Jump to content

EMET on up-to-date Windows XP


Dave-H

Recommended Posts

I have uninstalled EMET 5.0 as I see no use for it. Most options are not supported on Windows XP anyway.

 

BTW, EMET is not a security monitoring tool. It allows you to apply some security enhancements to programs like randomizing memory addresses and disallowing specific calls.

 

You have to explicitly enable monitoring specific applications. By default EMET does not protect any running processes.

Edited by Acheron
Link to comment
Share on other sites

  • 2 weeks later...

I noticed the comments in the thread on RyanVM are not available anymore. I had some remarks about the latest certificate changes added by Microsoft, while Google chooses to distrust these certificates instead. You can read about it here:

http://www.wilderssecurity.com/threads/rcc-check-your-systems-trusted-root-certificate-store.373819/page-8#post-2558843

Maybe something interesting to try if you are security minded is installing Malwarebytes Anti-Exploit. It is similar to EMET, but much easier to use, as you don't have to specify processes yourself. Another option is Hitman Pro Alert.

 

Both programs still support Windows XP.

Link to comment
Share on other sites

@Acheron

Today I had to change the links in my posts to the contribution in RyanVM Forum, because the origional contribution was no longer available. Apparently there were problems.

 

In the event that Malwarebyte Anti-Exploit is used, would be interested to know what experiences have been made so respectively there was eventually problems with some programs.

 

:)

Edited by heinoganda
Link to comment
Share on other sites

So to improve the security on your running system, you should install multiple products and have them actively monitoring your system as only running an Anti-Virus is not enough these days. This would mean running a good anti-virus software package, installing and configuring EMET for running processes plus an additional anti exploit package like MBAE and still be very suspicious when opening email documents or visiting webpages from unknown persons.

Edited by Acheron
Link to comment
Share on other sites

MBAE had some issues with my XP, preventing IE 8 and Firefox from running, but with new update problems seem to be gone.

I discovered that when using EMET 4.1, It was necessary to disable deep hooks under the application settings.  Otherwise, IE8 and firefox would not launch.   Once the deep hooks were disabled, everything proceeded as normal.

Link to comment
Share on other sites

I'm using EMET 4.1 Update 1, and just for the record, I have had to disable the EAF, MemProt, and StackPivot functions for Firefox to work properly, the EAF, LoadLib, MemProt, Caller, SimExecFlow, and StackPivot functions to get Google Chrome to work properly, and the LoadLib, MemProt, Caller, SimExecFlow, and StackPivot functions to get IE8 to work properly.

If any of these are enabled, the browsers concerned either won't start properly, or keep crashing.

:)

Link to comment
Share on other sites

Either EMET or MBAE that behaves as if it has 2 virus scanners are installed simultaneously. In various tests, the programs bite.

 

:)

 

I mentioned running both EMET and MBAE simultaneously might be a good idea, as the link Sampei.Nihira posted mentioned a security researcher who found an exploit that circumvented EMET protection mechanism. Luckily it was caught by MBAE. I assume the security researcher was running both programs at the same time.

 

I have not tested running both programs at the same time myself, but I see no reason why you couldn't run both EMET and MBAE simultaneously.

 

See also the following post on the Malware Bytes forum for an explanation about EMET and MBAE functionality and that they basically complement each other.:

 

https://forums.malwarebytes.org/index.php?/topic/143156-any-extra-benifits-running-emet-with-mbae/#entry797279

Edited by Acheron
Link to comment
Share on other sites

@5eraph

Thanks for the info, I changed the link in my posts accordingly.

 

@Acheron

So much the better, at least at an earlier time, there were often problems when both ran. Then I'm going to try a little bit, with both simultaneously in my VM.

 

:)

Edited by heinoganda
Link to comment
Share on other sites

You can also try HitmanPro.Alert

 

It also supports Windows XP and if you click the link it shows a nice feature comparison sheet, listing regular Anti-Virus, EMET, MBAE, Traps and HitmanPro Alert features. Of course, this is only information from the manufacturer of HitmanPro.Alert, so I can't say anything about if the information is accurate.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...