Emet - How to use? Recommended settings sufficient?

Discussion in 'other anti-malware software' started by an2tex, Oct 25, 2013.

Thread Status:
Not open for further replies.
  1. an2tex

    an2tex Registered Member

    Joined:
    Apr 12, 2013
    Posts:
    29
    I installed EMET as I read some info here. But I am not an expert kind of guy. Would the default recommended settings of EMET be sufficient? Or - do I need to learn about it? Would it be OK to use it as is? Or is there any occassion that timely intervention is needed?
     
  2. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    Well as for the default settings being sufficient or not, that's up to you and what level of security makes you feel safe. With EMET, when you run high settings, you might break certain programs. The only way to know is to try it out and see. If programs sporadically crash and the EMET notifier, well, notifies you, then you know that program has compatibility issues. This is the only time intervention is needed, otherwise its more or less set and forget. Personally, I run EMET on the maximum settings with the "Popular Software" list imported. Flash player does crash on me from time to time but I believe it's due to an incompatibility with Firefox and Sandboxie; but I'm not sure.
     
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  4. an2tex

    an2tex Registered Member

    Joined:
    Apr 12, 2013
    Posts:
    29
    Thanks to both of you.

    Will also be taking a look at the thread you mention.
     
  5. fearlessscientist

    fearlessscientist Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    166
    Location:
    USA
    When I double click EMET icon in taskbar, it gives an error "Admin Privileges Required", although I can open EMET through start menu. Is this a bug ? I have logged in as administrator with UAC disabled.
     
  6. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,913
    The same for my PC in admin acc with UAC disabled.
     
  7. fearlessscientist

    fearlessscientist Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    166
    Location:
    USA
    Thank you. Is there a way to protect firefox in EMET running in sandboxie ? When I start firefox normally its protected, but under sandboxie its not.
     
  8. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,913
    I heard there's a way to make it. Sorry, cannot find the link (to the SBIE forum if I remember correctly). I didn't do that.
     
  9. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Open Sandboxie Control -> Configure -> Software Compatibility. There should be an option for Microsoft Enhanced Mitigation Experience Toolkit (Microsoft EMET). If it is not checked, EMET cannot inject emet.dll into Firefox. What version of Sandboxie are you using?


    emet.PNG
     
  10. fearlessscientist

    fearlessscientist Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    166
    Location:
    USA
  11. fearlessscientist

    fearlessscientist Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    166
    Location:
    USA
    Its already checked for EMET in sandboxie. I use 4.06 version.
     
  12. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Well I don't use Firefox, but EMET works perfectly fine with all apps in Sandboxie on my system.
     
  13. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    hxxp://www.sandboxie.com/phpbb/viewtopic.php?t=15965

     
  14. fearlessscientist

    fearlessscientist Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    166
    Location:
    USA
  15. Paranoya

    Paranoya Registered Member

    Joined:
    Nov 4, 2013
    Posts:
    59
    Besides the recommended settings and software you should add Flash Player if you're using Internet Explorer or Opera. For FireFox the plugin-container comes pre-defined, and for Chrome I don't know(don't use it).

    C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
    C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

    Just uncheck the Caller Mitigation and you should be fine.
    The downside with Flash is the exe names as they are locked to a specific version, so you have to add them again in EMET when there's a new Flash version.
     
  16. fearlessscientist

    fearlessscientist Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    166
    Location:
    USA
    Just replace System32 with SysWOW64 and you will find few more exe's of flash. And I have all mitigations checked without any problems.
     
  17. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Those are actually the uninstallers, the browser executable loads the OCX and DLL plugins.
     
Loading...
Thread Status:
Not open for further replies.