EMET Follow-up
EMET 5.2 Crashes Outlook 2013 when EAF enabled
Hi
I'm testing EMET 5.2 for deployment into our environment. However I've come across an issue which causes Outlook 2013 to crash when EAF is enabled.
The following is from the event log:
Faulting application name: OUTLOOK.EXE, version: 15.0.4711.1000, time stamp: 0x55091de4
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000005473b
Faulting process id: 0x1774
Faulting application start time: 0x01d078b41581d9d3
Faulting application path: C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 53710d64-e4a7-11e4-8277-60571871a781
Faulting package full name:
Faulting package-relative application ID:
Is there any way to have EAF enabled, or all good to leave it off the list?
Andrew
(Question moved from https://social.technet.microsoft.com/Forums/en-US/aeaa583e-b479-4189-a859-1b5cf58080b6/emet-52-crashes-outlook-2013-when-eaf-enabled?forum=w8itprosecurity)
Can't protect Edge with EMET
Hello
Please let me know if using EMET in conjunction with Edge is supported? I'm unable to run Edge with Emet together - I added Edge to protected lists, but it won't show up as "running Emet" at all.
Please let me know if this can be fixed
Emet on servers
Does it make sense to use Microsoft emet on server 2012r2/2016 core/nano?
Can you run emet with wow64 uninstalled on server?
If you could, would it help anything?
Windows 7 Backup Preview Pane
Application Compatibility Issues
The mitigations offered by EMET have the potential to break some applications. This thread is to discuss people's experiences with applications that do not work correctly under EMET. The goal is to isolate which specific mitigations cause problems and for which applications (or plug-ins where appropriate). For those trying to determine which mitigations are causing problems, the most likely candidates are EAF and DEP.
Here are the issues the EMET support team has been able to confirm:
Application or plug-in | Issues that occur | Mitigation or setting causing the issues |
Skype | Fails to run | EAF |
NetFlix SilverLight app | Video playback in browser fails | EAF |
ATI Drivers | System blue screens on boot | System ASLR policy set to always on (must enable unsafe settings to see this option) |
iPod Synchronization service | Service crashes | System DEP policy set to always on |
AOL | System gives “out of memory” error messages | System DEP policy set to always on |
If you have experienced application compatibility problems with EMET, please share your experiences on this thread. The more detail you can provide about what the issues are and what
EMET supresses start of Word and IE
I have Win 7 SP1 (with all important and recommended updates) withMS Office 2013 and IE 11.
I've noticed today that EMET 5.2 suppressed the start of Word and IE; because "Caller mitigation".
The following actions were not successful:
- Go back to an earlier restore point (as Word was still running)
- Repair Office (online)
- Disable Add-ins in Word
- Complete virus scan
The problem can, however, get around by removing the checkmark for Caller in EMET for winword.exe.
Does somebody know the cause of the problem and a clean solution?
Thank you very much.
Axel F.
EMET 6.0 / 5.3
Major EMET releases have been published on the second or third monday of every 13th month.
2009-10 v1
2010-07 v2
2011-05 v2.1
2012-05 v3
2013-06 v4
2013-11 v4.1
2014-07 v5
2014-11 v5.1
2015-03 v5.2
2015-08 v5.3 / v6.0 ?
Windows 10 will pe published soon and compatibility issues with and working exploits for EMET 5.2 exist. I guess we'll see a new release soon.
EMET 5.5 Beta supports Windows 10
I watch this forum and missed any announcement that a new EMET version was released that now supports Windows 10! Now knowing what to search for, I see a few others have posted about it under other threads, but this should have a thread of its own. Released on Oct 1st, 2015...
Enhanced Mitigation Experience Toolkit 5.5 Beta
http://www.microsoft.com/en-us/download/details.aspx?id=49166
This link mentions EMET 5.5 beta support:
https://support.microsoft.com/en-us/kb/2458544
What's new in Enhanced Mitigation Experience Toolkit 5.5 Beta?
- EMET 5.5 beta release includes new functionality and updates, such as:
- Windows 10 compatibility
- Full GPO support for mitigations and Cert pinning functionality
- EAF/EAF+ perf improvements
- Untrusted font mitigation for Windows 10
- Various bug fixes (UI)
EMET Error
When starting my Laptop I get an EMET Notifier popup box which states: Error: cannot write to EMET event log source. Please re-install EMET program.
When looking at Computer Management, I see this when trying to access the Event Viewer: Event Log Service is un-available. Verify the service is running.
I checked in Services and saw that the Windows Event Log service was set to Automatic, but Stopped. I Started it, did not get an error but the Event Viewer is still Not Available.
Do I in fact have to Re-install the EMET Program, and if so, how / where do I get it?
Windows 7 Prof 64bit SP1
EMET 5.5 RTM release date
Anyone know when EMET 5.5 release date will be for the non-beta verison?
