Enhanced Mitigation Experience Toolkit (EMET)

Download here…

and a good over view here…
http://www.rationallyparanoid.com/articles/microsoft-emet-2.html

Does anyone have any experience with this software?

I installed it and configured it to protect my browsers.

I will add programs one at a time and run them for a day or two to make sure
I don’t cripple anything.

Any thoughts?

Is it complete overkill to use it with D+ ?

Is it complete overkill to use it with D+ ?
Well, I don't know. I'm going to give it a go.

by the way,
Nice find :slight_smile:

In accordance with the links posted above, I use one more;
http://help.artaro.eu/index.php/general-security/other-security-programs/microsoft-emet.html

This is what my configuration looks like:

http://i53.tinypic.com/2lv002t.jpg

Hope that helps anyone :slight_smile:
I haven’t had any issues at all as of yet too.

Hi tinytankerbrunk ,

From the image you’ve posted I can make just one conclusion - you are not running XP
Am I right? (at least since there are SEHOP & ASLR are included)
Other than that you did not provide any info about your System Environment; security in place etc. And that’s important.

What I mean is - EMET is definitely very good additional layer of security
You can read about it at “Little&Soft” site.
The “rationallyparanoid” site provided by BoredNow is a decent helpful source as well

At the same time & despite all of that, as far as I am concerned - one has to be very careful when suggesting this Software

You have to be quite experienced user.
That is not the Software for everyone as it’s implemented currently. Despite excellent intentions the Software is not friendly enough yet (considering “ordinary” user).
Many things can go extremely wrong depending on individual configurations

… and so on & so forth …

=======

Hi BoredNow,

Yes & that is a good stuff for experienced users

Correct, & that is very important but still annoying & being blunt I may say - absolutely incomprehensible for the majority of users the way it’s currently implemented

Not at all by any means. It is an additional layer of protection indeed (considering all the above)

Cheers!

Ok, sure.

Active Security Components -

FileHippo Updater - Yes, I consider this part of security very important. Several security vulnerabilities come from outdated software. Among the most vulnerable are Adobe Reader, Flash and Shockwave. Java, Itunes, and Web Browsers are very susceptible as well. Safari and Chrome is the worst among browsers. However, I’m willing to bet several blackhats are awaiting the official release of IE9 to release their 0-day exploits!

Comodo Internet Security Setup
High heuristics, Sandbox enabled, Defense+ in Clean PC mode.

Immunet Protect with SPERO and ETHOS enabled, CLAMAV disabled. This is a “cloud” scanner, so all the resource usage to scan is done on their servers. Immunet was specifically developed to run alongside other AV.

Browser Security -
M86 Security addon for IE and FF. This actually performs a real-time scan (not your PC resources in use) and “scrubs” out suspicious/malicious code built into the HTML itself BEFORE it gets to you.
Keyscrambler addon for IE and FF. This prevents keyloggers from successfully capturing your information while browsing, but not your entire PC.
I have used noscrpit, but I am working towards “automating” my security components , while remaining low-resource usage and still remain effective.

I am also testing GData’s “CloudSecurity” addon for FF and IE. However, it’s very new.

I also have my DNS set to use Clearcloud on my router. Currently, this is the most developed DNS server to help block malicious sites from reaching your machine. I’m awaiting Comodo’s eventual maturity in this area.

Reactive Security Components - I only use these after something suspicious.
I will scan with Malwarebytes’ Anti-Malware, SuperAntiSpyware, Hitman Pro, and Norton Power Eraser. However, I don’t use these very often, only rarely. I will also use a multi-boot USB that has several “rescue” scanners to remove malware, to include Kaspersky, Emisioft’s A-Squared, followed by Panda, BitDefender and AVG. However, this first two really get malware/spyware.

Emergency Situation -
I will just restore my OS from an image that I backup DAILY with Windows Home Server.

Summary
Clearcloud DNS will perform a scrub, followed by M86, BEFORE anything reaches my OS. If something gets past that, EMET will mitigate the damage, then CIS and Immunet cloud scanner will find it. If they don’t, then I run my reactive scans. If all else fails or I feel insecure, I perform a restore from a recent image.

There you have it, my system/security environment. :slight_smile:

Hi again tinytankerbrunk , & thanks a lot for the reply

Unfortunately at the moment I cannot reply & post a lot due to current workload
I hope I will have time soon to post something more “decent”

… but at the moment … hmmm … “restore from a recent image” that’s indeed all you (we) need actually & I do not mean weak and damaging CTM - I mean a proper imaging Software (many free excellent solutions are available)

As for the configuration - you can use your signature - that’s more concise & can be easily edited any time when anything underwent changes :wink:

Cheers!

i tried emet in maximum security, is a overkill , more than comodo,
i install gta 4 , installers crash + bsod LOL & some drivers razer can’t install.

Thanks for the input. Yeah, I usually will just roll back to an image that’s a week old, that way there’s no guessing and I don’t have to run my reactive scans. However, they sure do help those that don’t have a backup solution like I do :smiley:

Maybe I’m missing something here. What’s the point of having umpteen different security applications, doing what ever they are supposed to do, when it’s so easy to replace your system in 10 minutes with an image…

Is ‘repair’ (assuming you really do have a problem) better than a clean start?

There is a point you’re missing that I haven’t stated clearly. I usually do an image restore, however, there are times when the infection can be easily eradicated, negating the process of a restore. Another added benefit is that I may have altered files/settings that haven’t been backed up yet, which can result in a less optimal environment if I restore as well. Hopefully that clears it up for you.

Ok, so I googled – “Little&Soft” – and I got the results shown below…hahah.

I consider myself a computer novice, however I do alot of reading on any app that
I want to install and use on my computer.
I even come here and search the forum to see what other people say about an app.
That’s why I started this thread, because there wasn’t much discussion about EMET.

The only ‘problem’ I’ve run into so far was after I added too many ‘JAVA’ files to EMET.
Firefox didn’t seem to like that, so I removed the extra files from EMET and everything seems to be OK.

Any hints and tricks would be greatly appreciated.

[attachment deleted by admin]

With all that ‘protection’ you still have problems? You must visit some very bad sites…

I’ve added a few more processes to my list.
I’ve experienced no problems…fyi.

The other day I was trying to update JAVA and the updater wouldn’t work, and then I remembered
that it was in my EMET list…I disabled EMET…ran the updater, and it worked.

Good to know JAVA is being protected by EMET.

[attachment deleted by admin]

added alot of files to EMET already. Everything seems to work (except java update but i dont know how to fix it).

using win7 prof with sp1 and added pretty much everything network related.



Now I wonder, should i also add Comodo Firewall files, aswell as MSE files and windows files (explorer.exe, svchost.exe,…)

However, i belive microsofts own products are already getting prodected ?

removed wlcomm.exe as msn wasnt working anymore