EMET, which stands for Microsoft’s Enhanced Mitigation Experience Toolkit, is one of the best and lesser known security tools created by Microsoft. EMET is a simple yet effective software which uses specific hardened mitigation techniques like data execution prevention, export address table access filtering, structured exception handler overwrite protection, etc., to add additional security features to protect your installed applications from being exploited.
For instance, the installed Java and Internet Explorer are some terribly vulnerable programs and using EMET, you can secure those installed programs from common exploits. Actually, most of the techniques used by EMET are built right into the Windows operating system, and EMET acts as an easy user interface to deal with all the advanced security stuff. So, here is how you can use EMET to secure your Windows computer.
One thing to keep in mind while using this tool is that it won’t work quite well with old software. If you are using old software then EMET may not be for you as it may result in several false positives, and the applications may not work as they should due to compatibility issues.
Using Enhanced Mitigation Experience Toolkit
First off, download EMET directly from the Microsoft website and install it like any other software.
While installing, select the option “Use Recommended Settings” in the configuration window and click on the “Finish” button to continue.
Once installed, EMET will sit quietly in the taskbar monitoring and protecting the supported applications. Just double-click on it to open up the EMET window.
As you can see, the EMET shows all the running processes and the system status in the main window.
The first thing you need to do after installing EMET is to add all the popular software to the app list. Fortunately, Microsoft supplies you with an XML file which has almost all the popular software like Firefox, Chrome, Windows Media Player, etc. To do that, select the option “Import” on the ribbon toolbar.
Now select the file “Popular Software.xml” and click on the “Open” button to upload the file to EMET.
Once you have added the file, either restart all the applications or just restart your entire system to be sure.
Once you restart, you can see all the applications that are being protected by EMET in the processes section of the main window. Applications that are being covered by EMET will have a green checkmark in the “Running EMET” section.
In fact, by clicking on the “Apps” button on the ribbon, you can see all the applications that are being protected by EMET. In the Application Configuration window, you can enable and disable each mitigation policy individually for each app.
If you want to add your own application to EMET, click on the “Add Application” button on the ribbon, select the application and click on the “Open” button to complete the procedure. For instance, I’ve added Sublime Text application to EMET.
Once added, it will be listed in the Application Configuration window and you can set individual mitigation policies just like any other application in this section.
You can also quickly configure the security level by changing the profiles under “Quick Profile Name” on the ribbon UI. Obviously, the recommended setting would be “Recommended Security Settings” option.
If EMET finds any vulnerable programs or a program which doesn’t abide by the rules, then it will restrict the application from starting and display a simple message letting you know the same.
As you can see, EMET detected an EAF (Export Address Table Access Filtering) mitigation and blocked the execution of the Thunderbird application. However, if you trust the application, you can change the mitigation rules in the Application Configuration window.
Moreover, if you don’t like how the EMET interface looks, you can change the look by selecting one of the available skins from the “Skin” drop-down menu on the ribbon.
EMET is mainly aimed at administrators and the software itself is super strict in applying its mitigation rules to the applications. That being said, it can be perfectly used by any Windows user, and if you are still using Windows XP for whatever reason then using EMET would be a good thing to protect your PC.
Sure there may be compatibility issues with some applications but the security provided by EMET is well worth it. Moreover, Microsoft is actively developing the application to be compatible with more and more applications, so do give it a try.
That’s all there is to do and hopefully that helps. Do comment below sharing your thoughts and experiences about using EMET to secure your applications from potential exploits and vulnerabilities.