Microsoft Enhanced Mitigation Experience Toolkit (EMET)

What is your opinion on Microsoft Enhanced Mitigation Experience Toolkit (EMET)?
How good is it in what it do?

http://www.microsoft.com/en-us/download/details.aspx?id=29851

It’s a very good addition to your layered protection esp ASLR mitigation technique to stop the exploits. So if you use CIS use EMET as well. EMET can prevent many exploits taking place on the first place but you can technically bypass it. But it’s there to make exploit attacks more difficult to succeed at compromising your system. So I recommend it with any security suite apart maybe from Kaspersky but they don’t know about any conflicts with EMET and their ASLR protection.

Please be aware, that EMET is not an install and forget software. It needs proper configuration and continous updating of the programs list in order to get maximum protection.
ASLR is only available in Vista and later.

Not really. Just install ‘all in one’ default rules for a major/popular exploited applications and that’s it. Many basic users never go past that. But I see your point for the advanced users only. About ASLR true. But with EMET it’s much more flexible and one can argue it works much better than in the original default state. Winodws 8 is another level with the ASLR all together. EMET has many other good mitigation techniques. So use it.

One more thing I recommend version 3.5 not 3.0.

One thing to keep in mind that adaptation made with EMET can cause some programs to disfunction. People seem to easily forget they did this.

I remember seeing a couple of cases where people would report a problem with a program and then later report back it was caused by changes made with EMET rather than with using CIS or so.

A little note:
EMET v4.1 and CIS v7 don’t like each other. In this case CIS will make EMET accuse most of installed programs with SimExecFlow. Including Firefox, Stickies and Internet Explorer.
Yet, CIS v5.12 gets along with EMET v4.1, no problems at all.

I had on 3 computers issues with EMET v4 and CIS v6, this is with EMET installed with its default settings no changes, it would cause CIS to become sluggish, hanging up, crashing and all kinds of stability issues, Windows 7 on all of these systems was equally affected at the same time, prior to EMET v4 I had either EMET v3 or v3.5 installed on them without issues, since these issues I have given up on EMET as it seems to cause more issues then it resolves, also malware authors have been releasing new variants to bypass EMET, so I don’t feel the need to play russian roulette with EMET on any computer, CIS will protect just as well if not better then EMET I feel :wink: