Forum Thread: EMET Help.....ddmarshall !!

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
mogs EMET Help.....ddmarshall !!
Member 29th Nov, 2013 23:29
Posts: 6,279
User Since: 22nd Apr, 2009
System Score: N/A
Location: UK

I don't seem to be getting too far with this !! Can you help me out, in as plain a English as you can manage ?! Ha!
From what I can see of it....Vista has access/can use, all system-wide and individual application mitigations....I've used the system wide recommended settings and rebooted when having made another I need to set IE separately/individually ?
Say for arguement's sake, I wanted to configure Adobe Flash for EMET....could you run that by it best to set all mitigations and then see how it behaves....trial and error if it doesn't ?
I'm not finding the user manual too easy to read....could you give me a few pointers from what you know of it please ?...........Thanks.....regards....mogs......


Post "RE: EMET Help.....ddmarshall !!" has been selected as an answer.
ddmarshall RE: EMET Help.....ddmarshall !!
Dedicated Contributor 30th Nov, 2013 12:42
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: N/A
Location: UK

I think you installed EMET 4.0; 4.1 has been released but I haven't got around to it yet.

I would leave the System settings as default.

There are two files in C:\Program Files\EMET 4.0\Deployment\Protection Profiles that you can use to set up applications. You can look at these by right clicking and selecting edit to open in Notepad.

If you followed the default installation, you will have been set up with the Recommended Software file. This protects Internet Explorer, the Office suite, Adobe Acrobat and Reader, and Java.

The Popular Software file contains a lot more third party programs with adjustments to settings which are known to break them. However, it was reported on the forum that Photo Gallery from Windows Live Essential 2012 (don't think that's supported on Vista) crashes with the Caller mitigation enabled and I can confirm it. I also had problems with the SkyDrive desktop app and ended up removing it completely from EMET.

To use one of these files click Import on the top left and navigate to the Deployment Folder.

You can't add Flash Player to EMET as it not an exe file. EMET sets things up when the program is loaded. It uses the Application Compatibility framework to insert itself when the program starts. So you have to protect the browser Flash Player is running in. For Firefox, click Apps in the Configuration section. Click Add Application. Navigate to the Firefox Program Files folder and select firefox.exe. Repeat for plugin-container.exe. Looking at the entry for Chrome in Popular software, it looks that it's only enabled in Windows 7 and only for SEHOP.

If you're setting up applications that aren't included in the sample files, try enabling all the mitigations first. If it crashes, the ROP mitigations are the first to disable, probably Caller and Memory. Then try DEP and ASLR.

Good Luck.

Was this reply relevant?
mogs RE: EMET Help.....ddmarshall !!
Member 30th Nov, 2013 22:26
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

That's great...thankyou very much....I've got a much better perception already....than days reading over a few things !!
I did use the recommended settings......but I found that Chrome wasn't compatible with shown in the compatibility matrix....for a while I decided to disable SEHOP system wide....but later decided to manage without Chrome, and re-enabled that setting.
It's obvious there's a high degree of configurability....slowly but surely I'm hoping I'll at least master some of it !!
I'll have to take a look at 4.1 sometime too....I'll try to familiarize myself further I think.
I'm running IE as default, and so far, performance on my machine seems significantly improved.
I'll no doubt be in touch some time regarding...but for now I'll close this thread and thank you once again.....regards.....mogs....

Was this reply relevant?

This thread has been marked as locked.