Advice Request What is covered by EMET and how to use/configure it ?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

TheSuperGeek

Level 2
Thread author
Verified
Jan 6, 2017
91
Hello, i've got some questions about EMET : What is covered by this product ? (I want to improve Windows 10 defender)
And how to use/configure it ? (it seems to be a complex and detailed software)
Thanks
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Hello, i've got some questions about EMET : What is covered by this product ? (I want to improve Windows 10 defender)
And how to use/configure it ? (it seems to be a complex and detailed software)

It's not actually too hard SuperGeek. Think this way. What can be abused during its runtime by injection of its dlls and memory abuse? Then add these to EMET. The defaults are actually a very good start. Java, Flash, MS Office, internet browsers are good to cover with EMET. Especially processes that have a face to the internet. mstsc.exe is the process for Remote Desktop if you want to use that. It can be protected from exploitation. Honestly, EMET is not really a smart program to speak of as it's more of an exploit insurance patcher. If someone develops an exploit for a program, EMET should protect you if you add it to the protected apps.

You can add Windows processes too that could be exploited if someone knew how, such as svchost.exe, services.exe, and others. However, one thing about EMET is that some of the protections can for some systems cause instability. You can always easily fix this in Safe Mode, even if you lose, for example the picture, but it is something to be aware of. Generally, this doesn't happen, but an application may not function as intended until a specific protection is removed/unchecked from its coverage.

I have saved/exported a configuration that is safe on Windows 7 Pro if you would like to try it for Windows 7. I will link the settings if you like. Should work for Windows 10.
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
EMET is basically dead. MS is ending EMET development soon.

Windows has incorporated many of the EMET exploit mitigation's in Windows 10.

Unless your stuck on Windows 7 there is really little reason to use it these days.

I would look to HitmanPro.Alert if you want a good working exploit mitigation's for a Windows PC.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Actually i don't have a lot of money (i'm a student) so yes i prefer freeware :)
I could be wrong: The EMET kit was popular for Windows XP (limited functionality) to Windows 7 SP1, because the OS lacked many things in terms of Security.

Why is freeware such a concern when it comes to improving Windows 10? Did you apply the WD PUA RegTweak?
 

TheSuperGeek

Level 2
Thread author
Verified
Jan 6, 2017
91
I could be wrong: The EMET kit was popular for Windows XP (limited functionality) to Windows 7 SP1, because the OS lacked many things in terms of Security.

Why is freeware such a concern when it comes to improving Windows 10? Did you apply the WD PUA RegTweak?
No, i don't know this tweack :(
 
  • Like
Reactions: AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Maybe the information in these links can help Windows 10 users with EMET:

Windows 10 Cannot Protect Insecure Applications Like EMET Can

Looking specifically at the table about 1/2 way down the page. The article is very informative overall. It also comes from a very good source, Software Engineering Institute of Carnegie Mellon Institute, and was composed recently (November 21, 2016). There is also a great link to the pdf User's guide for EMET in the second article. I opened it in LibreOffice Portable, and it appears to be safe, considering the source, also.

EMET and Windows 10: Is EMET Still Needed? | pauby.com

Second article is from April of last year, so I don't know how much of this still applies. I focused mainly on the difference between Pro and Enterprise editions of Windows and the impact this could have on many running Windows 10, who may be expecting that the protections of their OS match those of an EMET protected machine.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
  • Like
Reactions: TheSuperGeek

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
EMET works on a per program basis. So, let's see what is exploitable: First on the list is your browser.
If you want strong exploit protection for your browser, you can sandbox it, for instance, with Sandboxie or with COMODO or with ReHIPS. All of these have free versions

If you run chrome on windows 10, you can enable appcontainer lockdown, which is good exploit protection.

Next on the list is your PDF reader. On windows 10, the default PDF reader is Edge, which runs in appcontainer. So you have exploit protection. Otherwise, use Sumatra as your default PDF reader. It is virtually unexploitable because it doesn't have the fancy features. When you need the fancy features for a trusted PDF doc that you already tested and you trust it, then you can use Adobe Reader or whatever.

Then comes MS Office. By default, Macros will not run in an Office doc unless you explicitly allow it to run. So you are protected from the common exploits.
 
  • Like
Reactions: Dirk41 and kev216

Dirk41

Level 17
Verified
Top Poster
Well-known
Mar 17, 2016
797
If you install emet , it automatically config something, but if you use Firefox / chrome for example, you have to add them to emet
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top