Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

Dave-H

EMET on up-to-date Windows XP

Recommended Posts

I have uninstalled EMET 5.0 as I see no use for it. Most options are not supported on Windows XP anyway.

 

BTW, EMET is not a security monitoring tool. It allows you to apply some security enhancements to programs like randomizing memory addresses and disallowing specific calls.

 

You have to explicitly enable monitoring specific applications. By default EMET does not protect any running processes.

Edited by Acheron

Share this post


Link to post
Share on other sites

I noticed the comments in the thread on RyanVM are not available anymore. I had some remarks about the latest certificate changes added by Microsoft, while Google chooses to distrust these certificates instead. You can read about it here:

http://www.wilderssecurity.com/threads/rcc-check-your-systems-trusted-root-certificate-store.373819/page-8#post-2558843

Maybe something interesting to try if you are security minded is installing Malwarebytes Anti-Exploit. It is similar to EMET, but much easier to use, as you don't have to specify processes yourself. Another option is Hitman Pro Alert.

 

Both programs still support Windows XP.

Share this post


Link to post
Share on other sites

@Acheron

Today I had to change the links in my posts to the contribution in RyanVM Forum, because the origional contribution was no longer available. Apparently there were problems.

 

In the event that Malwarebyte Anti-Exploit is used, would be interested to know what experiences have been made so respectively there was eventually problems with some programs.

 

:)

Edited by heinoganda

Share this post


Link to post
Share on other sites

Protection for I.E. scripting on MBAE:

Immagine.jpg

An example of testing with Exploit Test Tool (HPA3):

image.jpg

With MBAE you can uninstall all of the .NET Framework.

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites

MBAE had some issues with my XP, preventing IE 8 and Firefox from running, but with new update problems seem to be gone.

Share this post


Link to post
Share on other sites

First of all thanks for the info will, I install Malwarebytes Anti-Exploit times and taste over a longer period.

 

:)

Share this post


Link to post
Share on other sites

So to improve the security on your running system, you should install multiple products and have them actively monitoring your system as only running an Anti-Virus is not enough these days. This would mean running a good anti-virus software package, installing and configuring EMET for running processes plus an additional anti exploit package like MBAE and still be very suspicious when opening email documents or visiting webpages from unknown persons.

Edited by Acheron

Share this post


Link to post
Share on other sites

Either EMET or MBAE that behaves as if it has 2 virus scanners are installed simultaneously. In various tests, the programs bite.

 

:)

Share this post


Link to post
Share on other sites

MBAE had some issues with my XP, preventing IE 8 and Firefox from running, but with new update problems seem to be gone.

I discovered that when using EMET 4.1, It was necessary to disable deep hooks under the application settings.  Otherwise, IE8 and firefox would not launch.   Once the deep hooks were disabled, everything proceeded as normal.

Share this post


Link to post
Share on other sites

I'm using EMET 4.1 Update 1, and just for the record, I have had to disable the EAF, MemProt, and StackPivot functions for Firefox to work properly, the EAF, LoadLib, MemProt, Caller, SimExecFlow, and StackPivot functions to get Google Chrome to work properly, and the LoadLib, MemProt, Caller, SimExecFlow, and StackPivot functions to get IE8 to work properly.

If any of these are enabled, the browsers concerned either won't start properly, or keep crashing.

:)

Share this post


Link to post
Share on other sites

Either EMET or MBAE that behaves as if it has 2 virus scanners are installed simultaneously. In various tests, the programs bite.

 

:)

 

I mentioned running both EMET and MBAE simultaneously might be a good idea, as the link Sampei.Nihira posted mentioned a security researcher who found an exploit that circumvented EMET protection mechanism. Luckily it was caught by MBAE. I assume the security researcher was running both programs at the same time.

 

I have not tested running both programs at the same time myself, but I see no reason why you couldn't run both EMET and MBAE simultaneously.

 

See also the following post on the Malware Bytes forum for an explanation about EMET and MBAE functionality and that they basically complement each other.:

 

https://forums.malwarebytes.org/index.php?/topic/143156-any-extra-benifits-running-emet-with-mbae/#entry797279

Edited by Acheron

Share this post


Link to post
Share on other sites

@5eraph

Thanks for the info, I changed the link in my posts accordingly.

 

@Acheron

So much the better, at least at an earlier time, there were often problems when both ran. Then I'm going to try a little bit, with both simultaneously in my VM.

 

:)

Edited by heinoganda

Share this post


Link to post
Share on other sites

You can also try HitmanPro.Alert

 

It also supports Windows XP and if you click the link it shows a nice feature comparison sheet, listing regular Anti-Virus, EMET, MBAE, Traps and HitmanPro Alert features. Of course, this is only information from the manufacturer of HitmanPro.Alert, so I can't say anything about if the information is accurate.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...