to block connections instead of only warning.
     
  15. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    EAF+ is off by default for all apps. Did you try with just EAF+ off and EAF on?
     
  16. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    682
    Location:
    sweden
    I have a problem with IE 11 - i can not even launch it - only if i deactivate EAF - so i am thinking the same ...how important is it ?
    But it works alright with version 4.1.1 and EAF enabled - hmm ! ?
    Will see what the net says - or someone here who knows about it .
     
  17. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,011
    The same for some other apps in my PC. I had to check off some mitigations in 5.0 which were on in 4.1.
     
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,457
    Location:
    Outer space
    If you keep your existing configuration, advanced EAF+ rules will not be added.

    I found some advanced EAF+ rules in the Popular Software Profile:
    -Acrobat.exe: AcroRd32.dll;Acrofx32.dll;AcroForm.api
    -AcroRd32.exe: AcroRd32.dll;Acrofx32.dll;AcroForm.api
    -firefox.exe: mozjs.dll;xul.dll
    -iexplore.exe: mshtml.dll;flash*.ocx;jscript*.dll;vbscript.dll;vgx.dll

    And to be sure, the default ASR rules:
    -EXCEL.EXE: flash*.ocx
    -iexplore.exe: Modules: npjpi*.dll;jp2iexp.dll;vgx.dll;msxml4*.dll;wshom.ocx;scrrun.dll
    Internet Zone Exceptions: Local intranet; Trusted sites
    -POWERPNT.EXE: flash*.ocx
    -WINWORD.EXE: flash*.ocx
     
    Last edited: Aug 1, 2014
  19. EMET 5 runs nicely with ViRobot APT Shield
     
  20. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    I had to ask why EMET was so much optimized, glad I did, seems they improved under the hood a lot, EMET 5 is a must have:

     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,597
    Location:
    The Netherlands
    Just a general comment, but does it make any sense to run EMET together with tools like HMP.A and MBAE? I think it´s asking for trouble. IMO it´s best to choose only one of these tools. :)
     
  22. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    I would say you're right, it is asking for trouble.

    I would just stick with EMET, instead of adding redundancy against exploits.
     
  23. Yanick

    Yanick Registered Member

    Joined:
    May 3, 2011
    Posts:
    270
    Well if my understanding is correct the HMPA 3.0 version wont offer any exploit mitigations in it's free version. https://www.wilderssecurity.com/posts/2391824/ so they would be compatible, right? :)
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,597
    Location:
    The Netherlands
    Actually I need to correct myself a bit, while I still think it isn´t a good idea to run all of these tools together, MBAE is able to stop certain exploits that manage to bypass EMET. On the other hand, certain protection methods in EMET might be more advanced than the ones offered by MBAE. But it´s probably better to combine EMET with anti-exe tools like EXE Radar or AppGuard. :)
     
  25. guest

    guest Guest

    And AppGuard already have memory protection. I personally think it's not needed to add another anti-exploit software if one is using EMET and vice versa.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.