EMET is a utility for System Administrators to help protect enterprise servers/client computers using application hardening, a security feature designed to prevent exploitation of various types of vulnerabilities in software applications. The utility has built-in support for enterprise deployment which enables Administrators to use Group Policy or System Center Configuration Manager to deploy, configure and monitor EMET installations across the enterprise environment.
What is the Enhanced Mitigation Experience Toolkit?
The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.
The Enhanced Mitigation Experience Toolkit
The Enhanced Mitigation Experience Toolkit (EMET) is a utility designed to help IT Professionals protect systems from common threats. EMET works by applying security mitigation technologies to arbitrary applications to block against exploitation through common attack vectors...
Video: Enhanced Mitigation Experience Toolkit
Introducing Enhanced Mitigation Experience Toolkit (EMET)
Microsoft Security Blog: Enhanced Mitigation Experience Toolkit
Application Hardening is the process to address application security weaknesses by implementing the latest software paches, hotfixes and updates, using the latest and secured versions of protocols and following procedures and policies to reduce attacks and system down time. The critical applications that need hardening are Web servers, email servers, DNS servers, etc.
What is Application Hardening
The HOSTS file is more of a legacy of early IP networks and was never really designed for large-scale blocking of unwanted sites. SpywareBlaster, PeerBlock and custom HOSTS files are better alternatives for blocking purposes.
CryptoPrevent can be used to lock down any Windows OS to prevent infection by the Cryptolocker ransomware which encrypts personal files and then offers decryption for a paid ransom. CryptoPrevent artificially implants hundreds of group policy object rules into the registry in order to block executables (*.exe, *.com *.scr and *.pif) and fake file extension executables in certain locations (i.e. %AppData%, %LocalAppData%, Recycle Bin) from running. This allows it to stop other malicious files in addition to Crypotolocker. You can also use Command Line Parameters and manually whitelist individual items or automatically whitelist all .exe files currently found in the locations that would be blocked. The changes can be reversed by re-running the tool and selecting Undo, then rebooting. The free version of CryptoPrevent permits manually checking for updates. CryptoPrevent Premium (a one-time charge) keeps CryptoPrevent up-to-date automatically with free updates for life and can be used on all your home computers. CryptoPrevent's home page explains the User Interface, Prevention Methodology, Whitelisting, Scripting and includes a section on Questions and Answers.