Max security on EMET - is it that simple?

That setting and I'm done?

 

If none of your apps break under maximum settings.. lucky you
but if you experience something bad change the settings to

Opt out
opt out
Opt in



also add all your internet facing apps under "Configure Apps" option.

 

Read this: http://www.rationallyparanoid.com/articles/microsoft-emet-2.html

Are you using this settings without issues or the default ones all opt in?

What is the difference btw opt-in and opt-out?

 

I read that DEP should be opt in for compatibility, so is it not ASLR that should be opt out?


Do I really have to add all my games? That would a pain in the buttcake...

Thanks

 

If you think that a malware can target an expoit in a game... maybe you can add some popular online games like WoW

http://www.rationallyparanoid.com/articles/microsoft-emet-2.html

From the link that I provided you before:

 

Opt-in(default setting for Vista and & 7 even without EMET) does actually nothing to enforce the migitations, the programs on your computer have to specifically opt-in to DEP/ASLR/SEHOP to use it, if they don't it is not used.
Opt-out makes all programs use it unless they specifically opt-out because the program is incompatible or something like that.
And always on just forces it on all programs.

 

Ok, thanks I will try Opt-out in the global settings for DEP and SEHOP to see what happens, I'm going to left ASLR opt-in

 

That's some terrible advice. Injecting DLL's into games is a sure way to trigger ban systems.

 

I used Max Security on EMET and it caused Java to crash on install. I took a while to realize that EMET was causing this.

 

Thanks for the URL. I just used it to set up EMET on my laptop and so far everything is working great.

 

Is really needed to add specifically flash player and java? Or adding IE9 is enough?

 

This is an interesting video about EMET.

-http://www.youtube.com/watch?v=iOpcwEz0b1A

 

It is that simple. Only known issue of DEP Always On is broken Java installers. The extracted .msi still works.

 

I thank everyone for their answers so far, and an especial thanks to guest for providing me with that detailed but easy to follow guide for EMET.

 

You are welcome, I was messing around with EMET until I discover the guide

 

Yes, normally it's that simple. I know some programs have issues with this though and therefor you need to force the individual applications instead of making a system wide setting.

Make sure that you're using UAC with EMET. You don't want a program like EMET to be accessible by malware.

 

For usability I do have UAC disabled, I know the risks with that and I'm willing to take them. Only setting that isn't max in EMET is DEP which is set to opt out for my game which doesn't support it being max.

 

I have enabled Max Security effective next boot for testing because Dragonica was the game messing up whatever I tried to do, so with that uninstalled I will test other games.