The Enhanced Mitigation Experience Toolkit is definitely not new but I recently realized that not too many people know about it – and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going into this direction – a little bit.
You can find all the necessary information on EMET here:
- That’s the article on our support website: The Enhanced Mitigation Experience Toolkit
- Here a TechNet blog post: New version of EMET is now available
- To download EMET v 2.1
- And a BlueHat session
Before you start, please make sure that you have the Bitlocker recovery key ready (you are running Bitlocker, don’t you?) or that you suspend Bitlocker for the time of the configuration as EMET might change your Data Execution Prevention settings, which change your bootloader, which invalidates the Bitlocker signature, which needs to be proven.
I always love to strengthen my policies and see when something breaks and how. I started to use it and it actually provides you a fairly straight-forward interface with what is running and in which state:
You can then configure your applications and define on which level you want them to be protected. It might then happen that this pops up:
I wont tell you which application it was but I was a little bit scared…
Anyway, if you did not use it yet, I think you should!
Roger
It is an interesting tool with a major lack of logging. No events (success/fail), no data for troubleshooting , nothing. So, you can not measure its effectiveness by, say, counting how many times it protected you Vs how many times it caused a crash for no reason.
And not enterprise-ready yet.
Hi Akis,
sorry for the delay in responding to you but I wanted to check back with the person who worte EMET. His answer basically is:
“It is true in the current version is difficult to distinguish between an app compat crash and a real attack. Next version has some logic to filter blocked attacks and report them to the user and eventlog.”
I hope this “helps”. I will try to make sure that I will blog when the next version of EMET is out.
Roger