EMET that stands for Enhanced Mitigation Experience Toolkit, is an excellent application security tool offered by Microsoft to quickly secure many popular applications. As an amazing security utility, the tool is capable of preventing vulnerabilities in software from being successfully exploited. Operating on some of the best security mitigation technologies, the tool creates some highly effective protections and obstacles which a potential malware author must defeat to exploit software vulnerabilities. It acts as a set-it-and-forget-it solution that won’t pop up and ask you questions regarding the security parameters of the application.
Here are some of the tips to secure more applications with EMET and fix them, if they break:
1. Use 64-bit version of Windows with this tool
According to the reports from numerous threat detection tests and tech geek recommendations, using a 64-bit version of Windows is more secure than that of relying on a 32-bit version. A 64-bit version will have access to Address Space Layout Randomization (ASLR) features that help in blocking the way through which an infection can exploit the security vulnerabilities of the program. Although, tech experts don’t claim that a 32-bit version of Windows is devoid of all the security features, but they recommend using 64-bit for ensuring added security.
2. Know If EMET fits compatible with your application
Sometime you might face sudden shutdown of an application and this is because it does something that your pre-defined EMET rules disallow. Shutting down the application when it behaves in a potentially unsafe way is the default tool setting and is specially added to avoid the occurrence of any exploits. So don’t panic if the application shuts down abruptly and you are prompted with an EMET icon in the system tray. This happens just because an application has violated a rule.
3. Locking down some processes is necessary
If you’re comfortable in locking down specific applications, then enlist those that are more likely to be compromised such as web browsers, browser plug-ins, chat programs, and many others. Usually, the files that don’t use an active Internet connection or render low-level system services are less at risk. Important business applications with required internet access, company’s framework, and other important business operations related files are the ones that you want to secure the most. To secure a running application, follow these steps:
• Locate the file on the EMET list, right-click on it, and select the ‘Configure Process’ option.
• If the process isn’t running, then open it in the ‘Apps’ window and use the ‘Add Application or Add Wildcard’ buttons to open the ‘Configure Process.’
• Once the ‘Application Configuration’ window is opened with your application highlighted, all the EMET rules will automatically be enabled.
• Click the ‘OK’ button to apply all the rules and finish the process.
After making the above mentioned changes, your application will start working properly, if it doesn’t then try disabling some of the restrictions for that application. You can easily disable each one of them one-by-one until the application actually works. If you think that restricting an application isn’t beneficial at all, then select it from the list and click on the ‘Remove Selected’ button. Removing the application from the list will help to erase rules and set the application back to its default state.
4. Test rules in ‘Audit Only’ mode and then, Apply
Sometimes, you might feel that EMET rules are required to be tested and you can easily do the same by enabling them in the ‘Audit only’ mode. To enable the ‘Audit only’ mode, click the ‘Apps’ icon > Application Configuration window > Default Action section > set it to Audit only. Setting the tool in the ‘Audit only’ mode will allow the application to keep running but it will report the problem by prompting it on the screen.
EMET can easily work with software that is developed by Microsoft as well as by other vendors to ensure that your applications remain free from venerability exploits. Although, the tool doesn’t take the complete guarantee about exploitation of vulnerabilities but they will make the exploitation process as difficult as possible to perform. Therefore, it is recommended to install this security utility right now on your devices and add an extra security layer to your applications.