locked
EMET 5.5 final service installed as "delayed start" and "DEP/ASLR Policy settings are ineffective by default" RRS feed

  • Question

  • Hi,

    I'm using Windows 10 th2-10511 x64 and when I install EMET 5.5 final the EMET service is installed with the "delayed start" flag and the service and never starts after a reboot. The same thing happened with the beta version, I didn't notice it until the final was released. This issue doesn't occur with EMET 5.2.

    I switched the service to the normal Automatic (not delayed) start, and everything seems to be working again. I was wondering if anyone else experienced this issue?

    Also, can someone enlighten me about this warning message "DEP/ASLR Policy settings are ineffective by default; see user's guide on how to enable them". It appears when I enable the DEP/ASLR EMET GPO and I couldn't find any reference to this  message in the user guide. DEP seems to be enabled, I have no idea how to check for ALSR other than Process hacker that shows ASLR as N/A.

    Thanks



    • Edited by Avrertw Saturday, February 6, 2016 11:35 PM
    Saturday, February 6, 2016 5:47 PM

All replies


  • I have no idea how to check for ALSR other than Process hacker that shows ASLR as N/A.

    The 2.37 version of Process Hacker has a bug showing ASLR as N/A for all processes... You will need to try 2.36 or 2.38 and later (when they're released).

    -dmex

    Sunday, February 7, 2016 1:42 AM
  • Hi,

    I'm using Windows 10 th2-10511 x64 and when I install EMET 5.5 final the EMET service is installed with the "delayed start" flag and the service and never starts after a reboot. The same thing happened with the beta version, I didn't notice it until the final was released. This issue doesn't occur with EMET 5.2.

    I switched the service to the normal Automatic (not delayed) start, and everything seems to be working again. I was wondering if anyone else experienced this issue?

    ...

    Thanks


    I have this issue too that EMET starts very slow at every reboot on one of my machines. The service is set to delayed on every machine but only on one the tray icon starts very late after a reboot. This behavior was not present with version 5.2, only with version 5.5 beta and now 5.5 final.
    • Edited by Aethanas Tuesday, February 9, 2016 9:16 PM
    Tuesday, February 9, 2016 9:16 PM
  • The service didn't start at all even after the 120sec AutostartDelay timeout for Delayed start services. I reinstalled this machine after running into another problem, and now the service starts 30~60 seconds after booting to the Desktop.

    I also noticed EMET 5.5 Final has two new services dependencies that 5.2 or even the BETA didn't have. Event Log and Secondary Logon... I have a policy to disallow the running of Runas, let's hope it doesn't break anything..




    • Edited by Avrertw Wednesday, April 20, 2016 11:23 AM
    Tuesday, February 16, 2016 8:14 AM
  • Same issues here.

    Any idea?

    Thursday, February 18, 2016 12:39 PM
  • The delay service starts OK for me but I also have the DEP/ASLR Policy settings are ineffective by default issue. Using a GPO to configure the settings.
    Thursday, February 18, 2016 2:12 PM
  • Yes it's not good.

    EMET is supposed to  be protecting you from malware infections you might pick up by running software such as web browsers but you have plenty of time to start a browser and go to an infected page and get infected before EMET even starts up!!


    Brian G. [in the UK]

    Wednesday, February 24, 2016 11:51 PM
  • Not sure why they changed to a delayed start but I'm guessing it's with intent and not an oversight. Especially if it now has dependencies.  

    I am also getting the "...ineffective by default" message but im thinking it is just a warning (only shows up when using GPO to configure). When I check the dep setting with bcdedit it shows the correct mode. Also when I run my test app (that violates DEP) I get the proper block and an EMET event log for DEP. Perhaps it's a bug but can probably be ignored? Or maybe we wait a little bit to see if a 5.6 comes out and fixes things? *Shrug*

    Thursday, February 25, 2016 3:12 PM