Enhanced Mitigation Experience Toolkit 4.0 final is out
Microsoft released a beta version of the Enhanced Mitigation Experience Toolkit 4.0 back in April this year promising that the final version would follow in the coming months. The release of version 4.0 of EMET came as a surprise to many, as the company decided to skip EMET 3.5 final after having released a technical preview version of it before.
The Enhanced Mitigation Experience Toolkit improves security significantly on Windows systems. It is not a first-line of defense product such as antivirus programs or firewalls, but steps in when malware managed to sneak by those defense. This can for instance be the case for new 0-day vulnerabilities that have not been patched yet.
EMET mitigates common exploit techniques so that code that is making use of them cannot execute properly on the system so that malware attacks are blocked by the application before they infect the PC.
Tip: check out our advanced guide for EMET to get the most out of the security application.
You are probably wondering what is new in the final release. The first thing you will notice in this regard is the new configuration wizard that pops up after installation.
Here you can select to keep existing settings or use recommended settings. You may want to keep your existing settings of EMET if you have made modifications to the application previously on your system.
The recommended settings option resets all existing application configuration settings, adds protections for common programs such as Internet Explorer, Oracle Java, Microsoft Office or Adobe Reader, adds Certificate Trust rules for popular services such as Twitter, Facebook and Yahoo, and enables reporting.
Remember that you can export data in the program so that you may want to back up your customizations in the version installed on a system before you run the installer to install the new EMET 4.0 version on your system. You can then import the data backup that you have saved earlier.
The main program window has been redesigned. First thing you may want to do is switch the Office 2013 skin to EMET Style or another theme that improves the overall look and feel of the program interface. And yes, there is a Ribbon now but it is not that bad as all options are displayed in it and you do not need to switch between different tabs here.
- ROP mitigations that were introduced in EMET 3.5 Technical Preview have been improved compatibility and performance-wise.
- All known compatibility issues of EMET 3.0 and 3.5 Technical Preview are resolved in the new version.
- Internet Explorer 10 on Windows 8 is now supported by the application.
- Early Warning feature that sends information to Microsoft when attacks are detected.
- SSL Certificate Pinning to help detect Man in the Middle attacks.
How to disable early warning reports
If you do not want to send data to Microsoft when EMET detects attacks, uncheck the Early Warning option in the reporting ribbon at the top of the main window. Here you can also disable the tray icon or Windows Event logging.
I suggest you start with the excellent user guide that Microsoft has released as it will answer many of the questions that you may have about the application.
First thing you may want to do after installation is click on Apps to find out which apps are currently protected by the application.
Here you should see a list of executable files and the mitigation techniques they are protected by. You can add new applications easily using the menu at the top and decide whether you want exploits to be stopped dead in their tracks or audited only.
EMET 4.0 ships with three protection profiles that Microsoft has created for the program. You can import them from the main menu with a click on Import. The popular software profile adds support for programs such as Firefox, Foxit Reader, Adobe Photoshop or Skype to EMET automatically.
EMETÂ can be downloaded from Microsoft's Download Center. Note that you do need to uninstall EMET 4.0 Beta if you are running it on the system before you install the update. That was at least the case on my system where the Beta version was detected as a newer version.
Update: The latest, and last version of EMET is 5.52 which is available as a download from Microsoft's website.
The application is compatible with all client and server operating systems from Windows XP SP3 and Windows Server 2003 SP1 onwards.
The Enhanced Mitigation Experience Toolkit 4.0 is one of the must-install programs that Microsoft makes available for its operating systems. It is unobtrusively running in the background protecting your system against 0-day exploits and malware that slipped by your antivirus solution.
My dad’s PC is suffering a little bit of slow performance I think that uninstalling MSE and installing EMET would improve it. Security-wise, do you think it would really be a terrible choice? Thanks for your suggestions :)
Ugh, the wizard come up when the progress bar is still 2/3 way to finish without taskbar icon or the window popping in front of you, I thought my install was botched and killed it with task manager only to find it hang again, I was about to give up until I accidentally saw the hidden wizard window waiting for me in the background.
Funny, the same thing happened to me the first time I installed it.
Thanks for the notification.
You are welcome.
