Advice Request Kaspersky Internet Security and EMET

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

poirotz

Level 1
Thread author
Verified
Nov 15, 2018
36
I run KIS 2018 and Windows 7 pro 64.
I've always used EMET with previous Windows installations before 10,but my security programs were different-I'd say more complicated. Now in my main pc I rely a lot on virtualising (Sandboxie and ShadowDefender) and the good offices of Kaspersky (SystemWatcher).
I know EMET is discontinued or abandoned by MS since July, but this is not relevant for me, as I would really like to ascertain without any possible doubt that Kaspersky IS can by all means do without the help of such oldie.
If EMET services are redundant then there is no reason to install, the problem is I cannot decide it by myself and Kaspersky dont shed light on this matter.
Can anyone solve this problem please?
 
E

Eddie Morra

The use of zero-day exploits are saved for people of importance (not normal home consumers), so if you ever do get hit with an attack consisting of exploit functionality, chances are it is going to be known about already (as opposed to new) and that Kaspersky is going to be able to block it with signatures before it even needs anything dynamic it has to offer to kick-in and try and save the day (in my opinion).

Kaspersky is a full suite... make the most of it.
 

poirotz

Level 1
Thread author
Verified
Nov 15, 2018
36
Thanks for your reply Eddie Morra.
Yes, I understand the rationale in your reply,which is what I also surmised.
In brief, your vote is that-although not demonstrable- EMET is useless or redundant as a program in itself.
The argument that any exploit is already neutralised by Kaspersky before hitting single consumer people is a decisive factor,of course.

I try to run KIS with max settings as much as possible and in my 10 months use it never let me down, taking good care of emails as well.
In past years I had relied heavily on HIPS or BB to avert baddies,but now i feel KIS alone can take good care of that section,so,yes,I try to make the most of it.
 
E

Eddie Morra

The argument that any exploit is already neutralised by Kaspersky before hitting single consumer people is a decisive factor,of course.
For home consumers, you can expect any exploited vulnerabilities to be old and already known about. And usually, they will already be patched for people using updated software depending on what the vulnerability is for and whether the vendor decided it was important enough to care about. Even if the vulnerability being exploited in an attack for a normal home consumer is new (albeit very rare to happen), it'll fall a few to victim and then AV vendors will gain more intelligence to prevent future attacks for their own customers.

Furthermore, you can reduce your threat surface by not using software you do not need, or by not using software which is highly targeted like Adobe Reader, Microsoft Office, Java, etc. Use something else which is lesser-known but still reputable and trusted or web-based services (which in itself tend to be more secure, especially when you're using a good browser with enforcement for exploit mitigation's/sandbox containment).

Since you mentioned Windows 10... you should know that features from EMET are built-in to Windows 10 since 1709 (maybe not all, but at-least some) and Windows 10 can enforce exploit mitigation's through Windows Defender. I am not a Kaspersky user, but I know that some vendors still allow you to use Windows Defender's Exploit Protection component alongside (e.g. if its compatible). Not that I think you need to care about it, because KIS is a full suite and more than sufficient IMO.

Software developers can enable mitigation's for their own software forcefully now as well (and such functionality existed back from Windows 8 or 8.1 as well, even if it was lesser-known back then) - previously done for ASLR and DEP for a number of years, but now can be done for the mitigation's EMET used to offer, even when Windows Defender is fully disabled. It's quite simple to do and the APIs for this are publicly accessible and documented with many online examples available. However, a lot of companies are lazy and simply will not bother to do it, because they either will not really need to do it, or it'll take too much time and time is money in the enterprise world.

See this: Compare the features in Exploit protection with EMET
 
Last edited by a moderator:

Dave Russo

Level 21
Verified
Top Poster
Well-known
May 26, 2014
1,042
Have you considered using voodoshield ,it has anti exploit protection,i use kaspersky total security which has a program updater,not sure if you have it in internet security program,but updating your programs and also keeping windows updates,and from what i have read you are safe.
 
Last edited by a moderator:

poirotz

Level 1
Thread author
Verified
Nov 15, 2018
36
@Eddie Morra
quite interesting the doings of Exploit Protection, I didnt know it existed. I've just given a glance to it all because it's a bit late now but I will examine things tomorrow when more alive. Thanks for the heads up.

@Dave Russo
KIS also has an updater program, but it's the only thing i run disabled as i prefer to do it myself.
I've had some experience with VodooShield, I even like its ease of use,but i prefer the Sandboxie granularity and the virtualisation of ShadowDefender, which make me feel more protected.
 

poirotz

Level 1
Thread author
Verified
Nov 15, 2018
36
@Eddie Morra , really a very illuminating reading the link you provided. It made me focus better the situation.
Basically Exploit Protection is EMET inbuilt in Windows10 plus a few other functions .
The problem is : I dont want to run Windows 10: in MyConfig thread i explained why.
I prefer by and large old Windows7 which-for what i do with my computer-is OK for me.
After reading your link and considering what you say,I also decided to forget EMET, which would be more redundant than useful.
An impeccable,bloat free pc plus a few good security progs i decided is all that is needed and probably enough.
Keep up the good posts!
 
  • Like
Reactions: Weebarra
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top