Enhance Windows’ online security with EMET 5

Topic

New Reply

	TOP STORY Enhance Windows’ online security with EMET 5
	By Susan Bradley Microsoft recently updated its Enhanced Mitigation Experience Toolkit, a free application that can protect you from dangerous zero-day attacks. Here’s a review of what EMET does — and why and when Windows users should run it on business and personal systems.

---

The full text of this column is posted at http://windowssecrets.com/top-story/enhance-windows-online-security-with-emet-5/ (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

I tried EMET5 on W8.1.1. It bricked IE so badly I had to remove it, EMET5 that is, not IE. :huh:.

Reply | Quote

I installed EMET 5.0 on Windows 8.1 Update (is that 8.1.1?) and IE 11.0.12 works fine. However, because I use Google Chrome almost exclusively, I don’t push IE in any significant way.

Be careful out there!

Reply | Quote

For those that find that IE doesn’t work, can you post up your antivirus software? I know it works with IE and I’m wondering if antivirus with browser based protection is interaction.

Reply | Quote

I tried EMET 5 today after reading the article. I am running Windows 7 Ultimate on a Dell Laptop. The only malware software I have is MSE and Malawarebytes Pro. I noticed two issues. First, after I installed and rebooted my computer (it did not ask for reboot, but I did it manually), there was no EMET icon in the taskbar space. I manually opened the GUI from the Programs button, and I got an error message that the service is not running. When I opened task manager, there was an EMET service, but it was stopped. I followed the link to services and started it, and now I have the icon. The bigger issue was with Acrobat X. When I open a pdf from the program, it works fine. However, when I double click a pdf file, I get the waiting icon for about 10 seconds and then nothing. After a minute or so I get a message that Acrobat failed to connect to a DDS server. I could double click on a Word or Powerpoint file, and it would open in the application fine. There must be something with the way Acrobat is treated. I uninstalled EMET, and everything worked fine. Perhaps there is some setting I could have adjusted, but I guess this left me concerned that EMET is not ready for widespread use.

Reply | Quote

For those that find that IE doesn’t work, can you post up your antivirus software? I know it works with IE and I’m wondering if antivirus with browser based protection is interaction.

Susan, I had to disable SimExecFlow mitigation in IE, Firefox, Chrome, and my Office 2007 to get them to work with EMET. For the record, I am using Avira on one PC and AVG Free on the other.

Jerry

Reply | Quote

Thank you very much for this article. It’s the best intro to EMET that I have seen.

I have just started using EMET. Beyond taking the recommended settings, I’m curious about what additional step(s) to take. Here are some possibilities:

1. Add the alternative browser(s) that you use to EMET. When did this with Google Chrome, I saw that EAF+ and ASR were NOT checked off. Is EMET using some intelligence to determine which options to turn on?

2. I saw mentioned to add “internet-facing” apps to EMET. I prefer to think of this as “internet-using” apps. And I wonder about any app whose only apparent internet use is a “check for updates” or “autoupdate” function, such as Auslogics Disk Defrag and CCleaner. Could these apps be left out of EMET entirely? Or add them last.

3. As programs are updated (for example, fast-moving browsers like Chrome and Firefox), do their recommended EMET settings change? The nervous computer owner could spend a lot of time tinkering with these things.

I looked around for other forums where existing EMET discussions can be found. Here’s one:

http://social.technet.microsoft.com/Forums/lync/en-US/home?forum=emet

…where a bewildering number of q&a’s turn up.

Thanks again for the article on EMET. A clear and independent voice is much needed.

Reply | Quote

When EMET 5 came out I immediately installed it, then soon uninstalled it and reinstalled 4.1. OS is Win7 SP1 64 bit. Office Pro 2007 32 bit.

EMET 5 made Office 2007 unusable. All Office apps would try to open, then quickly close. There were no error messages from EMET. With 4.1 the option Deep Hooks often caused Office problems, but unchecking it fixed that. That didn’t work with EMET 5. I haven’t found any other way to make it compatible with Office ’07.

Nor have I found any workable fixes on line. I welcome any suggestions.

Reply | Quote

Thanks for the article on EMET 5 as it was very enlightening. Although you spoke about some of the downsides of running EMET you didn’t touch on any performance downsides. Can you or anyone else comment on what one might experience as a performance hit running EMET vs. not running EMET? Also can you remove EMET if the performance hit is too high or you find it has too many compatibility issues?

Reply | Quote

Aside from the Office ’07 problem with EMET 5, as far as I was able to tell there were no performance hits with any version of EMET. If there were any they were so small I would only have found them in actual timing comparisons, with the usual “everything else being equal,” which is rarely the case.

