Avast WEBforum
Other => General Topics => Topic started by: Avastfan1 on September 26, 2012, 03:29:58 PM
-
Dear Forum,
I installed the EMET notifier before downloading and installing the Window$ Update with EMET included this month.
Questions:
- Has EMET been installed twice on my system?
- When can we uninstall EMET?
Thank you in advance!
Avastfan1
-
It would have overinstalled so you just have one copy. For the security that it gives you and the negligable overheads I would keep it
-
How exactly does this Tool work? ???
-
The outlined area in the screenshot is how zero access changes services.exe without being caught. But with this tool that route is blocked
It is a DEP tool with a touch of aggro .. No-one messes with the files protected by this ;D
-
Thank you for the informative responses.
Do we need to configure EMET after the Window$ Update install?
-
No need the windows updates one came in fully configured
-
So as a result of the EMET/KB update are we likely to see less or no instances of zero access or similar rootkits (on fully updated systems) ?
-
Is this something the average user should install? And how low is low overhead? (Running Win7 Starter here...)
-
You don't have to install anything, as the EMET Notifier was an early fix prior to the official Windows Security Update.
So if you are keeping windows up to date it is done for you.
-
I asked because I couldn't find any references to emet in control panel or search. considering installing it anyway.
-
How exactly does this Tool work? ???
EMET provides extra protection by adding new virus mitigation tools and enhancing existing capabilities.
E.g. for Windows XP it enhances existing DEP by overriding the need for software to notify the OS for it to be used. It also adds Windows Vista/7 features like Structured Exception Handling Overwrite Protection (SEHOP) and Mandatory Address Space Layout Randomization (ASLR).
There is an understandable increased risk of compatibility problems.
MS KB Article: http://support.microsoft.com/kb/2458544
EMET 3.0: http://www.microsoft.com/en-us/download/details.aspx?id=29851
EMET 3.5 "Tech Preview": http://www.microsoft.com/en-us/download/details.aspx?id=30424
-
Here's some further explanation:
http://windowssecrets.com/top-story/protecting-pcs-from-the-next-zero-day-threat/ (http://windowssecrets.com/top-story/protecting-pcs-from-the-next-zero-day-threat/)
It isn't a magic bullit and can cause some serious problems with trying to run some of your programs.
-
It should greatly reduce the instances of services.exe being subverted on Vista and 7 systems
-
How exactly does this Tool work? ???
EMET provides extra protection by adding new virus mitigation tools and enhancing existing capabilities.
E.g. for Windows XP it enhances existing DEP by overriding the need for software to notify the OS for it to be used. It also adds Windows Vista/7 features like Structured Exception Handling Overwrite Protection (SEHOP) and Mandatory Address Space Layout Randomization (ASLR).
There is an understandable increased risk of compatibility problems.
MS KB Article: http://support.microsoft.com/kb/2458544
EMET 3.0: http://www.microsoft.com/en-us/download/details.aspx?id=29851
EMET 3.5 "Tech Preview": http://www.microsoft.com/en-us/download/details.aspx?id=30424
Thanks for your time Vladimyr
And Bob1360
Appreciate the info. :D
-
You're welcome. Stay safe. :)
-
No worries!
-
I have a number of "Windows\System32" entries that aren't setup in EMET
See Screenshot.
Are these applications something that should/could be entered in protection?? ???
For example: the numerous "scvhost" entries.
Thanks :)