Enhanced Mitigation Experience Toolkit (EMET) 5.0

The Enhanced Mitigation Experience Toolkit (EMET) helps raise the bar against attackers gaining access to computer systems. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques. EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software. EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives.

Helps raise the bar against attackers. EMET helps protect against new and undiscovered threats even before they are formally addressed through security updates or antimalware software. EMET includes 12 security mitigations that complement other defense in-depth security measures, such as Windows Defender and antivirus software. EMET installs with default protection profiles, which are XML files that contain preconfigured settings for common Microsoft and third-party applications.

Works well for the enterprise. Enterprise IT professionals can easily deploy EMET through Microsoft System Center Configuration Manager and apply Group Policies in Windows Active Directory to comply with enterprise account, user, and role policies. Administrators can customize and configure EMET deployments and determine which applications they want to protect through which mitigation techniques.

Even for enterprise legacy software that cannot easily be rewritten, or for software being phased out where the source code is not available, EMET provides mitigation protections. The reporting capabilities in EMET are provided through a component called the EMET Agent, which allows enterprises to create logs and notifications for audit purposes. EMET customer support is available through Microsoft Premier Support Services. For more information on deployment EMET, also visit the EMET Knowledge Base Article: KB2458544

Helps protect in a wide range of scenarios. EMET is compatible with most commonly used third-party applications at home and in the enterprise, from productivity software to music players. EMET works for a range of client and server operating systems used at home and in the enterprise. When users browse secure HTTPS sites on the Internet or log on to popular social media sites, EMET can help further protect by validating Secure Sockets Layer (SSL) certificates against a set of user-defined rules.

EMET 5.0 release includes new functionality and updates, such as:

  • Attack Surface Reduction (ASR), to limit the attack surface of applications and reduce attacks.
  • Export Address Table Filtering Plus (EAF+), to improve and extend the current EAF mitigation.
  • 64-bit ROP mitigations, to anticipate future exploitation techniques.
  • Several security, compatibility and performance improvements.

Download: Enhanced Mitigation Experience Toolkit (EMET) 5.0 | 1.07 MB (Freeware)
Download: EMET User Guide | 1.9 MB
View: EMET Homepage | EMET 5.0 Announcement

Report a problem with article
Previous Story

Microsoft's case against Samsung becomes clear, documents contain lots of fun information

Next Story

Microsoft releases Xbox 'teaser trailer' video for Gamescom 2014

23 Comments

Commenting is disabled on this article.

If you use this and import the popular software XML, make sure to disable EAF+ for Firefox otherwise Firefox will take forever to load.
This is better than MBAE since it doesn't only protect web browsers and is free.

What is this? Sounds important, but also sounds like snake oil. The description makes a lot of noise but doesn't really tell you what it does. Is it just a firewall?

Thank you for your insightful reply. You used to be able to ask questions around here and expect useful answers. Guess not anymore.

I read the article several times. Still sounds like a firewall to me, but clearly I'm missing something?

Fish said,
I read the article several times. Still sounds like a firewall to me, but clearly I'm missing something?

Emet forces programs to run under Microsofts built in security defences.

Basically this helps protect programs from expolits used in popular programs that haven`t become documented and patched. Particularly but not limited to web exploits where the infected page will use something like a Java or Adobe flash flaw which will allow the exploit to run modified code in memory.
If you do decide to use it i suggest adding programs you use one by one to make sure that no advers effect is discovered.

GTR707 said,
MalwareBytes Anti-Exploit is all you need. No configuring either.

While I completely agree, MalwareBytes is pretty dang amazing, their latest updated UI makes it look like malware now... =)

Sounds good - but why is this not a part of the OS or of IE, by default? Is there a downside?

Should I install it on the PCs of other members of my family or will it give them problems later?

gb8080 said,
Sounds good - but why is this not a part of the OS or of IE, by default? Is there a downside?

If it was part of the OS, Microsoft would have to support the version that shipped with the OS for 10 years. It isn't part of IE for obvious reasons.

Ace said,

If it was part of the OS, Microsoft would have to support the version that shipped with the OS for 10 years. It isn't part of IE for obvious reasons.

Sorry, I don't follow. MS supports the OS, it supports Windows Defender, it fills up Windows Update every patch Tuesday, so why is having to support it a reason not to include it?
And is EMET worth installing on other family member's computers? Is there a downside?

If you set it to Maximum Security you could encounter problems. So far I it has only caused a problem with one game I have (Combat Arms).

Anyone updated from 4.1 Update 1? Had a quick read but not seen if an in place upgrade can be done or if you need to uninstall the old one and lose all your config ...

Riggers said,
Anyone updated from 4.1 Update 1? Had a quick read but not seen if an in place upgrade can be done or if you need to uninstall the old one and lose all your config ...

Just a FYI, install over the top of 4.1 update 1 seems to have gone fine...

Enron said,
I have a separate background service that allows the NSA to maintain national security. I hope you do too.

It`s called svchost.exe ;)