EMET Questions

Discussion in 'other security issues & news' started by Tyrizian, May 29, 2012.

Thread Status:
Not open for further replies.
  1. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,804
    If I were to implement EMET into my current setup, would these be the settings to go with?

    DEP is set to always enabled

    SEHOP is set to opt-out

    ASLR is opt-in enabled

    Add these to Configure System?
    Mozilla Firefox
    Microsoft Internet Explorer
    Adobe Flash
    Etc.

    Anything else I should do? Maybe add more apps to my EMET Config? Any advisable ones?

    Your input will be greatly appreciated.

    Thanks,
    R
     
  2. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    You should definitely implement EMET into your setup. The settings you mentioned is exactly how you should configure it. I would add any software that connects to internet in EMET.
     
  3. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,804
    Yeah, I have been researching it, and I can see why it is so important. Do you suggest only adding programs to config settings that have a connection feature (Internet)? Is it necessary to add applications that don't connect to the internet?
     
  4. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    All the ones you mentioned. I personally have my media player, java, ie, wmp, pdf reader and skype. Also here is a thread about EMET: https://www.wilderssecurity.com/showthread.php?t=316900
     
  5. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,804
    Thank you for everything, You've been a big help :thumb:
     
  6. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    No problem. Also if you use MS Office, you could add word, powerpoint, etc. to EMET as well.
     
  7. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,804
    I use too, but now use OpenOffice.
     
  8. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    Well you could add that if you want.
     
  9. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,804
    Ok, will add that too

    One more question

    Do I need EMET Notifier always on startup for it to function?

    or...

    Can I disable the notifier off of startup and still have EMET Functionality?
     
    Last edited: May 29, 2012
  10. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land

    The notifier isn't needed and doesn't effect EMET functionality but people have issues disabling it as see in thread: https://www.wilderssecurity.com/showthread.php?t=324125. I just tried disabling EMET Notifier in a VM. After I imported a reg file and used msconfig to disable it, I restarted my VM. When I restarted and tried to open EMET, the EMET setup ran and restarted EMET_Notifier.
     
    Last edited: May 29, 2012
  11. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,804
    Yep, same thing happened to me. Also, For being just a notifier, I find it quite heavy in memory. I'm still keeping it though, doesn't seem to cause drag. I am somewhat picky, even with 8GBs of RAM HaHaHa
     
    Last edited: May 29, 2012
  12. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    Its about 12k in memory for me. Not a big deal but you should be able to disable it if you want. Even the EMET manual mentions disabling the notifier with an registry entry but it doesn't work as we have both seen.
     
  13. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,804
    It is using 16.3MB on my 64-bit machine. I mean it's not huge in memory (Not enough to slow thing's down), but just for being a notifier, it's kind of chunky. I can live with that though, It doesn't seem to go any higher than that.

    I am just going to leave the notifier, no other way at this point.

    Thanks once again :thumb:
     
  14. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    thanks for the tips on process explorer Kees, but um, where'd your post go??
     
  15. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    My memory usage is 64-bit as well. It is chunky but I don't notice any effects but it serves no purpose I need. Oh well guess we have to wait until Microsoft decides to fix the bug lol... Actually you probably could downgrade to EMET 2.1 as it does the same thing as EMET 3.0 if you wanted.
     
  16. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Using max security settings here with no issues whatsoever so far. When configuring apps, you may want to leave EAF off for Chrome and Java, as it is possible to cause issues. I've not been having any though with it on.
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Have you tried ASLR Always On?
     
  18. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Me? The option isn't available in EMET 3 (that I can see in the drop down).
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    You have to enable it through the registry.
     
  20. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Ahh, no then I haven't done that. I think the built-in max security setting is good enough when your system can take it. Put yourself behind Chrome and you should be plenty protected against the vast majority of stuff you're going to run into just surfing around.
     
  21. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yeah, I agree.

    I'm just kinda curious because there are a few areas of Windows address space that can't be randomized. I'm wondering if setting ASLR to "Always On" would solve that - but I seriously doubt it.

    I can't test it, ATI drivers are crap for security. Multiple overflows and hardcoded address space.
     
  22. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Video cards are an as of yet unexplored security area for me admittedly.
     
  23. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    I did have an ATI graphics card in my other laptop but now I have a nvidia. I think I might try ASLR always on just to see if windows crashes. Could be a quick and fun experiment :D
     
  24. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm jealous. I'd love to flip the switch in Ubuntu and get full ASLR throughout the OS (and Windows as well) but the GPU is holding me back.
     
  25. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    I just tried ASLR always on and no BSOD, nice :D. I will keep it for a few days and see if anything unusual happens. Thanks for mentioning ASLR always on again Hungry, I forgot all about...
     
    Last edited: May 29, 2012
Loading...
Thread Status:
Not open for further replies.