Jump to content

OA and emet compatibility


rm22
 Share

Recommended Posts

hi - i'm running the latest online armor free version and have used emet 4.1 to change the following system wide settings

DEP - always on (default is windows OS files only)
SEHOP - opt out (default is disabled on windows 7)
ASLR - default

i haven't added any additional mitigations for OA as i've read this is not recommended for AV or firewalls

any potential compatibility issues to watch out for with the changes i've made? i haven't noticed anything, but i'm wondering if i should set DEP to "opt out"  and disable DEP and SEHOP for OA.

thanks.

Link to comment
Share on other sites

Fabian, I'm wondering if you could provide a short non-technical summary for those of us running OA (in standard mode) + EAM 9 on Windows 8.1 x64 (with all the OS standard protections, e.g. NX, enabled) of which EMET 5.0 mitigations are *actually* going to increase protection against threats that somehow get around OA+EAM and a cautious Internet user? I understand that some of the ROP protections EMET provides are already broken by the more advanced 32/64-bit executable threats, you probably know more about that...

Link to comment
Share on other sites

On my Win7x64 + EMET5.0, if Keyscrambler.exe and VirustotalUploader2.2.exe are monitored by OA as unknown, it causes their crash by EAF mitigation.

Of course I can disable EAF to address this issue, but it started just after I installed OA Premium 7.0.0.1866.

Also MCShiled crashes with some mitigations, I currently haven't looked into it but disable some mitigation addressed it.

Before that MCShield worked fine with all mitigation (except ASR) enabled.

 

i found emet 5 did not work well with win7 64 bit and many others have written the same - you might want to fall back to 4.1 if you're having problems. also emet install guide says not to use with security software

Link to comment
Share on other sites

Fabian, I'm wondering if you could provide a short non-technical summary for those of us running OA (in standard mode) + EAM 9 on Windows 8.1 x64 (with all the OS standard protections, e.g. NX, enabled) of which EMET 5.0 mitigations are *actually* going to increase protection against threats that somehow get around OA+EAM and a cautious Internet user? I understand that some of the ROP protections EMET provides are already broken by the more advanced 32/64-bit executable threats, you probably know more about that...

 

from what i've read - EAF, stackpivot and caller mitigations provide the bulk of additional protection from the default DEP, SEHOP and ASLR mitigations

 

but you could ask for more info here

http://www.wilderssecurity.com/threads/emet-enhanced-mitigation-experience-toolkit.344631/page-31

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...