EMET v3.0 – What’s New and How To Set It Up

Microsoft has released version 3.0 of EMET (Enhanced Mitigation Experience Toolkit), a must-have security tool for Windows. To summarize my previous post on EMET, it is a lightweight exploit mitigation tookit that forces programs to make use of modern security techniques – simply put it makes programs more secure. This guide will show you how to set EMET up to secure your Windows system without infringing on your program compatibility. I highly recommend you follow this guide and set EMET up accordingly. I’ve included screenshots to make this guide as clear as possible – setup for 3.0 is just a few minutes.

The major changes in EMET 3.0 are the new pre-made profiles, which make setup easier, and the notifier. EMET will now give a notification when it detects an exploit and you can read about the new pre-made profiles later down the page. You can disable the notifier through msconfig.exe or exit it by clicking the EMET icon in your system tray. I suggest you keep it on unless you’re running on a very old system.

EMET has two main interfaces: one to deal with system wide settings and one to deal with application specific settings.

System Settings:

When you open up EMET you’ll see:

Click “Configure System” and you’ll be brought here: (Your settings will look different)

My suggested configuration is:

DEP: Always On

SEHOP: Always On

ASLR: Opt In

What this means is that all programs will be forced to use DEP and SEHOP and programs have the ability to opt into using ASLR. If you are noticing instability you can change the DEP setting to “Opt-Out” or back to “Opt-In” but I strongly recommend you try Always On first. SEHOP can only be set to “Opt-Out” on Windows 7.

That’s all it takes to set EMET up system wide. (And a system reboot, which you can do after following the rest of this guide.)

Note: ATI Drivers 12.6+ are now ASLR compatible. You may want to give ASLR Always On a try!

Application Specific Settings:

EMET 3.0 makes securing individual programs incredibly easy. Click the “Configure Apps” button on the bottom right of the EMET GUI.

You’ll see this:

Go to File -> Import and navigate to /Program Files(86)/EMET/Deployment/Protection Profiles/all.xml and open it through EMET.

This will add a large list of programs, already configured, to your EMET list. You can change this up if you like but right away your system is much more secure. The default settings seem to cover the most important areas.

If you want to add another program just click “Add” and navigate to the .exe.

The highlight of the preconfigured .xml is that all Java executable files as well as your browser and browser plugins are configured to use EMET. These are the most commonly exploited programs and hardening them is a critical step in securing your system.

You may receive a notification from the EMET Notifier. A new feature to 3.0 that lets you know which security mitigation was just used to prevent an exploit.

 

 

 

That’s all there is to setting up EMET. This should take just a few minutes (including time to download) and it’s the first step to securing Windows. I hope this guide helped.

Tip: If you notice an EMET’d program acting out try disabling EAF. It can cause issues.

You can download EMET from:

https://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx?Redirected=true

Note:

It is worth stating that just because you use EMET does not mean you can forego patching. While EMET is an incredible tool for securing Windows it is not a silver bullet, you must keep your system up to date.

Sources:

http://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx

8 thoughts on “EMET v3.0 – What’s New and How To Set It Up

  1. Check the default profiles suit your machine before applying – they will install entries for multiple versions of applications, but not necessarily the ones you have. For example, the default profiles cover Java 6, not Java 7.

    Also note that applications residing in user profiles (such as Google Chrome, blu, SkyDrive) need to be redefined in XML files with wildcard paths to apply to all users (export your settings to XML and review, then reimport to be sure).

  2. SaltySam56 at Microsoft’s TechNet asked the question best: “I just down loaded EMET 3 Process 2540 Audiodg has a ? mark in DEP. What does that mean? All the others have a green check mark.”

    I, too, am stumped. Is there an explanation and a remedy for this? I can’t find that I even have an Audiodg file, but I must have one somewhere, I figure!

    Thank you.

    • There are two potential possibilities I see here:
      1) Audiodg is a Windows service meant to host other third party audio services. It provides what’s called DRM, which is essentially copyright protection. Part of this copyright protection may prevent EMET from working properly or at all with it.

      2) Because Audiodg is a host process that may be causing issues with reporting.

      • Thank you, and thank you for your blog. I followed your instructions, and my computer is now safer than it was before. I guess I’ll just leave Audiodg alone. I’m making the assumption that all this is to help one’s computer against a possible zero-day attack. I don’t know if having Panda Cloud Antivirus, or even clunky, old- fashioned Threat Fire, would be any more helpful than using EMET’s graphical tool.

        Again thanks for your instructions, insights, and response.

        • Always happy to help. Yes, this is all to help your system stay secure by making vulnerabilities more difficult to exploit. Panda Cloud is a nice AV, they usually do pretty well. ThreatFire is no longer supported I believe so you may want to move to Mamutu but that’s not something I’d know too much about, I haven’t looked into just how effective it would all be.

          • I’ll look into Mamutu — never heard of it before. Truth be known I’m counting on MSE, Norton’s free DNS, Secunia, and my beloved Chrome browser to help me keep this computer out of mischief. And now I’ve got EMET too! The next leap in security will have to be to skip Windows 8, and instead go to a full install of Linux’ Pepperment OS. That’s probably the simplest and safest bet of all. But, of course, Chrome browser works the best in Windows.

            Thank you.

            • Linux is definitely where you want to go if security is a priority. Its a matter of graphics drivers for chrome but because of ChromeOS they’ve made serious performance improvements to the browser on Linux.

  3. Pingback: EMET - The Enhanced Mitigation Experience Toolkit » InsanityBit InsanityBit

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>