Microsoft Enhanced Mitigation Experience Toolkit or EMET is a utility that implements security mitigation technologies to protect software from zero-day vulnerabilities. Protecting that time before antivirus definitions are updated and patches are released is a sweet-spot of mitigating problems. A vulnerability may be out there for a long time before it is even known about to the developers and the security industry. EMET creates more hurdles for a vulnerability to have to bypass in order to successfully compromise a computer.
EMET is designed to work with any software, regardless of when it was written or by whom it was written. This includes software that is developed by Microsoft and software that is developed by other vendors.
A free download from Microsoft, EMET can be easily deployed in its .msi format. It is also easy to use and provides a simple ways to add an extra layer of protection, hardening the applications you need. EMET works on Windows XP SP3, Vista SP1+, and all levels of Windows 7 along with Server 2003 SP1 – Server 2008 (R2). EMET is also an officially supported product from Microsoft.
After running the EMET setup, icons will be placed on the Start Menu for the Toolkit and a User’s guide. You can startup the application and configure your system to protect select or all applications.
To configure the application, you hit the Configure Apps button and then go to File, Import. You can then select to import the protection profiles that are installed along with the software from C:Program FilesEMETDeploymentProtection Profiles.
You will find:
- Internet Explorer.xml: Enables mitigations for supported versions of Microsoft Internet Explorer.
- Office Software.xml: Enables mitigations for supported versions of Microsoft Internet Explorer, applications that are part of the Microsoft Office suite, Adobe Acrobat 8-10 and Adobe Acrobat Reader 8-10.
- All.xml: Enables mitigations for common home and enterprise applications, including Microsoft Internet Explorer and Microsoft Office.
After you import a protection profile, you might notice duplicates listed. This is just for the different paths to identify a process (such as Office12, Office14, etc.). The columns then allow you to select which protections you wish to implement for each process.
The application runs in the background with a notification from the lock icon residing in the system tray if a problem is seen. It will then close the process that is triggering the mitigation to protect your system.
EMET can be configured remotely with Group Policy templates included with the install at “C:Program FilesEMETDeploymentGroup Policy Files” with an .adml and .admx file.
EMET also provides an SCCM package if you would like to manage the tool through System Center.
The security mitigation technologies that EMET uses carry an application compatibility risk with them. Some applications rely on exactly the behavior that the mitigations block. It is important to thoroughly test EMET on all target computers by using test scenarios before you deploy EMET in a production environment. If you encounter a problem with a specific mitigation, you can individually enable and disable the specific mitigations. For more information, refer to the user’s guide that is installed with EMET.
Despite that warning, with adequate testing, EMET can provide a much more complete security layer for your client computers that defends against some of the growing and more severe risks. Plus, it’s free and an officially supported product from Microsoft.
Read more from Microsoft’s introduction post. Download EMET v3 from Microsoft.com.