Thanks, for the update Martin. Do any of the tips you gave with your two earlier articles still relevant with this 4.0 version? Like the on setting for the deep hooks?
Can you point me to the right article please? Deep Hooks do not seem to be enabled by default while anti detours and banned functions are.
On April 21, 2013 you wrought (in your articel named Microsoft releases Enhanced Mitigation Experience Toolkit (EMET) 4.0 Beta) EMET 4.0 features additional improvements and feature additions:
Advanced settings for ROP mitigations block techniques that try to bypass the mitigations. You find those new features under Configure > Applications > Options > Advanced Configuration. Deep Hooks, Anti Detours and Banned Functions are all enabled by default. Here you can also define the action that you want taken when exploits are detected. The default action is to stop the program, and you can change that to audit only instead.
In this latest version there is also a possibility (who standard in not activated) to activate hook.
By going to configuration/apps/ and than on the 5th (most on the right) you can activate deep hooks. Should I activate it?
I do not know why it is not activated by default. I would suggest you try it out and monitor your system to see if it affects software you run on it.
I don’t know why, but my comment disapperead…
I’ll write it again, shorter this time.
Do you suggest uninstalling MSE and substituing it with EMET to improve performance in a some-year-old PC or security-wise is it really a crazy idea? Thank you :)
No, they are two different programs. You need antivirus software and firewall. EMET is just a second layer of defense after those programs.
I can’t comment. All my comments are blocked. What happened? :(
who you? me? :)
Using EMET, have you ever received any notification, or, EMET stopped an application, due to 0-day vulnerability ?
The same by the way goes for Microsoft’s Defender. I never in the last 13 years (since XP), got any notifications for malware from Defender, while I got many from my anti-virus applications.
For guarding against 0-day vulnerabilities I use Behavior Based Malware Blocking – Emsisoft’s Mamutu, which block not only applications but suspicious dll,sys,exe…. files.
p.s you can run a test for your anti-virus at http://www.amtso.org/feature-settings-check.html
Not even a tiny squeak from Defender.
thanks for this – http://www.amtso.org/feature-settings-check.html.
:) pretty nice tests.
Defender for all previous versions of Windows 8 were utterly useless. They were for some forms of spyware and that was it. That’s why Microsoft released MSE.
Only in Windows 8 is Windows Defender a full AV suite.
Downloaded the update yesterday. Man oh man, what a massive improvement. Although I don’t know why you recommend the Office 2013 theme. I think the EMET Dark theme is the best looking.
EMET 4 now requires .NET Framework 4
This tool is very technical for me.
Please how to configure for me?
You can load the recommended list and the popular software list as described in the article. You can also add any program that you want protected to the list as well, but you may need to test that for compatibility first.
This is a terrific tool! I installed it on both of my laptops without any trouble. I did have to upgrate the .Net Framework though. I’ve used the older version of EMET for about a year now, the GUI on the 4.0 version is quite an improvement.
All the documentation says that EMET 4.0 requires “.NET Framework 4”. I need to know: will it work with .NET Framework 4.0 Client Profile? Or does it require the Full version? Will it work with only .NET Framework 4.5 installed, as on Windows 8? Or do I have to add .NET Framework 4.0 to Windows 8?
The EMET installer is balking on many of my machines because of these issues. I need to know!
Sande, while I can’t confirm if it will work with the 4.0 Client Profile, I can confirm that it will work on Windows 8 with 4.5 installed. You do need this update however to make it work with IE10
For anyone wondering about the difference between the full version and the client profile: Microsoft up to and including .Net Framework 4.0 offered the full version and a client profile version. The client profile was an optimized version of the framework for client applications allowing smaller apps and faster deployment, but without some features that the full framework made available.
Microsoft has discontinued the .Net Framework Client Profile with the release of version 4.5.
Tried and failed to download this tool. Then I changed my Firefox browser settings to allow “cookies” from microsoft.com. This cured the difficulty. After the download completed, I again revoked browser cookie permission. No persistent cookie seems to have been set.
When people want to set cookies on my equipment, they ought to say so up front. This is just one of many experiences I have had where a web site doesn’t work as planned, gives no error message, and is cured by backing off my personal privacy a little to get what is “freely” offered.