Microsoft EMET v4 review & extensive tutorial

Discussion in 'other software & services' started by Mrkvonic, Sep 20, 2013.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    I've written a very long, extensive review & tutorial of Microsoft Enhanced Mitigation Experience Toolkit v4, including installation requirements and setup, the first-time wizard, overview of basic functions like import/export, applications & certificate trust options, profiles, reporting, system status and the mitigation levels - disabled/enabled, app opt in/out, always on, application setup using full path and wildcards, default action, mitigation settings, mitigation types, certificate trust setup with protected website and pinning rules, protection profiles overview and XML format howto, group policy templates, safe practices, recommendations, additional reading, and more. Enjoy.

    http://www.dedoimedo.com/computers/windows-emet-v4.html


    Cheers,
    Mrk
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Thanks for the Review & Tutorial.
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Nice to have a new non-beta of EMET.

    However does anyone else think having skins is kinda cheesy for a security application, especially one by Microsoft?
     
  4. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    sounds interesting but there's no way i am installing 2 GB of .NET 4.0 just to install EMET.
    not to mention its Windows Updates which take forever to install. :thumbd:
     
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    I don't know that it's cheesier than skins for any other security application :) Seriously though, skins are somethings useful because they can improve contrast/readability in the UI. I wish Microsoft would add skins/themes to their current Office products for this reason.
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Thanks, I'll have a close look at this. I've played with EMET in the past and eventually gave up because I found it too difficult to figure out which features were breaking various apps. MS has to make that process easier somehow, perhaps by including a pre-configured database of commonly used apps.
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Yeah, I'm with you moontan.. I found that out the first time I installed it. Never again...
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    That's what the first-time wizard does.
    And you can apply the same mitigations for other apps.
    Mrk
     
  9. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Mrk,
    Nice review, as usual. I've been using EMET 4.0 for quite a while now, but your review did teach me a thing or two.

    Thanks again.

    Later...

    Bob
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    Nice review. It will be nice to pass on to others to save me from having to explain it myself. :thumb:
     
  11. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Mrk is a bit late to the party but overall a good review and tutorial. He should have mentioned things like updating your ATI drivers if you want to test ASLR at Always On setting.
     
  12. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    545
    Location:
    USA
    In this case, I find it very welcome considering the default all-white theme that I find annoying.
     
  13. TheoPaulis

    TheoPaulis Registered Member

    Joined:
    Oct 13, 2013
    Posts:
    1
    Location:
    USA
    I have a basic question about EMET and Microsoft Security Essentials...

    Should MSE be added as an application under EMET?

    Should any real time AV be added?

    I have seen the question asked, but no definitive answers either way.

    Thanks...
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    I would not do that. You don't what can happen if a kernel driver gets stopped by a mitigation. You might end up with a bsod. I would restrict the use of emet to user-space apps only, e.g. browsers, office, im, media players, etc.
    Mrk
     
  15. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I've been tempted to give EMET a try, but I'm not sure I need it and even with the tutorials I don't fully understand it.

    Avast 2014, Webroot Secure Anywhere and Chrome browser seem to be handling things well - and I've got Shadow Defender that I use occasionally although with Google Chrome not sure that's needed.
     
  16. an2tex

    an2tex Registered Member

    Joined:
    Apr 12, 2013
    Posts:
    29
    I added all of the exe files in my program files (both x86 and 64 bits) directory - there are really all of the software - lots of them. All the exe's mean even uninstall files, whatever are there. Because it does not occupy system resources that would not be a problem I believe.

    However as the time comes some software starting to crash - I will modify the settings of the ones that crash.

    I added Antivirus and Firewalls to Emet - would this create a vulnerability to their protection?
     
  17. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  18. an2tex

    an2tex Registered Member

    Joined:
    Apr 12, 2013
    Posts:
    29
    Oh - Ok I remember reading that but forgot it when setting up EMET.

    Thanks for pointing that out again.

    I can revert to normal default settings with daily programs added.

    But - well, now I think I will keep on trying to do what I do (keeping all software added).

    This way I would be a guinea pig :oops: but would share my experience here.

    However, I do not use many software, most of them are for occasional use - I am just a daily surfer and a bit MS office, kind of regular computer guy, nothing more. But putting all software in the settings of EMET would give some insight on the settings I made with EMET.

    One more thing - today Firefox crashed with EMET error. It was in Sandboxie. I read elsewhere that that somewhat relatively complicated combos would have higher possibility of error in EMET - is that correct?

    EDIT : I Read Above Again. And I will put all software except for security software. Appreciate for notifying.
     
  19. fearlessscientist

    fearlessscientist Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    166
    Location:
    USA
    When I double click EMET icon in taskbar, it gives an error "Admin Privileges Required", although I can open EMET through start menu. Is this a bug ? I have logged in as administrator with UAC disabled.
     
  20. an2tex

    an2tex Registered Member

    Joined:
    Apr 12, 2013
    Posts:
    29
    This setup (adding all software in program files folder, without adding Antivirus and Firewall among them) works very well until now - I am giving this update for those who are reluctant to do so. As I read in many places, EMET is one of the most efficient tools for security, but not mentioned in too many places because it is not commercial and more effective than most commercial products. Most of you here know this I guess - but I am learning these newly.

    Using with Sandboxie full, Avast, Comodo, and will be adding Malwarebytes Pro.
     
  21. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    881
    Location:
    Triassic
    Do you recommend disabling EAF when setting up Chrome under EMET 4 ?
     
  22. an2tex

    an2tex Registered Member

    Joined:
    Apr 12, 2013
    Posts:
    29
  23. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I checked and saw that I still have an older version of EMET installed. Should I install the latest version over the top or do a fresh install?
    edit - nevermind, I did a fresh install
     
    Last edited: Nov 16, 2013
Loading...
Thread Status:
Not open for further replies.