Enhanced Mitigation Experience Toolkit (EMET) for Windows 10

Page 1 of 4 123 ... LastLast
  1. Brink's Avatar
    Posts : 48,882
    64-bit Windows 10 Pro for Workstations build 19635
       #1

    Enhanced Mitigation Experience Toolkit (EMET) for Windows 10



    End of Life Statement
    We have listened to customers' feedback regarding the January 27, 2017 end of life date for EMET and we are pleased to announce that the end of life date is being extended 18 months. The new end of life date is July 31, 2018. There are no plans to offer support or security patching for EMET after July 31, 2018. For improved security, we recommend that customers migrate to the latest version of Windows 10.


    Enhanced Mitigation Experience Toolkit (EMET) 5.5.2

    Date Published: November 11, 2016
    File Name: EMET Setup.msi
    File Size: 25.6 MB

    Release notes: User Guide for EMET 5.52

    Download


    information   Information
    The Enhanced Mitigation Experience Toolkit (EMET) is designed to help customers with their defense in depth strategies against cyberattacks, by helping detect and block exploitation techniques that are commonly used to exploit memory corruption vulnerabilities. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques. EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software. EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives.

    Note   Note
    Supported Operating Systems
    Windows 10 , Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 SP1, Windows Server 2008 Service Pack 2, Windows Server 2012, Windows Server 2012 R2, Windows Vista Service Pack 2 )

    - EMET 5.52 requires .NET Framework 4.5.
    - For Internet Explorer 10 on Windows 8 you need to install KB2790907 a mandatory Application Compatibility update that has been released on March 12th, 2013 or any other Application Compatibility updates for Windows 8 after that.



    Enhanced Mitigation Experience Toolkit (EMET) for Windows 10-emet-1.png

    Enhanced Mitigation Experience Toolkit (EMET) for Windows 10-emet-2.png
    Last edited by Brink; 08 Mar 2020 at 10:27.
      My Computers

  2. dencal's Avatar
    Posts : 2,850
    W10 Pro + W10 Preview
       #2

    Hi Brink.
    Downloaded Emet, problem encountered, could no longer open Internet Explorer. though Edge was unaffected.
    See attachment.

    Rectified by uninstalling Emet
    Attached Thumbnails Attached Thumbnails Enhanced Mitigation Experience Toolkit (EMET) for Windows 10-em.jpg  
      My Computers

  3. Brink's Avatar
    Posts : 48,882
    64-bit Windows 10 Pro for Workstations build 19635
    Thread Starter
       #3

    Hello dencal,

    I would recommend to uninstall EMET for now then.
      My Computers


  4. Posts : 487
       #4

    dencal said:
    Downloaded Emet, problem encountered, could no longer open Internet Explorer. though Edge was unaffected.
    See attachment.
    It sometimes does odd things like that. Try toggling between profiles, as that usually fixes it. For example, change 'Certificate Trust (Pinning)' to disabled (this will change the profile at the top to 'Custom Security Settings'), then change the profile back to 'Recommended Security Settings' afterwards. Reboot the PC.

    I'm not exactly sure why this is needed, but I've found if I don't do this when a new version of EMET is released, it can sometimes cause all sorts of problems like you mentioned.

    Enhanced Mitigation Experience Toolkit (EMET) for Windows 10-emet.png
      My Computer

  5. dencal's Avatar
    Posts : 2,850
    W10 Pro + W10 Preview
       #5

    ARC1020 said:
    It sometimes does odd things like that. Try toggling between profiles, as that usually fixes it. For example, change 'Certificate Trust (Pinning)' to disabled (this will change the profile at the top to 'Custom Security Settings'), then change the profile back to 'Recommended Security Settings' afterwards. Reboot the PC.

    I'm not exactly sure why this is needed, but I've found if I don't do this when a new version of EMET is released, it can sometimes cause all sorts of problems like you mentioned.

    Enhanced Mitigation Experience Toolkit (EMET) for Windows 10-emet.png
    Thank you for your input....but if I may quote from your above post.
    "It sometimes does odd things like that"
    This doesn't exactly inspire confidence in the efficacity of this product.
      My Computers

  6. Cliff S's Avatar
    Posts : 24,314
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       #6

    Are you using MBAE alongside EMET?
    Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) – while generally very compatible both with Malwarebytes and Malwarebytes Anti-Exploit (MBAE) – seems to prevent smooth launching of the Internet Explorer web-browser when both are using default settings. On both my Win 7 x64 and Lavie’s Win 8.1 x64 systems Firefox, Chrome/Chromium, and Vivaldi browsers all seem to work just fine with EMET and MBAE running…though I just keep to the default EMET configurations on install and don’t specifically add custom protection for Firefox/Chrome/Vivaldi to EMET. Internet Explorer (iexplore.exe) is included in the default EMET protection. And the free version of MBAE protects Firefox, Chrome, Internet Explorer and Opera browsers.
    Read more here: grand stream dreams: Harmonizing EMET and MBAE
      My Computers


