locked
Apply EMET to Multiple Same-Name Executables RRS feed

  • Question

  • Hello,

    I recently installed EMET 4.0 and have been enabling it for some applications to see how it interacts with my system. One of the first programs I tested was notepad, and here I ran into a problem. My computer (with Windows 7) has six separate copies of notepad.exe in various folders. The internet tells me that this is probably for compatibility purposes:

    https://blogs.msdn.com/b/oldnewthing/archive/2006/03/28/563008.aspx?Redirected=true

    Unfortunately, I cannot protect all of these executables with EMET because their identical names conflict. If I add protections to one, the others will still execute without protections, and EMET will not allow me to add protections to the others, giving me an error message like this:

    "C:\Windows\notepad.exe" conflicts with existing entry for "C:\Windows\system32\NOTEPAD.EXE"

    More generally, this conflict likely occurs for other applications. Is there any way to protect multiple executables with the same name? I realize I could enable system-wide protections, but that tends to break things, so I'd rather avoid it.

    Thanks for the replies,

    Kommodore

    Friday, September 13, 2013 10:01 PM

All replies

  • You can easily protect several programs that share filenames by using wildcards. In EMET 4.0 click on the "Apps" button, and then on the "Add Wildcard" button. In the dialog box that will pop up, simply put *\Notepad.exe or Notepad.exe (both will work just as well in this case.) And then hit Ok. From now on EMET will protect any Notepad.exes that start from any folder on the system.

    Also, programs that are protected via wildcard will show up in the apps list as a bolder font, and hovering over them will show the wildcard sting instead of the file location.

    Monday, September 16, 2013 3:23 AM