Emet - How to use? Recommended settings sufficient?

I installed EMET as I read some info here. But I am not an expert kind of guy. Would the default recommended settings of EMET be sufficient? Or - do I need to learn about it? Would it be OK to use it as is? Or is there any occassion that timely intervention is needed?

 

Well as for the default settings being sufficient or not, that's up to you and what level of security makes you feel safe. With EMET, when you run high settings, you might break certain programs. The only way to know is to try it out and see. If programs sporadically crash and the EMET notifier, well, notifies you, then you know that program has compatibility issues. This is the only time intervention is needed, otherwise its more or less set and forget. Personally, I run EMET on the maximum settings with the "Popular Software" list imported. Flash player does crash on me from time to time but I believe it's due to an incompatibility with Firefox and Sandboxie; but I'm not sure.

 

Would the review and tutorial by Mrk perhaps be of help?
Microsoft EMET v4 review & extensive tutorial
https://www.wilderssecurity.com/showthread.php?t=353549

 

Thanks to both of you.

Will also be taking a look at the thread you mention.

 

When I double click EMET icon in taskbar, it gives an error "Admin Privileges Required", although I can open EMET through start menu. Is this a bug ? I have logged in as administrator with UAC disabled.

 

The same for my PC in admin acc with UAC disabled.

 

Thank you. Is there a way to protect firefox in EMET running in sandboxie ? When I start firefox normally its protected, but under sandboxie its not.

 

I heard there's a way to make it. Sorry, cannot find the link (to the SBIE forum if I remember correctly). I didn't do that.

 

Open Sandboxie Control -> Configure -> Software Compatibility. There should be an option for Microsoft Enhanced Mitigation Experience Toolkit (Microsoft EMET). If it is not checked, EMET cannot inject emet.dll into Firefox. What version of Sandboxie are you using?

 

Appreciated

 

Its already checked for EMET in sandboxie. I use 4.06 version.

 

Well I don't use Firefox, but EMET works perfectly fine with all apps in Sandboxie on my system.

 

hxxp://www.sandboxie.com/phpbb/viewtopic.php?t=15965

 

Thanks

 

Besides the recommended settings and software you should add Flash Player if you're using Internet Explorer or Opera. For FireFox the plugin-container comes pre-defined, and for Chrome I don't know(don't use it).

C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

Just uncheck the Caller Mitigation and you should be fine.
The downside with Flash is the exe names as they are locked to a specific version, so you have to add them again in EMET when there's a new Flash version.

 

Just replace System32 with SysWOW64 and you will find few more exe's of flash. And I have all mitigations checked without any problems.

 

Those are actually the uninstallers, the browser executable loads the OCX and DLL plugins.