EMET detected ASR mitigation in iexplore.exe

February 14, 2016, 6:20 pm

≪ Previous: Fresh EMET 5.5 installation giving a ASR warning ( Module : VBScript.dll) running Explorer 11

Hi,

I encountered the following whenever I launched my IE11. Did not encounter this in EMET 5.2

Anyone also encountered the same?

EMET version 5.5.5871.31892
EMET detected ASR mitigation in iexplore.exe

ASR check failed:
Application : C:\Program Files\Internet Explorer\iexplore.exe
User Name :
Session ID : 1
PID : 0x213C (8508)
TID : 0x2F3C (12092)
Module : VBScript.dll

↧

EMET 5.51 install error

August 20, 2016, 11:57 am

≫ Next: Faulting application name: OneDrive.exe

≪ Previous: EMET detected ASR mitigation in iexplore.exe

Windows 7 Ultimate SP1

Already have EMET 5.5 loaded.

Any help with this error trying to install 5.51 would be

appreciated.

EMET 5.51 install attempt:

There is a problem with this Windows Installer package.

A script required for this install to complete could not be run.

↧

Faulting application name: OneDrive.exe

August 30, 2016, 9:08 am

≫ Next: Application Compatibility Issues

≪ Previous: EMET 5.51 install error

Log Name: Application
Source: Application Error
Date: 30/08/2016 8:44:52
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: WG-NB-01
Description:
Faulting application name: OneDrive.exe, version: 17.3.6517.809, time stamp: 0x57aa2140
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000005
Fault offset: 0x0006aaca
Faulting process id: 0x25e0
Faulting application start time: 0x01d202bc4280f205
Faulting application path: C:\Users\willy\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 54f2a33c-266f-43f4-8a96-cc940c510eeb
Faulting package full name:
Faulting package-relative application ID:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-08-30T12:44:52.315656100Z" />
<EventRecordID>65895</EventRecordID>
<Channel>Application</Channel>
<Computer>WG-NB-01</Computer>
<Security />
</System>
<EventData>
<Data>OneDrive.exe</Data>
<Data>17.3.6517.809</Data>
<Data>57aa2140</Data>
<Data>ntdll.dll</Data>
<Data>10.0.10586.306</Data>
<Data>571afb7f</Data>
<Data>c0000005</Data>
<Data>0006aaca</Data>
<Data>25e0</Data>
<Data>01d202bc4280f205</Data>
<Data>C:\Users\willy\AppData\Local\Microsoft\OneDrive\OneDrive.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>54f2a33c-266f-43f4-8a96-cc940c510eeb</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>

↧

Application Compatibility Issues

February 9, 2011, 3:15 pm

≫ Next: EMET is crashing the Silverlight and Internet Explorer

≪ Previous: Faulting application name: OneDrive.exe

The mitigations offered by EMET have the potential to break some applications. This thread is to discuss people's experiences with applications that do not work correctly under EMET. The goal is to isolate which specific mitigations cause problems and for which applications (or plug-ins where appropriate). For those trying to determine which mitigations are causing problems, the most likely candidates are EAF and DEP.

Here are the issues the EMET support team has been able to confirm:

Application or plug-in	Issues that occur	Mitigation or setting causing the issues
Skype	Fails to run	EAF
NetFlix SilverLight app	Video playback in browser fails	EAF
ATI Drivers	System blue screens on boot	System ASLR policy set to always on (must enable unsafe settings to see this option)
iPod Synchronization service	Service crashes	System DEP policy set to always on
AOL	System gives “out of memory” error messages	System DEP policy set to always on

If you have experienced application compatibility problems with EMET, please share your experiences on this thread. The more detail you can provide about what the issues are and what

↧

EMET is crashing the Silverlight and Internet Explorer

November 24, 2015, 1:35 pm

≫ Next: EMET Warning

≪ Previous: Application Compatibility Issues

Any idea why EMET is crashing the Silverlight, in this case Lync server 2013 Control Panel:

Log Name:      Application
Source:        EMET
Date:          23.11.2015 20:55:40
Event ID:      2
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Description:
EMET detected StackPivot mitigation and will close the application: IEXPLORE.EXE

StackPivot check failed:
Application : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
User Name : DOMAIN\UserA
Session ID : 2
PID : 0x27F4 (10228)
TID : 0x22F8 (8952)
API name : ntdll.NtSetContextThread
ReturnAddress : 0x75EC5B54
CalledAddress : 0x77C41920
Thread stack area range: [0x1C7BE000..0x1C7C0000]
StackPtr : 0x04EB9448