As I mentioned, I uninstalled EMET 5. You can do it via Control Panel – Programs & Features, or with an uninstaller utility like Revo Uninstaller.

Reply | Quote

When EMET 5 came out I immediately installed it, then soon uninstalled it and reinstalled 4.1. OS is Win7 SP1 64 bit. Office Pro 2007 32 bit.

EMET 5 made Office 2007 unusable. All Office apps would try to open, then quickly close. There were no error messages from EMET. With 4.1 the option Deep Hooks often caused Office problems, but unchecking it fixed that. That didn’t work with EMET 5. I haven’t found any other way to make it compatible with Office ’07.

Nor have I found any workable fixes on line. I welcome any suggestions.

Open up EMET 5.
Click on the apps button
For each Office application, uncheck the box in the SimExecFlow column
Click on the OK button.

Worked for me. In general, if you find an application doesn’t work after installing EMET 5, click on the apps button, right click on the app you are having trouble with and click on “disable all mitigations” and then click on the OK button. I f the app now works, reenable mitigations in groups until you find the culprit.

Jerry

Reply | Quote

jwitalka, That’s a lot of work for a good application, and one that belongs to MS! Btw, I disabled all mitigations and Excel still didn’t work.

Reply | Quote

jwitalka, That’s a lot of work for a good application, and one that belongs to MS! Btw, I disabled all mitigations and Excel still didn’t work.

Did you check the OK button after disabling all mitigations? All I can say that just disabling SimExecFlow worked for me. I didn’t find disabling that mitigation for all Office apps to be much work but as you said, I’m surprised the default settings did not work for Office 2007 as they are a Microsoft product.

Jerry

Reply | Quote

Nice article but I noticed an error regarding FDIC insurance. FDIC only protects bank accounts from bank failure, not from theft. In addition, the $250,000 limit works for both personal and business accounts.

From the FDIC site:

As of July 21, 2011, a federal prohibition against the payment of interest on business checking accounts was repealed. As a result, corporations and partnerships can now have interest-bearing checking accounts that are insured for up to a total of $250,000 combined with any other interest-bearing deposits the business may have at the same bank, including certificates of deposit (CDs), savings accounts and money market deposit accounts. Also remember that the deposits of a sole proprietorship — an unincorporated business owned by one individual using a business name — continue to be insured together with any personal funds the owner may have at the same bank, up to $250,000 in total.

Reply | Quote

On Banking –

My experience has been that if it’s “their mistake” – like someone hacking a pad and stealing your bank card credentials, they’ll quickly replace the funds. (though I had to remind them to refund the fees charged) But if it’s “your mistake”, like using an insecure password or allowing funds to be transferred, it’s your loss. In other words – your responsibility to keep your online account secure.

I use LastPass and ironically, the most insecure password is to online banking. They allow only a relatively short password and only letters and numbers. I’ve complained.

Reply | Quote

Nice article but I noticed an error regarding FDIC insurance. FDIC only protects bank accounts from bank failure, not from theft.

mbutts is correct. But I think you will find that your accounts are protected. Most banks, credit unions, and brokerage firms have theft insurance that covers everything that you might loose. It may be a hassle if something is stolen, but you won’t be out any cash. Some brokerage firms will supply you with a special card that generates a random number every time you try to make an on-line transaction. Only the holder of the special card and the brokerage firm knows the number. This is especially good if you are traveling. And my bank will send me an Email and/or text message for any withdrawal over an amount I set. They do the same for my credit card, plus every credit card transaction over the internet. This often prevents a theft, because many time a thief will try a small transaction, to see if it goes through, before attempting a major one.

After one of the last big on-line theft scares, I called all my banks and brokerage firms to discuss the issue, and came away satisfied. I suggest you do the same.

Based on what I have read on this thread (especially since I have Win 7 64 bit and Office 2007), I will put the installation of EMET 5 on hold.

Harry

Reply | Quote

mbutts is correct. But I think you will find that your accounts are protected. Most banks, credit unions, and brokerage firms have theft insurance that covers everything that you might loose. It may be a hassle if something is stolen, but you won’t be out any cash. Some brokerage firms will supply you with a special card that generates a random number every time you try to make an on-line transaction. Only the holder of the special card and the brokerage firm knows the number. This is especially good if you are traveling. And my bank will send me an Email and/or text message for any withdrawal over an amount I set. They do the same for my credit card, plus every credit card transaction over the internet. This often prevents a theft, because many time a thief will try a small transaction, to see if it goes through, before attempting a major one.

