Jump to content

EMET on up-to-date Windows XP


Dave-H
 Share

Recommended Posts

@Dave-H

 

Actually, I work a lot with WinRAR, but so far I have had no problems with WinRAR 4.20 more with the initial versions of the 5 Series. The thing I had to general notice again and again that when some hardware problems arise, particularly when packing where much computing power is needed and some hardware comes into stumble. Have here a slightly overclocked hardware that works very very stable when it is required.

 

:)

Link to comment
Share on other sites


 

Just for reference I am running EMET 5.0 without any issues on my system. Why don't you upgrade to this version instead of using old EMET 4.1?

 

I did have some problems with versions later than 4.1, and the departed hmuellers did warn that versions later than 4.1 might have problems under XP.

The main issues were the Trust button not working, which I've since fixed, and the tray icon not working, which is important as it provides error popups if the program detects a problem.

Now I've fixed the former problem I might try version 5.0 again (later versions had other issues).

:)

 

EMET 5.0 is the last one compatible with Windows XP. The tray icon seems to be working fine on my system. It showed a pop-up when it blocked a call from Daemon Tools Lite.

Link to comment
Share on other sites

@Dave-H: You can update 7-zip on XP SP3 by simply susbstituting all files and subdirs by the newer ones, while booted from one of your other OSes. Or you can use the installer. Anyway, I guarantee you v. 15.14 works beautifully on XP SP3.

Link to comment
Share on other sites

An ambiguous situation:

- CertTrust.xml from Emet 5.2 is dated 15.03.04, and the rules expire on 16.08.01

- CertTrustUpd.xml by MicrosoftEasyFix51012.msi downloaded 16.01.15 is dated 15.09.02, however, the rules expire on 15.08.01 (that have already expired).

 

Regards

Link to comment
Share on other sites

Yes, you're absolutely right.

I got heinoganda's files installed finally, and yes, the rules in the "Easy Fix" have actually all expired!

:no:

Edited by Dave-H
Link to comment
Share on other sites

I've looked at the latest versions of EMET, 5.2 and 5.5 beta, and they seem to use a completely different system for their rules.

In fact I believe that they download updates to them automatically from Microsoft (as you would expect!)

There is no file in their installers that can be imported into earlier versions as far as I can see.

EMET 5.0 and 5.1 are supposedly still supported (until July 12th this year), so quite how you're supposed to keep them up to date when the rules in the latest "Easy Fix" file seem to have already expired is a bit of a mystery!

Anyway, fortunately i had saved my configuration, so I've restored that.

The rules I've got (from EMET 5.2 which someone helpfully posted their export of) still expire on August 1st though, so what happens then?

:)

Link to comment
Share on other sites

@Dave-H

 

Let's see if the medicine works (from EMET 5.5), Expires 09/01/2017.

 

Download: Trusted.rar

 

Unfortunately needed EMET 5.5 .NET Framework 4.5. Extract I do with the following command

msiexec /a "XXXXX.msi" /qn TARGETDIR="X:\XXXXXX"

earlier still on the target drive to create the appropriate folder.

 

:)

Edited by heinoganda
Link to comment
Share on other sites

Wow, thanks heinoganda, that all works perfectly!

:thumbup

Even the downloaded file worked fine with my ancient copy of WinRAR this time, so I assume you compressed it differently.

 

When I extracted the files from the 5.5 installer with Universal Extractor I couldn't see any CertTrustUpd.xml file in there.

Did you make it yourself from the other xml files?

 

Do you think there is any advantage in updating to EMET 5.0 over 4.1?

I'm willing to give 5.0 another try if you think it is, although I found that the tray icon didn't work when I tried it before.

 

Cheers and thanks again, Dave.

:)

Link to comment
Share on other sites

@Dave-H

 

I'm just tinkering at the EMET 5.0, because the installer routine is faulty, is almost ready. There are no more manual entries in the registry needed with current Cert Trusted. :whistle:  Then another of your link "EMET 05-02-2015.xml" where I still adapting.

 

How do I extract I have explained in my post.

 

msiexec /a "XXXXX.msi" /qn TARGETDIR="X:\XXXXXX"

 

@all

 

If you are interested at a error-corrected respectively updated Cert Trusted (valid until 09/01/2017) installation from  EMET 4.1 / 5.0 for Windows XP, please PM.

 

:)

Edited by heinoganda
Link to comment
Share on other sites

sorry if my observations are totally noob and a little out of sync ... there's alot in this thread to catch up on

 

this article (https://www.winhelp.us/microsoft-emet.html) claims EMET 5.2 installs and works in XP-sp3, but it requires a working .NET 4

 

I seem to recall prior posts talked of removing .NETs, which if that's the case that might be causing a problem with EMET 5.2 installation

Link to comment
Share on other sites

sorry if my observations are totally noob and a little out of sync ... there's alot in this thread to catch up on

 

this article (https://www.winhelp.us/microsoft-emet.html) claims EMET 5.2 installs and works in XP-sp3, but it requires a working .NET 4

 

I seem to recall prior posts talked of removing .NETs, which if that's the case that might be causing a problem with EMET 5.2 installation

EMET 5.1 and EMET 5.2 install fine. However using it and trying to protect a process results in the entrypoint not found error as mentioned here: http://www.wilderssecurity.com/threads/emet-enhanced-mitigation-experience-toolkit.344631/page-33#post-2426312

 

To fix this we need something like KernelEx for Windows XP to implement the missing functions. EMET 5.0 and newer require .NET 4.0 to be installed and fully functional.

Link to comment
Share on other sites

From EMET 5.1, there are several problems such as "The procedure entry point fopen_s Could not be located in the dynamic link library msvcrt.dll.", The programs that are registered in the apps are not displayed under running processes such as in the previous versions, which are not the only problems. Whether because EMET is still functioning properly very questionable.

 

The version 5.5 is good for getting around the current Trusted Cert.  :D

 

:)

Link to comment
Share on other sites

Indeed so!

I'm now running EMET 5.0 with the rules from 5.5, and it appears to be working fine, so I see no point in trying to use later versions that are probably not working properly under Windows XP, which is not something you want to risk with a security monitoring program of course!

:)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...