Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Opinion of Microsoft "Enhanced Mitigation Experience Toolkit"


  • Please log in to reply
9 replies to this topic

#1 GoshenBleeping

GoshenBleeping

  • Members
  • 264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 AM

Posted 16 December 2015 - 09:06 PM

My system:  Windows 7 Home Premium, 64 bit, SP1
 
Is the Microsoft Enhanced Mitigation Experience Toolkit a worthwhile enhancement to computer security? Or is installing this a waste of time? What experience do folks have with this package?
Thank you.

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:34 AM

Posted 16 December 2015 - 10:55 PM

Microsoft's Enhanced Mitigation Experience Toolkit (EMET) is an anti-exploit tool released by Microsoft. A lot of malware nowadays arrive via exploit kits, so it is worth using if you do not have an another anti-exploit tool present.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:34 AM

Posted 17 December 2015 - 08:53 AM

EMET Resources


However, EMET Security Technology is not impenetrable...


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 philfil

philfil

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:34 AM

Posted 17 December 2015 - 10:07 AM

I have recently installed EMET v5.2 on a Windows 7 machine and have previously used the free version of Malwarebytes anti-exploit (MBAE). I have never encountered an exploit so I can't say much about how worthwhile they are. Both run quietly in the background and require little attention.  However, EMET has more configuration options than MBAE and, if you decide to use it,  I would advise sticking to the Microsoft guidelines. In particular, don't use it to protect system files as doing that could end in disaster. They are intended to protect applications which "face the internet", such as web browsers, Java, and Adobe and email clients. EMET allows you to install a list of popular software which might need to be protected against exploits.



#5 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:03:34 AM

Posted 17 December 2015 - 10:08 AM

quietman7,

 

         Isn't that always the way?

 

         Computer security is an endless game of cat and mouse, or at least that's my observation.  In addition to taking all the usual "reasonable precautions" what I try to get across to my clients is that their personal behavior, particularly web surfing behavior, is one of the primary ways to keep their computer safe.

 

         Most disasters I have to clean up aren't the result of something sneaking in, at least in any fully conventional sense, but of being "indirectly invited" in.  Surfing hygiene can do a lot to prevent quite a bit of this, as can resisting the urge to download things that you have no idea at all about what they are.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:34 AM

Posted 17 December 2015 - 11:25 AM

I totally agree britechguy.

The user is the first and last line of defense. Unfortunately, it as been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.No amount of security software is going to defend against today's sophisticated malware writers for those who do not practice safe computing and stay informed. Knowledge and the ability to use it is the best defensive tool anyone can have.

Security begins with personal responsibility and following Best Practices for Safe Computing.

The end user needs to constantly educate themselves which includes staying informed about the latest malware threats and those recommendations by security experts on how to protect themselves. If they are an employee of an organization, that also means following policy and procedures for the use of computer equipment and related resources implemented by the agency IT Department.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:02:34 AM

Posted 17 December 2015 - 12:04 PM

With the advent of usb sticks, pancake-thin external HDs, it's much easier to accidentally or intentionally introduce un-wanted stuff into a desktop or laptop.  Again, as Quietman7 posted, the end-user is the largest and most important component of security.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 18 December 2015 - 02:33 PM

I use EMET on my machines and I recommend it. It will protect some applications like IE, MS Office, ...

You need to check the configuration to see what applications are protected on your machine, and you can add missing applications you want to protect.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 18 December 2015 - 02:33 PM

I have never encountered an exploit so I can't say much about how worthwhile they are. Both run quietly in the background and require little attention.

 

Many mitigation techniques implemented by EMET are preventative, e.g. they will not trigger an alert when they prevent an exploit.

For example, with the heap spray mitigation, and exploit will just fail, and that could result in an application crash. But EMET will not display a message to tell you that it prevented an heap spray attack.


Edited by Didier Stevens, 18 December 2015 - 02:37 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 philfil

philfil

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:34 AM

Posted 18 December 2015 - 04:02 PM

Many mitigation techniques implemented by EMET are preventative, e.g. they will not trigger an alert when they prevent an exploit.

 

That's interesting. I have done what I can to test EMET using the Malwarebytes anti-exploit test and also the HitmanPro.Alert test. The results are not entirely transparent, but EMET always appears to respond in some way - usually by an alert about an EAF mitigation. If it does extra things without alerting, I am even more impressed.

 

With regard to the original question, my limited experience leans me towards recommending  EMET simply because it provides basic protection and does so quietly in the background. Instead of arresting the burglar, it locks the doors.


Edited by philfil, 19 December 2015 - 04:00 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users