Acheron Posted January 18, 2016 Share Posted January 18, 2016 (edited) I have uninstalled EMET 5.0 as I see no use for it. Most options are not supported on Windows XP anyway. BTW, EMET is not a security monitoring tool. It allows you to apply some security enhancements to programs like randomizing memory addresses and disallowing specific calls. You have to explicitly enable monitoring specific applications. By default EMET does not protect any running processes. Edited January 31, 2016 by Acheron Link to comment Share on other sites More sharing options...
Acheron Posted January 31, 2016 Share Posted January 31, 2016 I noticed the comments in the thread on RyanVM are not available anymore. I had some remarks about the latest certificate changes added by Microsoft, while Google chooses to distrust these certificates instead. You can read about it here: http://www.wilderssecurity.com/threads/rcc-check-your-systems-trusted-root-certificate-store.373819/page-8#post-2558843 Maybe something interesting to try if you are security minded is installing Malwarebytes Anti-Exploit. It is similar to EMET, but much easier to use, as you don't have to specify processes yourself. Another option is Hitman Pro Alert. Both programs still support Windows XP. Link to comment Share on other sites More sharing options...
heinoganda Posted January 31, 2016 Share Posted January 31, 2016 (edited) @AcheronToday I had to change the links in my posts to the contribution in RyanVM Forum, because the origional contribution was no longer available. Apparently there were problems. In the event that Malwarebyte Anti-Exploit is used, would be interested to know what experiences have been made so respectively there was eventually problems with some programs. Edited January 31, 2016 by heinoganda Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted February 4, 2016 Share Posted February 4, 2016 (edited) Protection for I.E. scripting on MBAE:An example of testing with Exploit Test Tool (HPA3):With MBAE you can uninstall all of the .NET Framework. Edited February 4, 2016 by Sampei.Nihira Link to comment Share on other sites More sharing options...
Mcinwwl Posted February 4, 2016 Share Posted February 4, 2016 MBAE had some issues with my XP, preventing IE 8 and Firefox from running, but with new update problems seem to be gone. Link to comment Share on other sites More sharing options...
heinoganda Posted February 6, 2016 Share Posted February 6, 2016 First of all thanks for the info will, I install Malwarebytes Anti-Exploit times and taste over a longer period. Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted February 6, 2016 Share Posted February 6, 2016 (edited) Good choice: http://casual-scrutiny.blogspot.in/2016/02/cve-2015-2545-itw-emet-evasion.html Edited February 6, 2016 by Sampei.Nihira Link to comment Share on other sites More sharing options...
Acheron Posted February 6, 2016 Share Posted February 6, 2016 (edited) So to improve the security on your running system, you should install multiple products and have them actively monitoring your system as only running an Anti-Virus is not enough these days. This would mean running a good anti-virus software package, installing and configuring EMET for running processes plus an additional anti exploit package like MBAE and still be very suspicious when opening email documents or visiting webpages from unknown persons. Edited February 6, 2016 by Acheron Link to comment Share on other sites More sharing options...
heinoganda Posted February 6, 2016 Share Posted February 6, 2016 Either EMET or MBAE that behaves as if it has 2 virus scanners are installed simultaneously. In various tests, the programs bite. Link to comment Share on other sites More sharing options...
Dclem Posted February 6, 2016 Share Posted February 6, 2016 MBAE had some issues with my XP, preventing IE 8 and Firefox from running, but with new update problems seem to be gone.I discovered that when using EMET 4.1, It was necessary to disable deep hooks under the application settings. Otherwise, IE8 and firefox would not launch. Once the deep hooks were disabled, everything proceeded as normal. Link to comment Share on other sites More sharing options...
Dave-H Posted February 6, 2016 Author Share Posted February 6, 2016 I'm using EMET 4.1 Update 1, and just for the record, I have had to disable the EAF, MemProt, and StackPivot functions for Firefox to work properly, the EAF, LoadLib, MemProt, Caller, SimExecFlow, and StackPivot functions to get Google Chrome to work properly, and the LoadLib, MemProt, Caller, SimExecFlow, and StackPivot functions to get IE8 to work properly.If any of these are enabled, the browsers concerned either won't start properly, or keep crashing. Link to comment Share on other sites More sharing options...
Acheron Posted February 6, 2016 Share Posted February 6, 2016 (edited) Either EMET or MBAE that behaves as if it has 2 virus scanners are installed simultaneously. In various tests, the programs bite. I mentioned running both EMET and MBAE simultaneously might be a good idea, as the link Sampei.Nihira posted mentioned a security researcher who found an exploit that circumvented EMET protection mechanism. Luckily it was caught by MBAE. I assume the security researcher was running both programs at the same time. I have not tested running both programs at the same time myself, but I see no reason why you couldn't run both EMET and MBAE simultaneously. See also the following post on the Malware Bytes forum for an explanation about EMET and MBAE functionality and that they basically complement each other.: https://forums.malwarebytes.org/index.php?/topic/143156-any-extra-benifits-running-emet-with-mbae/#entry797279 Edited February 6, 2016 by Acheron Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted February 6, 2016 Share Posted February 6, 2016 It's possible. But it is necessary competence to disable the mitigations of 2 anti exploits and get a good symbiotic job. EMET 4.1U1 is very poor on Exploit Test Tool (HPA3): http://www.surfright.nl/en/downloads/ Link to comment Share on other sites More sharing options...
heinoganda Posted February 6, 2016 Share Posted February 6, 2016 (edited) @5eraphThanks for the info, I changed the link in my posts accordingly. @AcheronSo much the better, at least at an earlier time, there were often problems when both ran. Then I'm going to try a little bit, with both simultaneously in my VM. Edited February 6, 2016 by heinoganda Link to comment Share on other sites More sharing options...
Acheron Posted February 6, 2016 Share Posted February 6, 2016 You can also try HitmanPro.Alert It also supports Windows XP and if you click the link it shows a nice feature comparison sheet, listing regular Anti-Virus, EMET, MBAE, Traps and HitmanPro Alert features. Of course, this is only information from the manufacturer of HitmanPro.Alert, so I can't say anything about if the information is accurate. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now