Emet 5.1 stoppped working now will not re-install
I have a Win7 Ultimate 64 bit system. For some reason 5.1 stopped working after working for a very long time and I couldn't get it back so I decided to uninstall and re-install. Unfortunately during the re-installation, it would hang and say "Service Microsoft Service (EMET_Service) failed to start. Verify that you have sufficient privileges to start system services." I opened Services and saw that Microsoft EMET Service was set to Automatic but not started. When I clicked on Start it gave the following error: Windows could not start the Emet Service service on local computer. Error 1053. The service did not respond to the start or control request in a timely fashion.
Next I tried to install 4.1. It seem to install without a problem (it said the install was successful), however, there is no EMET icon in the task bar. If I go to the Emet directory and click on the Emet_gui.exe I get nothing. So at this point I don't even know if Emet is running, or how to adjust it. And yes, I know about checking to make sure that the icon shows in the task bar.
Lastly I tried installing 5.2 but go the same result that I got when I tried to install 5.1.
Any ideas?
EMET 5.2 blocks Adobe Reader XI will CALLER issue
Yesterday EMET started to block Acroread32.exe with a Caller problem. The Reader has always worked fine in the past with EMET and there were no changes to my system yesterday that I know of.
I Carried out full virus scans with Norton and Malwarebytes and they were clear. The only way I can get the reader to open is by unchecking Caller for Acroread32.exe in EMET.
Has any one else experienced this and what might have happened?
MS Office 2010 Word, Excel and IE 8 with Blue Cielo Meridian 2011 SP1 integrators
EMET 5.2 is causing Word, Excel 2010 and IE 8 to crash with a "Microsoft Excel has stopped working" error when we have ASR active for these applications.
Installed apps:
EMET 5.2
MS Office 2010 32 bit.
Blue Cielo Meridian 2011 SP1.
Blue Cielo Meridian 2011 SP1 has 2 services running that integrate with MS Office 2010, these are:
AMHookTray.exe (x64)
AMHookTrayU.exe (x86)
If I end the 32 bit (AMHookTrayU.exe) application in task manager then problem does not occur.
If I disable the ASR in Word or Excel then again the issue does not occur.
I have added AMHookTray.exe, AMHookTrayU.exe to the "Modules" but I still get the error.
Any suggestions would be welcomed.
Rob
EMET 5.2 Breaks Internet Explorer 11
Using Windows 8.1 with Internet Explorer 11, EMET 5.2 causes Internet Explorer to crash just by navigating to a website. I'm using 'Recommended Security' settings in EMET, with the default 'Popular Software' protection profile.
1) Open Internet Explorer
2) Either go to a website such as http://www.amazon.co.uk/ or alternatively just open IE and wait for 30 seconds without doing anything
3) Browser crashes and says 'Internet Explorer has stopped working'
4) Error reporting shows the following:
Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x5452fe91
Faulting module name: EMET64.dll, version: 5.2.0.0, time stamp: 0x54ff88ee
Exception code: 0xc0000005
Fault offset: 0x0000000000048417
Faulting process ID: 0xf3c
Faulting application start time: 0x01d05d8898f1fd96
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\AppPatch\AppPatch64\EMET64.dll
Report ID: e8b7058f-c97b-11e4-82a7-0019d16e4234
Faulting package full name:
Faulting package-relative application ID:
5) Disabling ALL mitigations for Internet Explorer in the EMET 'Applications List' doesn't solve the issue. Internet Explorer has to be completely removed from the EMET 'Applications List' in order to prevent it from crashing.
6) Problem occurs regardless of whether Internet Explorer is running in 'Enable Enhanced Protected Mode' with 'Enable 64-bit processes for Enhanced Protected Mode' or not.
7) Needed to uninstall EMET 5.2 and go back to 5.1
EMET 5.5 User Guide or Details on Untrusted Fonts?
emet stops Word from runnning
Tried both Emet 5.1 and 5.2 and Word 2013 and 2016. Emet will not let Word run.
WINDOWS 8.1 PRO 64-BIT
"EMET detected Caller mitigation and will close the application: WINWORD.EXE"
EMET 5.5 fails to load on reboot with some group policy editor settings.
I am unsure where to report bugs so I'm mentioning one here. If there is a more appropriate forum then feel free to point me that direction.
EMET 5.5 beta on Windows 10 64 bit will fail to load on reboot after an install if group policy editor has been used to aggressively remove "features" from Windows. One notable problem is disabling Cortana in group policy editor. EMET on my box really doesn't like that. This is unfortunate as I don't expect Cortana will ever be enabled on any of the boxes I oversee.
Updating EMET configuration from a webserver
I understand that you can point computers with EMET installed to a fileserver to obtain an updated .xml.
Does anyone know if it's supported to point clients to an .xml file hosted on a webserver? We have a large number of clients that are never in the office and don't use VPN on a regular basis. I would like to setup a scheduled task and then just maintenance .xml files on an Internet facing webserver. I tested this and it works but just didn't know if people are doing this with any success?
For instance, "EMET_Config.exe --import http://www.webserver.com/Emet_Config.xml"
Thanks for your time,
Dave