Best Behaviour Blocking

[koko]

For some reason, EMET doesn't get talked about so much here on MT. I think the folks here prefer HitmanPro.Alert, despite the price, or they go for AppGuard, which basically makes everything else pretty much obsolete.

Is emet that underrated ?

 

[shmu26]

Is emet that underrated ?

I bet some of the more senior members of MT can answer this question. I never actually used it myself.

 

[XIII]

For some reason, EMET doesn't get talked about so much here on MT. I think the folks here prefer HitmanPro.Alert, despite the price, or they go for AppGuard, which basically makes everything else pretty much obsolete.

Protecting your PC from ransomware gets harder with EMET-evading exploit

Edit: EIS is my longest running security suite consecutively. I've used it with HMPA, HMP, ZAM, MBAM, EEK, no conflicts whatsoever. I consider it the best BB, regardless of what people say the Hub shows about KIS. The Hub results should be taken with less than a grain of salt.

 

[Wave]

Is emet that underrated ?

I wouldn't say it's underrated, however I would certainly prefer to use a product like HitmanPro.Alert, strictly because it will be more useful most likely (e.g. I prefer HMP.A anti-ransomware, supports prevention of exploits such as BadUSB which I doubt EMET can do, etc).

 

[AtlBo]

shmu26. I haven't been able to find much IT advice or tips on how to use EMET. Maybe that's partly why it's not being used much? I am going to end up shelling for something eventually I guess. I would like to see what EMET can do if all installed programs are set to be monitored. Right now, I am just monitoring browser and some Windows processes like svchost that I thought might be exploitable. I wonder if I should use it with any net related Windows applications or maybe winlogon. Winlogon worries me that there might be a conflict with the normal login process.

End of the conversation, EMET is only a group of protections of one type, memory mitigation. HitmanPro.Alert or Appguard seem to be much more capable for sure. Many others I guess too would be considered much more useful for behavior monitoring. Anyway, I feel inspired to look around a little bit more for commentary on EMET, so thanks alot for the comment.

 

[Wave]

shmu26. I haven't been able to find much IT advice or tips on how to use EMET. Maybe that's partly why it's not being used much? I am going to end up shelling for something eventually I guess. I would like to see what EMET can do if all installed programs are set to be monitored. Right now, I am just monitoring browser and some Windows processes like svchost that I thought might be exploitable. I wonder if I should use it with any net related Windows applications or maybe winlogon. Winlogon worries me that there might be a conflict with the normal login process.

End of the conversation, EMET is only a group of protections of one type, memory mitigation. HitmanPro.Alert or Appguard seem to be much more capable for sure. Many others I guess too would be considered much more useful for behavior monitoring. Anyway, I feel inspired to look around a little bit more for commentary on EMET, so thanks alot for the comment.

From Windows 8/8.1 and on-wards, some system processes are now protected, improving the default security for them (reducing exploits towards them). However, even for processes like SvcHost.exe (the genuine version/s) or winlogon.exe to be used, the malware will require code execution at administrator level.

Also, see this: Quickly Secure Your Computer With Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)

 

[AtlBo]

Wave. Thanks for the information. Looks like I have everything covered that the program should cover. This link helped:

EMET - The Ultimate Installation and Deployment Guide

Found some interesting information on Firefox in the process. Been trying to keep up with development of the new upcoming changes to Firefox, but this caught me off guard. What are they thinking?

Plug-in support has been dropped other than Flash (Affecting)

I was looking up info on plugin-container, because I couldn't understand why it and Flash weren't running with a YouTube video running. I realized I had video set to HTML5 lol on YouTube Video Player plug in I use to watch YouTube videos in Flash. Someone had uploaded an HTML5 video only in that format that I wanted to watch a few days ago, and I forgot to reset the plugin. I was checking in EMET to see if I had protected Flash and plugin-container which I had already done. I will check to see if this is in the Firefox forum.

 

[Wave]

I was looking up info on plugin-container, because I couldn't understand why it and Flash weren't running with a YouTube video running. I realized I had video set to HTML5 lol on YouTube Video Player plug in I use to watch YouTube videos in Flash. Someone had uploaded an HTML5 video only in that format that I wanted to watch a few days ago, and I forgot to reset the plugin. I was checking in EMET to see if I had protected Flash and plugin-container which I had already done. I will check to see if this is in the Firefox forum.

HTML5 will be a more secure option; I recommend against using Flash if possible.

 

[AtlBo]

True, but I have used Flash for years, and I am accostomed to the risk. Honestly, HTML5 gives me a headache lol. I feel like I am watching the screen tear before my eyes, while I don't experience that with Flash video. I have no idea why this happens. This was one of the main reasons I looked into EMET, so that I could better secure Firefox and Flash player. Also, I have to mention that I enjoy some of the Flash games on certain sites that I have a long experience with and trust.

 

[Wave]

True, but I have used Flash for years, and I am accostomed to the risk. Honestly, HTML5 gives me a headache lol. I feel like I am watching the screen tear before my eyes, while I don't experience that with Flash video. I have no idea why this happens. This was one of the main reasons I looked into EMET, so that I could better secure Firefox and Flash player. Also, I have to mention that I enjoy some of the Flash games on certain sites that I have a long experience with and trust.

I don't understand what you mean about watching the screen tear when using HTML5, I don't see a difference on websites like YouTube (e.g. using the HTML5 video player as opposed to the Flash one). There's no problem with liking Flash games, you could enable click-to-play for Adobe Flash on your browser (if it supports it - most mainstream browsers such as IE, Chrome and Firefox will support it) and then click to play your Flash games, alongside using HTML5 for websites like YouTube (e.g. the video player), combined with EMET to safeguard you with additional exploit mitigation.

Just an idea you might like to try out. But if not no problem, just thought to suggest it!

 

[AtlBo]

Thanks for the idea. I like Flash player, and I haven't ever had any problems with it to date. I don't experience headaches with it, so I am happy to stick with it. I don't feel at risk using Flash player.

 

[shmu26]

one caveat about HMPA: it is very prone to conflicts with other software or elements of your OS. For instance, you might attach a USB device, and Windows won't recognize it, or certain programs will crash.
They are constantly putting out new beta versions to solve the conflicts. If you have an issue, sometimes making an exception in HMPA helps, but sometimes it doesn't. There is an active thread on Wilders where you can get help and insight with HMPA issues.