After one of the last big on-line theft scares, I called all my banks and brokerage firms to discuss the issue, and came away satisfied. I suggest you do the same.

Based on what I have read on this thread (especially since I have Win 7 64 bit and Office 2007), I will put the installation of EMET 5 on hold.

Harry

Consumer accounts get protection, business banks accounts are not protected from hacking. They are protected if the bank goes belly up, you are NOT protected if someone gains your credentials and hacks into your bank account.

Please be aware of where we are at risk. We are NOT protected on a business bank account if someone gains credentials and transfers funds. Business bank accounts do NOT have the same protection as a consumer account.

Reply | Quote

I think more is needed in this article. If you’re going to recommend EMET, then you need to discuss in detail the kinds of common problems that will arise and how to deal with them. In my case, it was Excel on a Win 8.1.1 machine. Tried opening a longstanding file I had created, and EMET blocked it and rendered Excel unusable. Even after excluding Excel and rebooting, Excel reported problems and wouldn’t start. Uninstalling EMET and rebooting still didn’t work. Easiest solution: system restore.

Reply | Quote

Highstream, I agree with you. It’s an excellent introduction to EMET 5.0, but a detailed discussion of common problems should be included along with instructions on dealing with them.

You may wish to look at the thread I started when IE 11 stopped working after I loaded EMET 5.0. There are links to sites dealing not only with problems arising in IE 11, but also to problems with 12 other programs after upgrading to EMET 5.0. The 12 other programs include ones from MS Office.

Hopefully, Susan will follow up her excellent introduction with an article dealing in detail with common problems arising after upgrading to EMET 5.0. For now I’m going to wait before reloading EMET 5.0.

Best of luck,

Charles

Reply | Quote

Highstream, I agree with you. It’s an excellent introduction to EMET 5.0, but a detailed discussion of common problems should be included along with instructions on dealing with them.

You may wish to look at the thread I started when IE 11 stopped working after I loaded EMET 5.0. There are links to sites dealing not only with problems arising in IE 11, but also to problems with 12 other programs after upgrading to EMET 5.0. The 12 other programs include ones from MS Office.

Hopefully, Susan will follow up her excellent introduction with an article dealing in detail with common problems arising after upgrading to EMET 5.0. For now I’m going to wait before reloading EMET 5.0.

Best of luck,

Charles

PS
Susan, I’m currently using the free versions of AVAST, MBAM,
and Super Antispyware.

Reply | Quote

I’ll have to test with various antivirus as some of these are pointing to Comodo and MBAN as not cooperating with EMET. Hang loose for a follow up.

Reply | Quote

Not sure where you heard about Business Accounts not being insured but they ARE covered by FDIC.

“Business Accounts
In general, business accounts receive $250,000 in FDIC insurance. This includes municipalities.

Please note, however, that funds owned by a business that is a sole proprietorship are NOT insured under this category. Rather, they are insured as the single account funds of the person who is the sole proprietor. So, funds deposited in the sole proprietorship’s name are added to any other single accounts of the sole proprietor and the total is insured to a maximum of $250,000 in interest-bearing accounts.”

https://www.fdic.gov/consumers/consumer/information/fdiciorn.html
http://www.tdbank.com/bank/fdic_insurance.html

Reply | Quote

Not sure where you heard about Business Accounts not being insured but they ARE covered by FDIC.

“Business Accounts
In general, business accounts receive $250,000 in FDIC insurance. This includes municipalities.

Please note, however, that funds owned by a business that is a sole proprietorship are NOT insured under this category. Rather, they are insured as the single account funds of the person who is the sole proprietor. So, funds deposited in the sole proprietorship’s name are added to any other single accounts of the sole proprietor and the total is insured to a maximum of $250,000 in interest-bearing accounts.”

https://www.fdic.gov/consumers/consumer/information/fdiciorn.html
http://www.tdbank.com/bank/fdic_insurance.html

If the bank goes belly up yes. If you get defrauded, no. So if a hacker gains your credentials, does an online transfer to an offshore account, the bank is in no way (USA rules here) to cover the theft.

Reply | Quote

Just installed EMET 5 after reading this today. Immediately Internet Explorer will not open. It tries to but it says “IE (not responding) and closes. Google Chrome opened fine but I primarily use IE on this Windows 7 machine. I am not an IT pro so I uninstalled EMET 5. Thankfully, IE is now working again. ANY SOLUTIONS TO GET IT TO WORK? I would like to have it on my system.

