EMET Notifier

Dear Forum,

I installed the EMET notifier before downloading and installing the Window$ Update with EMET included this month.

Questions:

  • Has EMET been installed twice on my system?
  • When can we uninstall EMET?

Thank you in advance!

Avastfan1

It would have overinstalled so you just have one copy. For the security that it gives you and the negligable overheads I would keep it

How exactly does this Tool work? ???

The outlined area in the screenshot is how zero access changes services.exe without being caught. But with this tool that route is blocked

It is a DEP tool with a touch of aggro … No-one messes with the files protected by this ;D

Thank you for the informative responses.

Do we need to configure EMET after the Window$ Update install?

No need the windows updates one came in fully configured

So as a result of the EMET/KB update are we likely to see less or no instances of zero access or similar rootkits (on fully updated systems) ?

Is this something the average user should install? And how low is low overhead? (Running Win7 Starter here…)

You don’t have to install anything, as the EMET Notifier was an early fix prior to the official Windows Security Update.

So if you are keeping windows up to date it is done for you.

I asked because I couldn’t find any references to emet in control panel or search. considering installing it anyway.

EMET provides extra protection by adding new virus mitigation tools and enhancing existing capabilities.
E.g. for Windows XP it enhances existing DEP by overriding the need for software to notify the OS for it to be used. It also adds Windows Vista/7 features like Structured Exception Handling Overwrite Protection (SEHOP) and Mandatory Address Space Layout Randomization (ASLR).
There is an understandable increased risk of compatibility problems.

MS KB Article: http://support.microsoft.com/kb/2458544
EMET 3.0: http://www.microsoft.com/en-us/download/details.aspx?id=29851
EMET 3.5 “Tech Preview”: http://www.microsoft.com/en-us/download/details.aspx?id=30424

Here’s some further explanation:
http://windowssecrets.com/top-story/protecting-pcs-from-the-next-zero-day-threat/
It isn’t a magic bullit and can cause some serious problems with trying to run some of your programs.

It should greatly reduce the instances of services.exe being subverted on Vista and 7 systems

Thanks for your time Vladimyr
And Bob1360

Appreciate the info. :smiley:

You’re welcome. Stay safe. :slight_smile:

No worries!

I have a number of “Windows\System32” entries that aren’t setup in EMET
See Screenshot.
Are these applications something that should/could be entered in protection?? ???
For example: the numerous “scvhost” entries.
Thanks :slight_smile: