EMET mitigations guidelines
Generic guidelinesEMET mitigations work at a very low level in the operating system, and some kinds of software that perform similar low-level operations might have compatibility issues when they are configured to be protected by using EMET. The following is a list of the kinds of software that should not be protected by using EMET:
- Anti-malware and intrusion prevention or detection software
- Software that handles digital rights management (DRM) technologies (that is, video games)
- Software that use anti-debugging, obfuscation, or hooking technologies
Additionally, EMET is intended to work together with desktop applications, and you should protect only those applications that receive or handle untrusted data. System and network services are also out-of-scope for EMET. Although it is technically possible to protect these services by using EMET, we do not advise you to do this.
Application compatibility listThe following is a list of specific products that have compatibility issues in regards to the mitigations that are offered by EMET. You must disable specific incompatible mitigations if you want to protect the product by using EMET. Be aware that this list takes into consideration the default settings for the latest version of the product. Compatibility issues may be introduced when you apply certain add-ins or additional components to the standard software.
|Product||EMET 4.1 Update 1||EMET 5.2||EMET 5.5|
|7-Zip Console/GUI/File Manager||EAF||EAF||EAF|
|AMD 62xx processors||EAF||EAF||EAF|
|Beyond Trust Power Broker||Not applicable||EAF, EAF+, Stack Pivot||EAF, EAF+, Stack Pivot|
|Certain AMD/ATI video drivers||System ASLR=AlwaysOn||System ASLR=AlwaysOn||System ASLR=AlwaysOn|
|Excel Power Query, Power View, Power Map and PowerPivot||EAF||EAF||EAF|
|Google Talk||DEP, SEHOP*||DEP, SEHOP*||DEP, SEHOP*|
|Immidio Flex+||Not applicable||EAF||EAF|
|Microsoft Office Web Components (OWC)||System DEP=AlwaysOn||System DEP=AlwaysOn||System DEP=AlwaysOn|
|Microsoft Word||Heapspray||Not applicable||Not applicable|
|Pitney Bowes Print Audit 6||SimExecFlow||SimExecFlow||SimExecFlow|
|Siebel CRM version is 18.104.22.168||SEHOP||SEHOP||SEHOP|
|SolarWinds Syslogd Manager||EAF||EAF||EAF|
|VLC Player 2.1.3+||SimExecFlow||Not applicable||Not applicable|
|Windows Media Player||MandatoryASLR, EAF, SEHOP*||MandatoryASLR, EAF, SEHOP*||MandatoryASLR, EAF, SEHOP*|
|Windows Photo Gallery||Caller||Not applicable||Not applicable|
ǂ EMET mitigations might be incompatible with Oracle Java when they are run by using settings that reserve a large chunk of memory for the virtual machine (that is, by using the -Xms option).
Frequently asked questionsQ: What are the exploits for which CVEs have been blocked by EMET?
A: The following is a partial list of the CVEs for which the known exploits are successfully blocked by EMET at the time of discovery:
|CVE number||Product family|
|CVE-2007-5659||Adobe Reader, Adobe Acrobat|
|CVE-2009-0927||Adobe Reader, Adobe Acrobat|
|CVE-2009-4324||Adobe Reader, Adobe Acrobat|
|CVE-2010-0188||Adobe Reader, Adobe Acrobat|
|CVE-2010-1297||Adobe Flash Player, Adobe AIR, Adobe Reader, Adobe Acrobat|
|CVE-2010-2883||Adobe Reader, Adobe Acrobat|
|CVE-2010-3654||Adobe Flash Player|
|CVE-2011-0611||Adobe Flash Player, Adobe AIR, Adobe Reader, Adobe Acrobat|
|CVE-2012-0158||Office, SQL Server, Commerce Server, Visual FoxPro, Visual Basic|
|CVE-2012-0779||Adobe Flash Player|
|CVE-2013-0640||Adobe Reader, Adobe Acrobat|
|CVE-2013-5330||Adobe Flash Player, Adobe AIR|
|CVE-2014-0497||Adobe Flash Player|
|CVE-2015-0313||Adobe Flash Player|
Q: How do I uninstall Microsoft EMET 5.1 by using an MSIEXEC command or a registry command?
A: See the references in the following TechNet topic:
Q: How do I disable Watson Error Reporting (WER)?
A: See the references in the following Windows and Windows Server articles:
Third-party information disclaimer
Article ID: 2909257 - Last Review: 11/09/2016 20:57:00 - Revision: 19.0
- kbexpertiseinter kbsecurity KB2909257