EMET v3.0 – What’s New and How To Set It Up

Microsoft has released version 3.0 of EMET (Enhanced Mitigation Experience Toolkit), a must-have security tool for Windows. To summarize my previous post on EMET, it is a lightweight exploit mitigation tookit that forces programs to make use of modern security techniques – simply put it makes programs more secure. This guide will show you how to set EMET up to secure your Windows system without infringing on your program compatibility. I highly recommend you follow this guide and set EMET up accordingly. I’ve included screenshots to make this guide as clear as possible.

The major changes in EMET 3.0 are the new pre-made profiles and the notifier. EMET will now give a notification when it detects an exploit and you can read about the new pre-made profiles later down the page. You can disable the notifier through msconfig.exe or exit it by clicking the EMET icon in your system tray. I suggest you keep it on unless you’re running on a very old system.

EMET has two main interfaces: one to deal with system wide settings and one to deal with application specific settings.

System Settings:

When you open up EMET you’ll see:

Click “Configure System” and you’ll be brought here: (Your settings will look different)

My suggested configuration is:

DEP: Always On

SEHOP: Always On

ASLR: Opt In

What this means is that all programs will be forced to use DEP and SEHOP and programs have the ability to opt into using ASLR. If you are noticing instability you can change the DEP setting to “Opt-Out” but I strongly recommend you try Always On first. SEHOP can only be set to “Opt-Out” on Windows 7.

That’s all it takes to set EMET up system wide. (And a system reboot, which you can do after following the rest of this guide.)

Note: ATI Drivers 12.6+ are now ASLR compatible. You may want to give ASLR Always On a try!

Application Specific Settings:

EMET 3.0 makes securing individual programs incredibly easy. Click the “Configure Apps” button on the bottom right of the EMET GUI.

You’ll see this:

Go to File -> Import and navigate to /Program Files(86)/EMET/Deployment/Protection Profiles/all.xml and open it through EMET.

This will add a large list of programs, already configured, to your EMET list. You can change this up if you like but right away your system is much more secure. The default settings seem to cover the most important areas.

If you want to add another program just click “Add” and navigate to the .exe.

The highlight of the preconfigured .xml is that all Java executable files as well as your browser and browser plugins are configured to use EMET. These are the most commonly exploited areas of the operating system.

You may receive a notification from the EMET Notifier. A new feature to 3.0 that lets you know which mitigation was just used to prevent an exploit.

 

 

 

That’s all there is to it. This should take just a few minutes (including time to download) and it’s the first step to securing Windows.

Tip: If you notice an EMET’d program acting out try disabling EAF. It can cause issues.

You can download EMET from:

https://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx?Redirected=true

Sources:

http://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx

About these ads

Tags: , , , , , , , , , , , ,

About insanitybit

Novice programmer interested in computer security. I'll use this blog when I'm bored to post about things I find interesting in that field.

7 responses to “EMET v3.0 – What’s New and How To Set It Up”

  1. Paul Coddington says :

    Check the default profiles suit your machine before applying – they will install entries for multiple versions of applications, but not necessarily the ones you have. For example, the default profiles cover Java 6, not Java 7.

    Also note that applications residing in user profiles (such as Google Chrome, blu, SkyDrive) need to be redefined in XML files with wildcard paths to apply to all users (export your settings to XML and review, then reimport to be sure).

  2. perknh says :

    SaltySam56 at Microsoft’s TechNet asked the question best: “I just down loaded EMET 3 Process 2540 Audiodg has a ? mark in DEP. What does that mean? All the others have a green check mark.”

    I, too, am stumped. Is there an explanation and a remedy for this? I can’t find that I even have an Audiodg file, but I must have one somewhere, I figure!

    Thank you.

    • insanitybit says :

      There are two potential possibilities I see here:
      1) Audiodg is a Windows service meant to host other third party audio services. It provides what’s called DRM, which is essentially copyright protection. Part of this copyright protection may prevent EMET from working properly or at all with it.

      2) Because Audiodg is a host process that may be causing issues with reporting.

      • perknh@gmail.com says :

        Thank you, and thank you for your blog. I followed your instructions, and my computer is now safer than it was before. I guess I’ll just leave Audiodg alone. I’m making the assumption that all this is to help one’s computer against a possible zero-day attack. I don’t know if having Panda Cloud Antivirus, or even clunky, old- fashioned Threat Fire, would be any more helpful than using EMET’s graphical tool.

        Again thanks for your instructions, insights, and response.

      • insanitybit says :

        Always happy to help. Yes, this is all to help your system stay secure by making vulnerabilities more difficult to exploit. Panda Cloud is a nice AV, they usually do pretty well. ThreatFire is no longer supported I believe so you may want to move to Mamutu but that’s not something I’d know too much about, I haven’t looked into just how effective it would all be.

      • perknh says :

        I’ll look into Mamutu — never heard of it before. Truth be known I’m counting on MSE, Norton’s free DNS, Secunia, and my beloved Chrome browser to help me keep this computer out of mischief. And now I’ve got EMET too! The next leap in security will have to be to skip Windows 8, and instead go to a full install of Linux’ Pepperment OS. That’s probably the simplest and safest bet of all. But, of course, Chrome browser works the best in Windows.

        Thank you.

      • insanitybit says :

        Linux is definitely where you want to go if security is a priority. Its a matter of graphics drivers for chrome but because of ChromeOS they’ve made serious performance improvements to the browser on Linux.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: