locked
EMET 5.0 TP IE 11 Flash broken RRS feed

  • Question

  • Windows 8.1 x64 6.3.9600, latest patches
    Internet Explorer: 11.0.9600.16521
    Flash Player: 12.0.0.77
    EMET 5.0 TP build 5.0.5168.17251, testing since yesterday

    Behaviour:
    Flash in youtube.com: Nothing happens, black window where the video should play
    Same here: h**ps://www.adobe.com/software/flash/about/

    Flash in YouTube embedded in G+: Error like in the screenshot

    EMET detected ASR mitigation in iexplore.exe
    
    ASR check failed:
      Application 	: C:\Program Files\Internet Explorer\iexplore.exe
      User Name 	: ***\***
      Session ID 	: 1
      PID 		: 0x1978 (6520)
      TID 		: 0x15E0 (5600)
      Module 	: Flash.ocx
      Web address 	: https://www.adobe.com/software/flash/about/
      Url zone 	: Internet
    

    IE is running in native x64 mode.

    Please advise.

    Thursday, March 27, 2014 10:28 AM

Answers

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\_settings_\{2b0d2ad2-af74-48b4-a92b-f5858c27c292}\

    asr_zones from 1;2 to 1;2;3

    Solved. Amazing what RTFM can achieve ;-)


    • Marked as answer by Duke73 Thursday, March 27, 2014 1:11 PM
    Thursday, March 27, 2014 10:48 AM

All replies

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\_settings_\{2b0d2ad2-af74-48b4-a92b-f5858c27c292}\

    asr_zones from 1;2 to 1;2;3

    Solved. Amazing what RTFM can achieve ;-)


    • Marked as answer by Duke73 Thursday, March 27, 2014 1:11 PM
    Thursday, March 27, 2014 10:48 AM
  • It's amazing how RTFM can make you leave your machine vulnerable. I do not want to turn off the ASR for Internet zone.

    However I know that it's primarily Flash's dirty laundry, that they do some really bad thing in the dll which triggers EMET, even if it is not infected.

    Wednesday, April 2, 2014 5:09 PM
  • I get this on Win 7 SP1, IE 11, upon exit, even if I don't navigate anywhere after start (just exit). The default homepage is our intranet home page:

    "EMET detected ASR mitigation in IEXPLORE.EXE

    ASR check failed:
      Application     : C:\Program Files\Internet Explorer\IEXPLORE.EXE
      User Name     : DSCHOME\csabatoth
      Session ID     : 1
      PID         : 0xD10 (3344)
      TID         : 0xF70 (3952)
      Module     : Flash64_12_0_0_77.ocx"

    Wednesday, April 2, 2014 5:11 PM
  • Sounds like you need to add your intranet site to your intranet zone in IE.

    GBS Premier Field Engineer Cybersecurity Check out my blog http://blogs.technet.com/kfalde or better yet check out http://technet.com/wiki and start contributing :)

    Friday, April 4, 2014 8:23 PM
  • It's amazing how RTFM can make you leave your machine vulnerable. I do not want to turn off the ASR for Internet zone.

    However I know that it's primarily Flash's dirty laundry, that they do some really bad thing in the dll which triggers EMET, even if it is not infected.

    It's quite possible to be without Flash. I have tried it for a few weeks.

    Apparently the design decision was made in EMET 5 to disable Flash for the internet zone. I rather turn it on and have ActiveX filtering disable Flash except for a few select websites.

    Friday, April 4, 2014 8:46 PM