You are currently offline, waiting for your internet to reconnect

Disabled application mitigations in the EMET Application Configuration policy may not take effect when Default Protections policies are applied


Some applications may have specific mitigations disabled in the Application Configuration policy in Enhanced Mitigation Experience Toolkit (EMET). These disabled mitigations may not take effect when one or both of the following EMET policies are also enabled:

  • Default Protections for Popular Software
  • Default Protections for Recommended Software

EMET policies are not cumulative. When Default Protections policies are applied in addition to the Application Configuration policy, duplicate entries for the same application may occur, and you cannot prioritize the Application Configuration settings. For example, because the Default Protections for Popular Software policy enables all mitigations for a set of applications, any of the same applications that are configured through the Application Configuration policy with mitigations disabled will not take effect.

To resolve this issue, do not enable the Default Protections policy settings. Instead, enable only the Application Configuration policy, and create individual entries for each application that has to have some or all mitigations enabled or disabled.
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 2835387 - Last Review: 08/14/2014 14:40:00 - Revision: 4.0

Enhanced Mitigation Experience Toolkit 3.0, Enhanced Mitigation Experience Toolkit 4.0, Enhanced Mitigation Experience Toolkit 4.1, Enhanced Mitigation Experience Toolkit 5.0

  • KB2835387