Petri

↧

EMET Warning

September 13, 2016, 10:22 pm

≫ Next: EMET 5.51 Protection for Basic Applications

≪ Previous: EMET is crashing the Silverlight and Internet Explorer

I downloaded an MS Excel file that was sent to me via email. I cannot open the said file. Whenever I will click on it, rather that MS Excel and the MS Excel file opening, Microsoft EMET would splash a notification screen statingEMET detected SimExecFlow mitigation and will close the application:EXCEL.EXE and it would never open the file in MS Excel.

↧

EMET 5.51 Protection for Basic Applications

September 14, 2016, 12:42 pm

≫ Next: How do I remove doctopdf from windows 7

≪ Previous: EMET Warning

I've installed EMET 5.51 on a Windows 10 Pro system to understand its potential use cases. As a test, I've added notepad.exe (in every combination from wildcard to exact pathname, etc.) to the protected list. I've ensured that all current notepad sessions are closed and then opened a new one. No green checkmark appears next to the running notepad and process explorer does not show EMET loaded into the notepad process. There are no error messages in the event log. I've done the same with calc with the exact same result. I then did the same thing for Chrome and interestingly enough all Chrome processes show up as protected in the EMET console.

Am I overlooking something?

↧

How do I remove doctopdf from windows 7

September 17, 2016, 9:00 am

≫ Next: Questions on EMET 5.5

≪ Previous: EMET 5.51 Protection for Basic Applications

How do I remove doctopdf from windows 7

↧

Questions on EMET 5.5

September 18, 2016, 8:49 pm

≫ Next: Edge crashes at startup after EMET is installed on Win10 v1607

≪ Previous: How do I remove doctopdf from windows 7

Dear Support team,

I have the following questions on EMEt 5.5

Is EMET capable to monitor the applications bundled in the Thinapp environment , In the Virtual Desktop environment most of the applications will be available through Thinapp so need to know whether EMET can monitor these applications or does it require the applications to be installed at the endpoint to monitor it?

Will EMET impact application virtualization, Any known issues with EMET in the virtual environment causing application start up or its functionalities?

When will EMET 5.5 end of support ? Will we still get support from Microsoft if EOS, as we can’t afford to upgrade EMET version yearly.

Thanks

Chris

↧

Edge crashes at startup after EMET is installed on Win10 v1607

September 19, 2016, 9:50 am

≫ Next: EMET 5.2 crashes Word and Excel 365

≪ Previous: Questions on EMET 5.5

We are having a weird issue where Edge is crashing at startup after EMET v5.51 is installed on Windows 10 Enterprise x64 v1607.

We installed EMET v5.51 on a new instance of Windows 10 Enterprise x64 v1607, disabled all EMET configuration using EMET_Conf command line, and rebooted. Edge then crashes immediately when it is started, everytime. Tried with a different user account also and same issue. Even weirder is that even after uninstaling EMET and rebooting, Edge still crashes.

So it appears that just the action of installing EMET is breaking Edge for all users on the system, not necessarily an actual EMET Mitigation. Also EMET documentation indicates that it doesn't interact with Edge in anyway as well, so even weirder that EMET is breaking edge when it supposidly doesn't have any interaction.

EMET didn't log anything in the eventlog for Edge crashing, but there is this application Error for Edge:

Has anyone seen this before or have any ideas on why this might be occurs?

↧

EMET 5.2 crashes Word and Excel 365

June 16, 2015, 12:59 am

≫ Next: Chrome crashes EMET message

≪ Previous: Edge crashes at startup after EMET is installed on Win10 v1607

Until April 2015 I EMET (5.0/5.1) co-existed fine on my Windows 7 X64 computer. Then I started getting error messages when exiting normally from Word and Excel, usually with an invitation to inform Microsoft and then the app would restart with a blank document or sheet. No harm done, but annoying. I uninstalled Office 2013 Pro completely, then installed Office 365. I went through the gamut of disabling office Add-Ins, updating Abbyy FineReader, etc. Still the errors continued. Checking my Events log I found EMET sometimes associated with these errors. Updated EMET to v5.2 --the errors continued. Finally and reluctantly I uninstalled EMET, since when no errors have occurred.

Any thoughts, anyone?

