none
EMET detected ASR mitigation in IEXPLORE.EXE Component: Adobe Flash Player 12.0 r0

    Question

  • As noted as well in this blog post:  

    http://0xdabbad00.com/2014/02/27/emet-5.0-review/ 


    "If you have Flash installed and you visit almost any major site that does still have some Flash content (like youtube.com which defaults to Flash initially and then falls back to HTML5), then everytime you bring up your browser, EMET will show an alert that it's blocked Flash. From a usability stand-point this is not good, because you ultimately become accustomed to seeing an EMET alert pop-up constantly so you will begin to ignore them. Unfortunately you can't disable the pop-ups on a per-protection basis, so I can't set EMET to hide any ASR alerts while still informing me of any other type of alert."

    Anytime I go to YouTube, I get a warning that EMET detected ASR mitigation in IEXPLORE.EXE Component:  Adobe Flash Player 12.0 r0 and then IE crashes.


    Unfortunately TechNet isn't coming back, sorry folks :-(


    Monday, March 03, 2014 5:52 AM

All replies

  • Experiencing an almost similar issue(s).

    Symptoms:

    Internet Explorer, Office Word 2007 will crash when i try to launch any of them.

    The error messages:

    1) Internet Explorer

    EMET detected ASR mitigation in iexplore.exe
    component: Adobe Flash Player 12.0 r0
    EMET detected SimExecFlow mitigation and will close the application: IEXPLORE.EXE

    2) Word 2007

    EMET detected SimExecFlow mitigation and will close the application: WINWORD.EXE

    However, when i uncheck the box under the SimExecFlow colum from the Application Configuration interface, the above mentioned applications will successfully launch. But when i exit (close) them, i will receive an application crash message followed by an automatic relaunch of the application. I will then have to close it again for it to exit for good.

    My configuration:

    Os = Windows 7 x64 Ultimate

    EMET 5.0 TP

    Internet Explorer: Version 11.0.9600.16518 / Update Version: 11.0.3

    Office Word 2007 (12.0.6690.5000) SP3 MSO (12.0.6683.5000)

    In advance, thanks for your input.

    Wednesday, March 05, 2014 12:42 PM
  • It is possible to configure the Attack Surface Reduction (ASR) mitigation via the Windows Registry by following the directions in EMET's User Guide. The default configuration of ASR blocks the VML, Adobe Flash, and Oracle Java plugins from Internet Explorer's Internet Zone. It also blocks Adobe Flash from loading in Microsoft Word and Microsoft Excel.

    The currently available EMET 5.0 is a Technical Preview and it is meant for testing purposes only. The final release of EMET 5.0 will give users to configure ASR and EAF+ easily.

    Thursday, March 06, 2014 6:38 PM
  • 1) Please see my answers to Susan's message.

    2) It is possible that you have some plug-ins that have compatibility issues with the SimExecFlow mitigation. About the crash when the program is closing, we are aware of the issue and it will be fixed in the next public release of EMET 5.

    For production systems, EMET 4.1 is the version that we recommend using. EMET 5.0 is a Technical Preview only.

    Thursday, March 06, 2014 6:40 PM
  • Hi Di Giacomo,

    Thanks for the further clarification.

    I'm rolling back to EMET 4.1 till the final release with bug fixes of version 5.x; leaving the deep dive into Windows Registry for the upcoming summer :)

    Thanks

    Saturday, March 08, 2014 11:29 PM
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\_settings_\{6632f9a1-7721-43f1-ba8f-922efa6e4233}

    and remove flash.ocx from the asr_modules dword value if you're interested :)


    GBS Premier Field Engineer Cybersecurity Check out my blog http://blogs.technet.com/kfalde or better yet check out http://technet.com/wiki and start contributing :)

    Friday, March 14, 2014 3:35 AM