EMET 5.1 crashing IE 10
My IE 10 crashes with EMET 5.1 installed.
If I uninstall EMET 5.1, then IE10 works.
Anyone else having this problem?
Oddly, this problem only appears on some of my computers.
Problem *SEEMS* to be more prevalent when EMET is running with VMWare.
I'm using VMPlayer, and VMWare ESXi host.


From Application Event Log:

Log Name:      Application
Source:        Application Error
Date:          12/20/2014 7:32:58 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      <REMOVED>
Description:
Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time
stamp: 0x546ebc2a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x71b0036c
Faulting process id: 0x240c
Faulting application start time: 0x01d01cb5a4c23929
Faulting application path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE
Faulting module path: unknown
Report Id: e8e88609-88a8-11e4-92c9-001744792dbc
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-12-21T00:32:58.000000000Z" />
    <EventRecordID>7549</EventRecordID>
    <Channel>Application</Channel>
    <Computer><REMOVED></Computer>
    <Security />
  </System>
  <EventData>
    <Data>IEXPLORE.EXE</Data>
    <Data>10.0.9200.17183</Data>
    <Data>546ebc2a</Data>
    <Data>unknown</Data>
    <Data>0.0.0.0</Data>
    <Data>00000000</Data>
    <Data>c0000409</Data>
    <Data>71b0036c</Data>
    <Data>240c</Data>
    <Data>01d01cb5a4c23929</Data>
    <Data>C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE</Data>
    <Data>unknown</Data>
    <Data>e8e88609-88a8-11e4-92c9-001744792dbc</Data>
  </EventData>
</Event>



Below is the entry from EMET itself:

Log Name:      Application
Source:        EMET
Date:          12/20/2014 6:16:45 PM
Event ID:      2
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      <REMOVED>
Description:
EMET detected EAF mitigation and will close the application: IEXPLORE.EXE

EAF check failed:
  Application     : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  User Name     : <REMOVED>
  Session ID     : 1
  PID         : 0x2014 (8212)
  TID         : 0x2018 (8216)
  Module     : N/A
  Mod Base     : 0x00000000
  Mod Address     : 0x71B0036C
  Mem Address     : 0x00000000

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="EMET" />
    <EventID Qualifiers="0">2</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-12-20T23:16:45.000000000Z" />
    <EventRecordID>7548</EventRecordID>
    <Channel>Application</Channel>
    <Computer><REMOVED></Computer>
    <Security />
  </System>
  <EventData>
    <Data>EMET detected EAF mitigation and will close the application:
IEXPLORE.EXE

EAF check failed:
  Application     : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  User Name     : <REMOVED><REMOVED>  Session ID     : 1
  PID         : 0x2014 (8212)
  TID         : 0x2018 (8216)
  Module     : N/A
  Mod Base     : 0x00000000
  Mod Address     : 0x71B0036C
  Mem Address     : 0x00000000
</Data>
  </EventData>
</Event>
December 21st, 2014 3:49am

Did you try if the problem remains if you start Internet Explorer with the '-extoff' parameter? Maybe there is a difference in the installed extensions between the computers.

Uninstalling EMET 5.1 is the most drastic 'solution' for your problem. You could delete the Internet Explorer application from the list of apps but this would disable the other protections for IE. You can also disable the EAF mitigation on the problem system specifically to solve your problem.

I agree with you that EMET causes more problems on virtual systems.

Free Windows Admin Tool Kit Click here and download it now
December 21st, 2014 4:14pm

Tried it just now by going to c:\program files\internet explorer
Then I typed: iexplore -extoff

Still getting the same error.

I closed all applications, and then disabled all mitigations for internet explorer inside EMET, but I'm afraid that the problem persists, even after trying -extoff again.

December 22nd, 2014 6:20am

Maybe your virus scanner is conflicting with EMET. According to this post Comodo Antivirus seem to cause problems with EMET. The DeepGuard functionality of F-Secure virus scanner  is also incompatible EMET according to this post.

Free Windows Admin Tool Kit Click here and download it now
January 1st, 2015 11:01pm

Thanks for looking further into this, however, I intend to keep Comodo AV for the foreseeable further.

Hopefully future versions of EMET and Comodo will be compatible with each other.

Thanks.

January 5th, 2015 12:19am
According to this post 'Re: EMET 5.1 with CIS 8?' EMET 5.1 seems to work with CIS8. If your version isn't working can you upgrade? If not maybe you can contact Comodo support if they have a patch. You can also send an email to emet_feedback@microsoft.com or leave your feedback through Microsoft Connect for EMET (https://connect.microsoft.com/emet/Feedback).
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2015 1:53am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics