Microsoft released a beta version of the Enhanced Mitigation Experience Toolkit 4.0 back in April this year promising that the final version would follow in the coming months. The release of version 4.0 of EMET came as a surprise to many, as the company decided to skip EMET 3.5 final after having released a technical preview version of it before.
The Enhanced Mitigation Experience Toolkit improves security significantly on Windows systems. It is not a first-line of defense product such as antivirus programs or firewalls, but steps in when malware managed to sneak by those defense. This can for instance be the case for new 0-day vulnerabilities that have not been patched yet.
EMET mitigates common exploit techniques so that code that is making use of them cannot execute properly on the system so that malware attacks are blocked by the application before they infect the PC.
You are probably wondering what is new in the final release. The first thing you will notice in this regard is the new configuration wizard that pops up after installation.
Here you can select to keep existing settings or use recommended settings. You may want to keep your existing settings of EMET if you have made modifications to the application previously on your system.
The recommended settings option resets all existing application configuration settings, adds protections for common programs such as Internet Explorer, Oracle Java, Microsoft Office or Adobe Reader, adds Certificate Trust rules for popular services such as Twitter, Facebook and Yahoo, and enables reporting.
Remember that you can export data in the program so that you may want to back up your customizations in the version installed on a system before you run the installer to install the new EMET 4.0 version on your system. You can then import the data backup that you have saved earlier.
The main program window has been redesigned. First thing you may want to do is switch the Office 2013 skin to EMET Style or another theme that improves the overall look and feel of the program interface. And yes, there is a Ribbon now but it is not that bad as all options are displayed in it and you do not need to switch between different tabs here.
- ROP mitigations that were introduced in EMET 3.5 Technical Preview have been improved compatibility and performance-wise.
- All known compatibility issues of EMET 3.0 and 3.5 Technical Preview are resolved in the new version.
- Internet Explorer 10 on Windows 8 is now supported by the application.
- Early Warning feature that sends information to Microsoft when attacks are detected.
- SSL Certificate Pinning to help detect Man in the Middle attacks.
How to disable early warning reports
If you do not want to send data to Microsoft when EMET detects attacks, uncheck the Early Warning option in the reporting ribbon at the top of the main window. Here you can also disable the tray icon or Windows Event logging.
I suggest you start with the excellent user guide that Microsoft has released as it will answer many of the questions that you may have about the application.
First thing you may want to do after installation is click on Apps to find out which apps are currently protected by the application.
Here you should see a list of executable files and the mitigation techniques they are protected by. You can add new applications easily using the menu at the top and decide whether you want exploits to be stopped dead in their tracks or audited only.
EMET 4.0 ships with three protection profiles that Microsoft has created for the program. You can import them from the main menu with a click on Import. The popular software profile adds support for programs such as Firefox, Foxit Reader, Adobe Photoshop or Skype to EMET automatically.
EMET 4.0 can be downloaded from Microsoft's Download Center. Note that you do need to uninstall EMET 4.0 Beta if you are running it on the system before you install the update. That was at least the case on my system where the Beta version was detected as a newer version.
The application is compatible with all client and server operating systems from Windows XP SP3 and Windows Server 2003 SP1 onwards.
The Enhanced Mitigation Experience Toolkit 4.0 is one of the must-install programs that Microsoft makes available for its operating systems. It is unobtrusively running in the background protecting your system against 0-day exploits and malware that slipped by your antivirus solution.