EMET settings queries

Status
Not open for further replies.
CMLew

CMLew

Level 23
Thread author
Verified
Well-known
Oct 30, 2015
1,251
3,294
2,169
Singapore
Probably this thread will focus more primarily on setting up EMET since I couldn't find those threads on MT yet.

I've read this article dated last yr Sept:
https://support.microsoft.com/en-us/kb/2909257

Certain host-based intrusion prevention system (HIPS) applications may provide protections that resemble those of EMET. When these applications are installed on a system together with EMET, additional configuration may be required to enable the two products to coexist.
Click to expand...
I'm currently trying EMET with CIS. As this article mentioned that it could clash with each other (I assume since CIS is HIPS-based), which particular settings do I need to configure?

Currently I'm in default settings for EMET.
 
  • Like
Reactions: Deleted Member 333v73x
CMLew said:
Probably this thread will focus more primarily on setting up EMET since I couldn't find those threads on MT yet.

I've read this article dated last yr Sept:
https://support.microsoft.com/en-us/kb/2909257


I'm currently trying EMET with CIS. As this article mentioned that it could clash with each other (I assume since CIS is HIPS-based), which particular settings do I need to configure?

Currently I'm in default settings for EMET.
Click to expand...

@CMLew

CIS and EMET 5.5 Beta should co-exist without major problem. You might get double alerts - one from EMET and one from CIS HIPS.

I have not seen an issue where CIS HIPS triggers EMET... although, it certainly is possible since there are a whole bunch of different CIS HIPS alert types.

I used CIS and EMET without any incidents between the two; I didn't do any special configuring.

Only issue I have seen with EMET 5.5 Beta is that on W8.1, EAF will not allow Internet Explorer 11 to launch. This is on-going problem that started with EMET 5.2 Beta.

Also, when Flash updates, you wlll have to make sure updated version of Flash is protected... nothing major, just an inconvenience.
 
Thanks @hjlbx

I also give it a try on EIS too. Apparently it protects a2guard process. Should I remove it as suggested from the article? Currently EMET with EIS is running on default.
The following is a list of the kinds of software that should not be protected by using EMET:

  • Anti-malware and intrusion prevention or detection software
  • Debuggers
  • Software that handles digital rights management (DRM) technologies (that is, video games)
  • Software that use anti-debugging, obfuscation, or hooking technologies
Click to expand...
 
CMLew said:
Thanks @hjlbx

I also give it a try on EIS too. Apparently it protects a2guard process. Should I remove it as suggested from the article? Currently EMET with EIS is running on default.
Click to expand...

Fabian Wosar from Emsisoft uses EAM + EMET on his system.

If experience problem, disable protections of A2guard.exe.

That's it.
 
Status
Not open for further replies.

You may also like...