↧

Chrome crashes EMET message

September 21, 2016, 9:29 am

≫ Next: Server Core Install of EMET

≪ Previous: EMET 5.2 crashes Word and Excel 365

How do I bypass EMET on Chrome. Started up the computer recent for updates, ever since then Chrome cannot be opened and I get rolling EMET messages. I have limited computer smarts but can follow instructions.

↧

Server Core Install of EMET

July 9, 2014, 8:36 am

≫ Next: What are the plans for the nex version of EMET beyond 5.5?

≪ Previous: Chrome crashes EMET message

Is the install of EMET on Windows 2008 R2 Server Core supported? I have made some attempts. The first challenge was finding a Server Core version of .Net Framework. But I am still having challenges getting EMET to install. The documentation does not cover a Server Core install.

Thomas Talley

↧

What are the plans for the nex version of EMET beyond 5.5?

September 29, 2016, 1:33 pm

≫ Next: Report portal for EMET

≪ Previous: Server Core Install of EMET

Will there be a new version of EMET published and if so, when?

Chris Bynum - MSFT

↧

Report portal for EMET

October 4, 2016, 5:04 am

≫ Next: Will Windows 7 support the latest version of Power Point?

≪ Previous: What are the plans for the nex version of EMET beyond 5.5?

Have you guys made and utilities or tools to report EMET events?

I wanted to share some screenshots of a tool we have developed to ease EMET reporting. It has helped us a lot when monitoring our customers and their EMET client machines.

The tool is web based and in the main-view there are graphical statistics (high error counts are result of thousands of duplicate error events in EMET clients) and Excel-like log filteration -tool.

The main view of EMET reporter

The second on shows mitigations and their amounts on specific computers.

Mitigation counts per computer

Similar views are for per Application and for per User

↧

Will Windows 7 support the latest version of Power Point?

October 12, 2016, 1:24 pm

≫ Next: Password history

≪ Previous: Report portal for EMET

I have the latest PPoint version - the laptop I'm supposed to use for a presentation is running Windows 7 - will there be any issues here?

↧

Password history

October 18, 2016, 1:08 am

≫ Next: EMET 5.51 Causing bitlocker recovery key prompts

≪ Previous: Will Windows 7 support the latest version of Power Point?

Can Microsoft outlook provides me the history of my last 5 passwords associated with my accounts?

↧

EMET 5.51 Causing bitlocker recovery key prompts

October 18, 2016, 1:04 am

≫ Next: file explorer will not open

≪ Previous: Password history

Hi All,

I'm currently working for a client who requires a secure build, we are following guidelines which require the use of EMET and Bitlocker.

We're deploying Win 7 Enterprise Machines via SCCM, we're then installing EMET 5.51 during the TS (Intending on managing EMET via GPO's), Turning TPM on/ Enabling etc, taking ownership then enabling bitlocker with TPM and PIN.

This all works just fine, up until the point of a GPupdate when the EMET policies are applied (We believe it is DEP that is killing bitlocker) then on next reboot we are prompted for they recovery key...obviously this is not ideal in an enterpise deployment!

We have tried manually setting DEP via cmdline in the task sequence PRE bitlocker, but any GPO's (Even with DEP as not configured) still seems to overwrite the settings and make changes to the BCD....

Maybe I'm missing something really obvious, I'm not sure any help would be great!

Cheers,

↧

file explorer will not open

October 18, 2016, 9:24 am

≫ Next: DEP detection in Excel Plug-in

≪ Previous: EMET 5.51 Causing bitlocker recovery key prompts

File explorer will not open either from start or from task bar. I have removed all mitigations and nothing works. All other Exe apps open. Please advise.

↧

DEP detection in Excel Plug-in

November 3, 2016, 12:57 am

≫ Next: EMET 5.5 causes Adobe Acrobat Reader DC 11 to fail if "Protected Mode" is enabled in Reader

≪ Previous: file explorer will not open

Hi All!

Troubleshooting a DEP detection generated by a third-party add-in to Excel. Not knowing much about the (code) development aspect and how it relates to EMETs detections. What are some guidance I can give to the developers on what to look for in their code? What advanced compilation options should they ensure they are using?

Secondly, what would be the appropriate (temporary) actions to whitelist or exclude the add-in (or Excel in general) to cure the current crashes? For this question I'm sure you can point me to available threads in the forums or blog-posts that deal with these techniques.

Best,

Fredrik

↧

Latest Images