I've been pushing to get Microsoft's EMET installed at my company, but we've been encountering numerous issues...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
with false positives where processes are getting blocked and/or crashing. Any suggestions on how to fight this battle?
Ask the Expert
SearchSecurity expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email. (All questions are anonymous.)
I'm not exactly sure which battle you need help in fighting: the battle to convince your company that a Microsoft EMET deployment is a good move, or the battle against false positives, so I'll do my best to tackle both.
Microsoft's Enhanced Mitigation Experience Toolkit (EMET) version 4.0 is an extremely valuable mitigation technology for any organization running older Windows applications or operating system software. EMET is free and works by retroactively applying various security mitigation technologies to applications, making it more difficult for an attacker to exploit common attack vectors such as buffer overflows and memory corruption. As opposed to regular signature-based antimalware software, EMET is better at defending against automated attacks and zero-day exploits, as it's based around detecting malicious behaviors.
If senior management isn't convinced that deploying Microsoft EMET is worth the time and effort, remind them that legacy software is always an attractive target for attackers, particularly if it's no longer supported by the original vendors. For example, Windows XP Service Pack 3 and Office 2003 will both go out of support in April 2014. After this date, there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. Running end-of-life software is a big risk and is seen as a control failure by most compliance and regulatory standards. Implementing EMET can provide important protection whilst legacy systems are being updated. EMET can also provide additional protection for in-support versions of Windows by offering supplementary mitigations and enforcing mitigation for software that has not opted to use Microsoft's latest defensive controls, such as data execution prevention.
If your EMET configuration is causing problems with false positives, it will probably require time spent reading the user guide to find the best way forward. Issues to check include ensuring machines have sufficient free memory to run EMET. If this is a concern, disable the logging feature and notifications to conserve memory via settings in the registry. EMET may cause some programs to crash, but this can be down to bugs within those specific applications and not necessarily an EMET problem. Disable the particular mitigation that is causing the problem and continue with the other mitigations enabled. At least you will gain some improvement in security without losing functionality. The graphical user interface makes it easy to configure mitigations and see which processes have been opted-in to EMET.
Getting newly installed software working correctly can be frustrating, but keep persevering, as EMET provides an additional layer of protection for enterprise networks. Version 4.0 features new updates and mitigations, including a certificate pinning feature called Certificate Trust that can detect man-in-the-middle attacks.
Related Q&A from Michael Cobb
Expert Michael Cobb explains how an HTTP referer header affects user privacy and outlines changes that can be made to ensure sensitive data is not ...continue reading
Expert Michael Cobb explains the difference between the REESSE3+ and IDEA block ciphers and explores when each is applicable in an enterprise setting.continue reading
While cookies are critical to delivering personalized Web content, they are a privacy concern. Learn how adding Bloom filters to cookies can help ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.