  7. dencal's Avatar
    Posts : 2,850
    W10 Pro + W10 Preview
       #7

    Cliff S said:
    Are you using MBAE alongside EMET?
    Read more here: grand stream dreams: Harmonizing EMET and MBAE
    Thanks Cliff for the link which gives confirmation of my inability to use IE with EMET installed.
    Rather odd that M$ should not make their own product compatible, yet EMET, Mbam and Mbae both work perfectly using Edge.
    I might reinstall EMET and play around with it to see if I can harmonize as per your link.
      My Computers


  8. Posts : 487
       #8

    dencal said:
    Thank you for your input....but if I may quote from your above post.
    "It sometimes does odd things like that"
    This doesn't exactly inspire confidence in the efficacity of this product.
    It's not really aimed at normal users as you'll notice if you start adding your own applications and certs, but yeah I think it should be labelled as experimental software or permanent beta to make it clear to people before they install it. A while ago they turned on deep hooks as a default setting, when they must have known it was going to wreak havoc, but they did it anyway. Presumably they then used the Windows error reporting logs to see what it broke and then fine tuned EMET accordingly. So yeah, it isn't a final solution, it is experimental software and I think the whole idea of it is that they can test mitigations in EMET first, with the intention of eventually incorporating them as part of the OS.

    I reported the above problem probably more than 2 years ago, but it's still present in new versions. But in fairness, when I've reported Certificate Pinning issues along with Debug Diagnostics Tool logs, they fixed them pretty quickly, so it depends on the issue I guess.

    In answer to your comment about Edge, EMET mitigations don't apply to Edge.
    Given the advanced technologies used to protect Microsoft Edge, including industry leading sandboxing, compiler, and memory management techniques, EMET 5.5 mitigations do not apply to Edge.
      My Computer

  9. dencal's Avatar
    Posts : 2,850
    W10 Pro + W10 Preview
       #9

    ARC1020 said:
    In answer to your comment about Edge, EMET mitigations don't apply to Edge.
    Given the advanced technologies used to protect Microsoft Edge, including industry leading sandboxing, compiler, and memory management techniques, EMET 5.5 mitigations do not apply to Edge.

    Your above quote I find rather strange inasmuch that M$ state that it is supported in W10.
    If Edge is supposedly the future planned principal O/S this does not make sense.

    Another point if one looks again at the starter of this topic, EMET 5.5 Beta requires .NET Framework 4.5. updated to 4.6
    See below that only part of this feature is either turned on, or turned off completely, could this be perhaps why IE is unobtainable?
    Attached Thumbnails Attached Thumbnails Enhanced Mitigation Experience Toolkit (EMET) for Windows 10-win-feat.jpg  
      My Computers


  10. Posts : 487
       #10

    dencal said:
    Your above quote I find rather strange inasmuch that M$ state that it is supported in W10. If Edge is supposedly the future planned principal O/S this does not make sense.
    EMET is primarily an anti-exploit tool. What they are saying is that there aren't any application rules included for Edge in the default protection profiles as the anti-exploit mitigations provided by EMET aren't necessary for Edge, due to it's own defence mechanisms built-in.

    Another point if one looks again at the starter of this topic, EMET 5.5 Beta requires .NET Framework 4.5. updated to 4.6
    See below that only part of this feature is either turned on, or turned off completely, could this be perhaps why IE is unobtainable?
    Internet Explorer works fine with EMET. The error message you're seeing in Event Viewer is saying EMET closed IE due to SimExecFlow. SimExecFlow is short for 'ROP Simulate Execution Flow' and is one of the anti-exploit mechanisms built into EMET. You can disable this mitigation for IE or even all mitigations for IE, but that would be pointless as that isn't the route cause of the error message that you're seeing. It is a false positive error message.

    Enhanced Mitigation Experience Toolkit (EMET) for Windows 10-untitled-1.png

    As I pointed out in post No.4, I have had this happen multiple times before due to something not initiating correctly when installing EMET and needing to switch between profiles to fix it. I do not know why this happens, but for whatever reason doing that changes something causing it to work as it should. Even when doing an in-place upgrade and keeping all the recommended settings, it can still trigger the false positives like you are seeing until switching to a different setting and then back to the 'Recommended Security Settings' profile. I do not know whether that will fix your problem, but as it's something I have experienced on more that one PC and on more than one OS (Windows 8 and 10), from my point of view it's worth trying that first as opposed to random guessing.

    Obviously, another question you need to ask yourself is whether you have the time and patience to deal with experiential/beta software? I usually don't install beta Operating Systems for this reason myself, as I need the OS to work reliably.
      My Computer


 

Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 20:14.
Find Us




Windows 10 Forums