EMET (Enhanced Mitigation Experience Toolkit)

"Regular Joe" is never going to run EMET. This is a power user tool, pure and simple. It might end up on a "Regular Joe" machine, but only because a power user installed it.

 

If they weren't necessary then MS won't develop them. They are so ugly so it's obvious they are designed to repel hesitating users.

 

Finally got this 4.0 version to run with Trusteer Rapport. Actually, at max. EMET 4.0 settings, Trusteer Rapport runs OK. Problem is it TR does not like the following:

Virtual protect
Load Library
Create Process/File

It will dump a bunch of entries in the TR log file under "Browser Process Alteration." I played with all the individual EMET settings for IE to no avail. Only thing I have found to stop all the above TR log entries fron being generated is to turn off(set to "Never") TR's browser process alteration setting.

 

This latest EMET 4.0 blows, at least when it comes to governing Chrome on XP SP3

At default settings Chrome freezes when trying to launch it, and no real improvement when I disable most of the other mitigation options. I didn't get these issues with 2.x

 

Probably because 2.x had far less mitigations, the only thing I can suggest is keep disabling mitigations until it works.

 

That might help, although I had even disabled every memory mitigation but Chrome still froze At least it's working fine with Chrome on my Win 7 machine, even with every mitigation option checked.

 

Same problem, but not with chrome, adding my game to EMET will crash it even if no mitigation is checked.

 

Yeah, I just ended up removing chrome.exe from the list.

 

Why would you add a game? Games purposely opt out of these mitigations as it will reduce performance.

 

Not according to Microsoft

http://msdn.microsoft.com/en-us/library/bb430720.aspx

Do games opt out? I think they simply don't opt in because secure coding isn't a thing in game development circles.

 

Be careful with this. I heard that if you add Steam Games like CSS or anything that makes use of VAC, you can get banned for it.

 

Yup, I removed it now. However, it seems that unchecking mitigations doesn't work in the latest version as to what I and wat0114 experience.

 

I'm not going to read that entire thing. If you have a point to bring up, quote it and leave the source. A search for "game" resulted in nothing.

Yes, I'm sure games opt out of certain mitigations because it reduces performance. They also have 0 need for them.

Yes I've said this before, you're taking a pointless risk by doing so.

 

Oh for goodness sake, search for "performance impact". Honestly, you're soap-boxing on a subject, providing nothing to support your case, then refusing to read the materials which relate to the damn subject you're professing knowledge of!

 

Does EMET reduce browser performance too?

 

DEP and ASLR have (literally and virtually, respectively) no performance impact. Same with SEHOP. Most protections have virtually none, other than the Anti-ROP, which should have near minimal.

 

I am running it on max. protection settings with deep hooks enabled. Noticed no impact at all using IE9 on WIN 7 x64 SP1. My PC does have a lot of "horsepower" however.

I am using the Popular Software app profile and only added stand-alone Flashplayer to it.

My understanding is once you start adding WIN OS files, it will impact performance.

 

Since we have the experts here, a question concerning EMET 4; Should I add explorer.exe and svchost.exe to APPS. Some are saying yes and some say no. Currently have DEP opt out, SEHOP opt out and ASLR opt in.

 

Yeah, I don't know why anyone would recommend against that unless there are specific issues. If you don't get crashes, I think you should use it.

 

I know in the EMET forum compatibilty section, MS recommended not to protect explorer.exe. As far as scvhost.exe, I have never seen a recommendation to protect it. Perhaps on XP. On WIN 7/8, it is pretty well protected by the OS.

 

Can you link to this? I can see user posts around it, but nothing from MS.

 

On Windows 7, Delphi, Cornficker, Smitfraud. and Alureon variants have no issues circumventing any svchost protection.

 

My "soap-boxing", uhm, okay. I apologize that you didn't place enough detail in your response to me, clearly, this is my fault for your incapability to form a response.

No where in that article does it mention games, whatsoever. No where does it recommend having games opt into these mitigations.

This is what you said:

Which was a direct response to my post about games, and also an entirely flawed one as the link you provided does not mention games.

Nearly half of the mitigations listed have negligible-to-possible performance loss. Whilst this means nothing for your every day application such as a browser, it has the potential to mean a lot for games where you're trying to cram out every possible frame. It's up to the developers to measure said performance and ask themselves what's the point in even opting in.

 

Thanks for the responses from you and Quitch. Well, I had added explorer.exe and svchost.exe to APPS for the past week and so far no problems or crashes. I really wanted to know yours and others opinion on it.

 

I have had explorer and svchost added since EMET 3 and I have not any issues.