Reply | Quote

Just installed EMET 5 after reading this today. Immediately Internet Explorer will not open. It tries to but it says “IE (not responding) and closes. Google Chrome opened fine but I primarily use IE on this Windows 7 machine. I am not an IT pro so I uninstalled EMET 5. Thankfully, IE is now working again. ANY SOLUTIONS TO GET IT TO WORK? I would like to have it on my system.

To make Internet Explorer 11 to work with EMET 5 I had to:
Open up EMET 5.
Click on the apps button
For iexplore.exe, uncheck the box in the SimExecFlow column
Click on the OK button.

Jerry

Reply | Quote

Here’s a review of what EMET does — and why and when Windows users should run it on business and personal systems.

This is on Win 7 pro SP1 32-bit. I thought to give EMET a try, but the installer said I must first install .Net 4.0. Two problems with that…..(1) I already have .net 4.0 installed and both Secunia and FileHippo report it as up-to-date, and (2) .net currently offers 4.5.2, so quite different really.

None of the above gives me much confidence in .Net (just as you say yourself). Nor EMET. Any comments ?

Reply | Quote

This is on Win 7 pro SP1 32-bit. I thought to give EMET a try, but the installer said I must first install .Net 4.0. Two problems with that…..(1) I already have .net 4.0 installed and both Secunia and FileHippo regard it as up-to-date, and (2) .net currently offers 4.5.2, so quite different really.

None of the above gives me much confidence in .Net (just as you say yourself). Any comments ?

I was recently obliged to put in .net 4.5 for some software I needed. I was surprised to discover it took out all the old versions. So now I only have the one to update. It did need a batch of both important and optional updates but has been free of problems. As she notes, more recent versions have been better.

Reply | Quote

As it appears the EMET causes most problems with Internet Explorer does this mean that, if you don’t use IE as your default browser, it doesn’t actually do much or is it still protecting you in the background?

Reply | Quote

I installed EMET today and attempted to open MS Exel. Got the blue screen with the dump warning and my computer restarted. I tried opting out or disabling all four options under System Status. That did not work. Checked programs and found IE Explorer 11, MS Word, MS Exel, and Adobe Reader all crashed the system when I attempted to open them. Easiest solution was to uninstall the EMET program and wait for MS to fix it. I am running Win 7 Ultimate 64 Bit. I am forced to use Firefox because IE Explorer 11 does not work on my online banking sites and had to switch to the free Comcast Norton Security Suite because I could not upgrade or remove MS Security Essentials. I would not recommend anyone install EMET until the bugs are fixed.

Reply | Quote

After reading Susan Bradley’s column on installing EMET 5, I made haste to instal it. I ended up with a screen that matched Figure 3 of her column. That is as far as I have got. What do I do now. Is EMET 5 waiting for me to something, or am I waiting for it? Reading the manual does not help me. I find it totally incomprehensible and bewildering. As I cannot make out what is supposed to happen, I have uninstalled EMET 5 as I don’t like to have software that I cannot understand lurking on my computer. (Windows 7, 32-bit).

Reply | Quote

After reading Susan Bradley’s column on installing EMET 5, I made haste to instal it. I ended up with a screen that matched Figure 3 of her column. That is as far as I have got. What do I do now. Is EMET 5 waiting for me to something, or am I waiting for it? Reading the manual does not help me. I find it totally incomprehensible and bewildering. As I cannot make out what is supposed to happen, I have uninstalled EMET 5 as I don’t like to have software that I cannot understand lurking on my computer. (Windows 7, 32-bit).

+1. I don’t appear to have any issues, but I don’t know what (if anything) it’s doing.

Eliminate spare time: start programming PowerShell

Reply | Quote

It appears that EMET protects Microsoft products only. Oh, and Acrobat. We still use Windows 7 Pro on all of our systems. But over the years we have switched to FireFox, Open Office, and PDF Architect, and since Java is not installed in our browsers I assume that our Java use is rare to non-existant. (I’m always open to corrections!) The main reason I’ve done this is to avoid using those products which are so often targeted, and which EMET is now protecting.

So if EMET doesn’t protect our non-Microsoft products, does this mean that I am now at more risk than if I had stuck with IE, Office, and Acrobat Reader?

Reply | Quote

You can add protection to anything you consider would have a zero day. Add the exe file to the list.

Reply | Quote

If you want to try it again, I’d do a repair of Adobe (see http://community.spiceworks.com/topic/134868-adobe-acrobat-fatal-error-failed-to-connect-to-a-dde-server )

Reply | Quote

Also, I found IE11 was slow in opening up new tabs and another user of this forum made a post that disabling EAF+ mitigation would fix the problem. I disabled it and IE 11 opens new tabs quickly again.

