Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: EMET Help.....ddmarshall !!

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
mogs EMET Help.....ddmarshall !!
Expert Contributor 29th Nov, 2013 23:29
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK
@ddmarshall

I don't seem to be getting too far with this !! Can you help me out, in as plain a English as you can manage ?! Ha!
From what I can see of it....Vista has access/can use, all system-wide and individual application mitigations....I've used the system wide recommended settings and rebooted when having made another alteration....do I need to set IE separately/individually ?
Say for arguement's sake, I wanted to configure Adobe Flash for EMET....could you run that by me....is it best to set all mitigations and then see how it behaves....trial and error if it doesn't ?
I'm not finding the user manual too easy to read....could you give me a few pointers from what you know of it please ?...........Thanks.....regards....mogs......

--

Post "RE: EMET Help.....ddmarshall !!" has been selected as an answer.
ddmarshall RE: EMET Help.....ddmarshall !!
Dedicated Contributor 30th Nov, 2013 12:42
Score: 1172
Posts: 940
User Since: 8th Nov 2008
System Score: 100%
Location: UK
Hi

I think you installed EMET 4.0; 4.1 has been released but I haven't got around to it yet.

I would leave the System settings as default.

There are two files in C:\Program Files\EMET 4.0\Deployment\Protection Profiles that you can use to set up applications. You can look at these by right clicking and selecting edit to open in Notepad.

If you followed the default installation, you will have been set up with the Recommended Software file. This protects Internet Explorer, the Office suite, Adobe Acrobat and Reader, and Java.

The Popular Software file contains a lot more third party programs with adjustments to settings which are known to break them. However, it was reported on the forum that Photo Gallery from Windows Live Essential 2012 (don't think that's supported on Vista) crashes with the Caller mitigation enabled and I can confirm it. I also had problems with the SkyDrive desktop app and ended up removing it completely from EMET.

To use one of these files click Import on the top left and navigate to the Deployment Folder.

You can't add Flash Player to EMET as it not an exe file. EMET sets things up when the program is loaded. It uses the Application Compatibility framework to insert itself when the program starts. So you have to protect the browser Flash Player is running in. For Firefox, click Apps in the Configuration section. Click Add Application. Navigate to the Firefox Program Files folder and select firefox.exe. Repeat for plugin-container.exe. Looking at the entry for Chrome in Popular software, it looks that it's only enabled in Windows 7 and only for SEHOP.

If you're setting up applications that aren't included in the sample files, try enabling all the mitigations first. If it crashes, the ROP mitigations are the first to disable, probably Caller and Memory. Then try DEP and ASLR.

Good Luck.


--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+5
-0
mogs RE: EMET Help.....ddmarshall !!
Expert Contributor 30th Nov, 2013 22:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@ddmarshall

That's great...thankyou very much....I've got a much better perception already....than days reading over a few things !!
I did use the recommended settings......but I found that Chrome wasn't compatible with SEHOP....as shown in the compatibility matrix....for a while I decided to disable SEHOP system wide....but later decided to manage without Chrome, and re-enabled that setting.
It's obvious there's a high degree of configurability....slowly but surely I'm hoping I'll at least master some of it !!
I'll have to take a look at 4.1 sometime too....I'll try to familiarize myself further I think.
I'm running IE as default, and so far, performance on my machine seems significantly improved.
I'll no doubt be in touch some time regarding...but for now I'll close this thread and thank you once again.....regards.....mogs....

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability