rm22 Posted October 18, 2014 Report Share Posted October 18, 2014 hi - i'm running the latest online armor free version and have used emet 4.1 to change the following system wide settingsDEP - always on (default is windows OS files only)SEHOP - opt out (default is disabled on windows 7)ASLR - defaulti haven't added any additional mitigations for OA as i've read this is not recommended for AV or firewallsany potential compatibility issues to watch out for with the changes i've made? i haven't noticed anything, but i'm wondering if i should set DEP to "opt out" and disable DEP and SEHOP for OA.thanks. Link to comment Share on other sites More sharing options...
Fabian Wosar Posted October 20, 2014 Report Share Posted October 20, 2014 There shouldn't be any conflicts between EMET and OA. Link to comment Share on other sites More sharing options...
rm22 Posted October 21, 2014 Author Report Share Posted October 21, 2014 great - thanks for the reply Fabian Link to comment Share on other sites More sharing options...
Fabian Wosar Posted October 21, 2014 Report Share Posted October 21, 2014 We only test EMET with the recommended settings. Stuff may break once you add custom applications or enable mitigations that aren't enabled by default. Link to comment Share on other sites More sharing options...
Insert Real Name Posted October 23, 2014 Report Share Posted October 23, 2014 Fabian, I'm wondering if you could provide a short non-technical summary for those of us running OA (in standard mode) + EAM 9 on Windows 8.1 x64 (with all the OS standard protections, e.g. NX, enabled) of which EMET 5.0 mitigations are *actually* going to increase protection against threats that somehow get around OA+EAM and a cautious Internet user? I understand that some of the ROP protections EMET provides are already broken by the more advanced 32/64-bit executable threats, you probably know more about that... Link to comment Share on other sites More sharing options...
Fabian Wosar Posted October 23, 2014 Report Share Posted October 23, 2014 We don't comment on other vendor's products, sorry. When in doubt I would stick to the default settings as the authors will know best which settings are most appropriate for everyday use. Link to comment Share on other sites More sharing options...
rm22 Posted October 25, 2014 Author Report Share Posted October 25, 2014 On my Win7x64 + EMET5.0, if Keyscrambler.exe and VirustotalUploader2.2.exe are monitored by OA as unknown, it causes their crash by EAF mitigation. Of course I can disable EAF to address this issue, but it started just after I installed OA Premium 7.0.0.1866. Also MCShiled crashes with some mitigations, I currently haven't looked into it but disable some mitigation addressed it. Before that MCShield worked fine with all mitigation (except ASR) enabled. i found emet 5 did not work well with win7 64 bit and many others have written the same - you might want to fall back to 4.1 if you're having problems. also emet install guide says not to use with security software Link to comment Share on other sites More sharing options...
rm22 Posted October 25, 2014 Author Report Share Posted October 25, 2014 Fabian, I'm wondering if you could provide a short non-technical summary for those of us running OA (in standard mode) + EAM 9 on Windows 8.1 x64 (with all the OS standard protections, e.g. NX, enabled) of which EMET 5.0 mitigations are *actually* going to increase protection against threats that somehow get around OA+EAM and a cautious Internet user? I understand that some of the ROP protections EMET provides are already broken by the more advanced 32/64-bit executable threats, you probably know more about that... from what i've read - EAF, stackpivot and caller mitigations provide the bulk of additional protection from the default DEP, SEHOP and ASLR mitigations but you could ask for more info here http://www.wilderssecurity.com/threads/emet-enhanced-mitigation-experience-toolkit.344631/page-31 Link to comment Share on other sites More sharing options...
Fabian Wosar Posted October 27, 2014 Report Share Posted October 27, 2014 I know some people report issues in Win7x64 with EMET5 but it probably depends on what setting and what security software they use.It usually does. The hooks many security applications set look suspiciously like ROP to a lot of exploit protection applications. Link to comment Share on other sites More sharing options...
Recommended Posts