Jerry

Reply | Quote

Lotta problems. Sounds like it’s not ready for prime time yet…

Reply | Quote

:D:D

Lotta problems. Sounds like it’s not ready for prime time yet…

After spending a lot of time Googling and Binging EMET 5.0, I have to agree with you, Backspacer. I had no problems with previous versions, but EMET 5.0 appears to be a cat of another stripe.

Reply | Quote

With a name like Enhanced Mitigation Experience Toolkit, it’s no wonder most people would think EMET was a tool for enterprise IT. Ask somebody who never heard of it “what is it?” and you’d probably get mostly blank stares. Experience? What experience? I mean, if MS wants people to use this useful tool, why don’t they like, tell people about it – other than enterprise ITs.

Reply | Quote

Cubicle rats do tend to have myopia. I’m sure it means something within their little work group. They probably spent a ton of money (employee time = money) coming up with that name and I’m sure they are quite proud of it.

Reply | Quote

I gave EMET a try and it blocked the AddInTools Office Classic Menus add-in that I use in Outlook, Word and Excel. This is a perfectly reliable and useful add-in, so I’m not sure why it got nixed by EMET. Not only did EMET block the add-in, it caused all those Office programs to crash every single time they started, without any error messages. Because EMET did not raise it’s hand and say “Oi! I’ve blocked this add-in”, it took me a while to realise it was the culprit, and not the add-in itself. What a pain.

Reply | Quote

You might want to look at the EMET 5.0 Feedback Program @ the Microsoft Connect site. Also, see EMET mitigations guidelines and EMET support @ TechNet.

Joe

--Joe

Reply | Quote

	TOP STORY Enhance Windows’ online security with EMET 5
	By Susan Bradley Microsoft recently updated its Enhanced Mitigation Experience Toolkit, a free application that can protect you from dangerous zero-day attacks. Here’s a review of what EMET does — and why and when Windows users should run it on business and personal systems.

---

The full text of this column is posted at http://windowssecrets.com/top-story/enhance-windows-online-security-with-emet-5/ (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

EMET wouldn’t install on my win7, 64bit computer, Avast free anti virus disabled. gives error 2738, which apparently is a msi error. web search didn’t reveal any easy fix for it. Or, any reliable fix at all.

Reply | Quote

I tried to install EMET on an up to date W7 machine, but EMET says NET 4.0 is required. Well the last updates I did were for NET 4.0. Programs and Features shows Microsoft .NET Framework 4 Client Profile installed 1/14/12 with a version number 4.0.30319 showing. Where do I go from here?

Reply | Quote

I installed EMET 5 and it caused my Microsoft Office 360 installation to crash. I did not initially suspect EMET, tried to repair Office. This did not work, so I reinstalled Office 365. This did not work either. After doing some more Internet search, I suspected EMET, uninstalled it, and bingo, Office works again! I subsequently found more complaints on the Internet about EMET. So, you might want to reconsider your recommendation.

Hellmut Golde

Reply | Quote

Susan writes:
It can also prevent websites not listed in IE’s Trusted sites zone from running numerous scripting languages within the browser — languages such as Java, MS Vector Markup Language, MS XML Core Services, Windows Script Host runtime, and MS Scripting runtime.

I use Firefox rather than IE, but had the feeling it would be advisable to add regularly used sites to the IE Trusted Zone – a tedious process – to gain added protection for FF, but then she states at the end of her article that if IE is not the default browser there should be few side effects with EMET, implying there would be little benefit either.

So now I am confused, is IE with EMET the safest browser, or is FF still sufficient? I’m reluctant to change browsers, but if IE is now noticeably more secure, should do so.

PS. An afterthought. Presumably EMET should be added to the programmes which open at start up, which is probably why I have never had any problems with it.

Reply | Quote

Installed EMET 5.0 on Win7-64 Pro machine no problem, and selected the “Recommended” settings during setup. Unfortunately, EMET would not allow any of my MS Office 2010 apps (Word, Excel, Visio) to open. EMET notified with a SimExecFlow mitigation error. Why on earth doesn’t a MS security tool allow the basic Office apps to run with the standard settings? Think I’ll uninstall EMET as I can’t afford to have my primary work apps down or to be worrying about what app I haven’t needed to use yet will be blocked.

Reply | Quote

QUESTION:Can EMET5 be used together with Malwarebytes Anti-Exploit???????And if yes,should it be?Is it useful?
Would appreciate an answer from someone who knows more about these things than I do(which includes almost everyone).
Thank you!

Reply | Quote