If I add an application to EMET, how does it decide what protections to enable? Do I need to pick and choose which to enable, or does it somehow know a safe baseline to start from, and then I can add more protections if I want? Thanks

By default all protections are selected when you add an application and depending on the EMET version some protections are disabled by default. For EMET 4.1 this is the protection SEHOP and for EMET 5.0 these are EAF+ and ASR protections. Next you have to test the application. If a problem occurs (temporarily) remove the protections one by one until the application is functioning again. If possible enable the other protections again and test again until all possible protections are enabled.

OK thanks for that info.

I notice that Firefox was not in the list of applications until I imported the Popular Software profile. Is there any reason not to just import that list right off the bat if I install EMET on the rest of the computers in my household?

Thanks

Yes that is advisable but you should also test the added applications. We deployed EMET 4.1 to several computers and imported the popular software profile during the installation. This worked without any problems until a newer version chrome was released. Through emet_conf.exe we configured our clients to disable the caller protection.

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo 6 hours 18 minutes ago

See the EMET User's Guide for a description of the EMET commandline tool. For the incompatibilities of Google Chrome 35 I used this command trough our deployment tool:

EMET_Conf.exe" --set "*\Google\Chrome\Application\chrome.exe" -SEHOP -Caller

We don't use Group Policy's voor managing our computers with EMET and contacting many users to disable the protections through the EMET interface isn't an option.

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks for the info.

How do you use emet_conf.exe? When I click on it, it just opens and closes right away.

Why would you not just disable caller protection through the usual EMET interface?

• Edited by YoVincenzo Thursday, August 07, 2014 4:50 AM

OK thanks.