EMET settings queries

Status
Not open for further replies.

CMLew

Level 23
Thread author
Verified
Well-known
Oct 30, 2015
1,251
Probably this thread will focus more primarily on setting up EMET since I couldn't find those threads on MT yet.

I've read this article dated last yr Sept:
https://support.microsoft.com/en-us/kb/2909257

Certain host-based intrusion prevention system (HIPS) applications may provide protections that resemble those of EMET. When these applications are installed on a system together with EMET, additional configuration may be required to enable the two products to coexist.
I'm currently trying EMET with CIS. As this article mentioned that it could clash with each other (I assume since CIS is HIPS-based), which particular settings do I need to configure?

Currently I'm in default settings for EMET.
 
H

hjlbx

Probably this thread will focus more primarily on setting up EMET since I couldn't find those threads on MT yet.

I've read this article dated last yr Sept:
https://support.microsoft.com/en-us/kb/2909257


I'm currently trying EMET with CIS. As this article mentioned that it could clash with each other (I assume since CIS is HIPS-based), which particular settings do I need to configure?

Currently I'm in default settings for EMET.

@CMLew

CIS and EMET 5.5 Beta should co-exist without major problem. You might get double alerts - one from EMET and one from CIS HIPS.

I have not seen an issue where CIS HIPS triggers EMET... although, it certainly is possible since there are a whole bunch of different CIS HIPS alert types.

I used CIS and EMET without any incidents between the two; I didn't do any special configuring.

Only issue I have seen with EMET 5.5 Beta is that on W8.1, EAF will not allow Internet Explorer 11 to launch. This is on-going problem that started with EMET 5.2 Beta.

Also, when Flash updates, you wlll have to make sure updated version of Flash is protected... nothing major, just an inconvenience.
 

CMLew

Level 23
Thread author
Verified
Well-known
Oct 30, 2015
1,251
Thanks @hjlbx

I also give it a try on EIS too. Apparently it protects a2guard process. Should I remove it as suggested from the article? Currently EMET with EIS is running on default.
The following is a list of the kinds of software that should not be protected by using EMET:

  • Anti-malware and intrusion prevention or detection software
  • Debuggers
  • Software that handles digital rights management (DRM) technologies (that is, video games)
  • Software that use anti-debugging, obfuscation, or hooking technologies
 
H

hjlbx

Thanks @hjlbx

I also give it a try on EIS too. Apparently it protects a2guard process. Should I remove it as suggested from the article? Currently EMET with EIS is running on default.

Fabian Wosar from Emsisoft uses EAM + EMET on his system.

If experience problem, disable protections of A2guard.exe.

That's it.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top