locked
EMET 3.0 and IE 10.0 RRS feed

  • Question

  • Does EMET 3.0 fully support both the desktop and Modern UI versions of Internet Explorer on Windows 8?
    Thursday, September 20, 2012 12:30 PM

Answers

  • Hi CypherMike,

    EMET’s compatibility with Windows 8 has been previously tested by another forum member (harshvardhan92) and myself.

    Please refer to the following thread for more information:

    http://social.technet.microsoft.com/Forums/en/emet/thread/3d750eee-a701-4910-aa34-e9c0e1af8aa2

    Yesterday I tested EMET 3.0 and EMET 3.5 Tech Preview again with Windows 8 Release Preview (Build 8400). My apologies that I don’t have the RTM version (I am not an MSDN subscriber at this time).

    Unfortunately, the results were the same that were discussed in the above thread. For your information I had all available Windows Updates installed during my test of EMET yesterday (full list provided below).

    I once again tried the Modern UI and desktop versions of IE 10 with and without Enhanced Protected Mode enabled. EMET never protected any instance of iexplore.exe. This was confirmed using the EMET_Conf.exe utilities list of running processes, iexplore.exe was never running EMET. Process Explorer also confirmed this.

    As mentioned in the above thread, Microsoft is aware of this issue.

    I hope this information is of assistance to you. If I can be of further assistance, please let me know. Please mark this thread as resolved if my information has resulted in a solution for you.

    Thank you.

    -------------------------------

    Windows Malicious Software Removal Tool for Windows 8 Release Preview x64 (KB890830)

    Update for Windows 8 Release Preview for x64-based Systems (KB2718791)

    Update for Windows 8 Release Preview for x64-based Systems (KB2718704)

    Definition Update for Windows Defender- KB2267602 (Definition 1.137.1105.0)

    Update for Windows 8 Release Preview for x64-based Systems (KB2727113)

    Update for Windows 8 Release Preview for x64-based Systems (KB2730450)

    Security Update for Windows 8 Release Preview for x64-based Systems (KB2719985)

    Update for Windows 8 Release Preview for x64-based Systems (KB271 7246)

    Update for Internet Explorer Flash Player for Windows 8 Release Preview for x64-based Systems (KB2755399)

    • Marked as answer by CypherMike Friday, October 5, 2012 6:24 PM
    Friday, October 5, 2012 2:32 PM

All replies

  • Hi CypherMike,

    EMET’s compatibility with Windows 8 has been previously tested by another forum member (harshvardhan92) and myself.

    Please refer to the following thread for more information:

    http://social.technet.microsoft.com/Forums/en/emet/thread/3d750eee-a701-4910-aa34-e9c0e1af8aa2

    Yesterday I tested EMET 3.0 and EMET 3.5 Tech Preview again with Windows 8 Release Preview (Build 8400). My apologies that I don’t have the RTM version (I am not an MSDN subscriber at this time).

    Unfortunately, the results were the same that were discussed in the above thread. For your information I had all available Windows Updates installed during my test of EMET yesterday (full list provided below).

    I once again tried the Modern UI and desktop versions of IE 10 with and without Enhanced Protected Mode enabled. EMET never protected any instance of iexplore.exe. This was confirmed using the EMET_Conf.exe utilities list of running processes, iexplore.exe was never running EMET. Process Explorer also confirmed this.

    As mentioned in the above thread, Microsoft is aware of this issue.

    I hope this information is of assistance to you. If I can be of further assistance, please let me know. Please mark this thread as resolved if my information has resulted in a solution for you.

    Thank you.

    -------------------------------

    Windows Malicious Software Removal Tool for Windows 8 Release Preview x64 (KB890830)

    Update for Windows 8 Release Preview for x64-based Systems (KB2718791)

    Update for Windows 8 Release Preview for x64-based Systems (KB2718704)

    Definition Update for Windows Defender- KB2267602 (Definition 1.137.1105.0)

    Update for Windows 8 Release Preview for x64-based Systems (KB2727113)

    Update for Windows 8 Release Preview for x64-based Systems (KB2730450)

    Security Update for Windows 8 Release Preview for x64-based Systems (KB2719985)

    Update for Windows 8 Release Preview for x64-based Systems (KB271 7246)

    Update for Internet Explorer Flash Player for Windows 8 Release Preview for x64-based Systems (KB2755399)

    • Marked as answer by CypherMike Friday, October 5, 2012 6:24 PM
    Friday, October 5, 2012 2:32 PM
  • Thank you very much, I'll look into the AppContainer as well.
    Friday, October 5, 2012 6:24 PM
  • Hi CypherMike,

    You are more than welcome. I am glad that the above information and the thread that I linked to were of assistance to you.

    Please be aware that the AppContainer integrity level is only available on the 64 bit version of Windows 8 and when Enhanced Protected mode of IE 10 is enabled.

    As I mentioned, this is explained in the following blog post:

    http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx

    I would be interested to know if your results using EMET with Windows 8 vary to those that I linked to above. I hope to upgrade to Windows 8 RTM in the coming weeks.

    Thanks also for marking my previous post as helpful.

    Friday, October 5, 2012 7:30 PM
  • Another thing I've noticed is that WMP is protected (I used the provided GPO), but crashes if you right click on a .wav, .mp3 and choose Play with Windows Media Player.
    Wednesday, October 10, 2012 3:51 PM
  • Hi CypherMike,

    I tested Windows Media Player that is included with Windows 8 Release Preview today. With EMET 3.5 Tech Preview installed and all mitigations except Mandatory ASLR enabled for Windows Media Player, I experienced the same issue as you.

    I then disabled SEHOP for the 32 bit version of Windows Media Player. The crashing issue now no longer occurs. The 64 bit version of Windows Media Player is compatible with the SEHOP mitigation.

    -------------------------------

    For a 64 bit version of Windows 8 Release Preview:

    The 32 bit version of Media Player is located in the following folder:

    C:\Program Files (x86)\Windows Media Player

    The 64 bit version of Media Player is located in the following folder:

    C:\Program Files\Windows Media Player

    -------------------------------

    For a 32 bit version of Windows 8 Release Preview:

    C:\Program Files\Windows Media Player

    -------------------------------

    Please find below the settings that I used:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Win8MediaPlayer_zps831b596c.png

    EMET Now Active for Windows Media Player 32 bit:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Win8MediaPlayer32bit_zpsd35eac84.png

    Please note that the settings above (for EMET 3.5 Tech Preview) have more options than EMET 3.0. Simply ignore the options that do not apply to EMET 3.0.

    My advice when adding a program to the protection list of EMET is to begin with all mitigations enabled for that program and then one at a time disable mitigations until the program works correctly.

    I usually begin with disabling the mitigations in the following order (for EMET 3.0):

                    Mandatory ASLR

                    SEHOP

                    EAF

                    Any other mitigations remaining

    For EMET 3.5 Tech Preview:

                    Caller Checks

                    Simulate Execution Flow

                    All other ROP mitigations

                    Mandatory ASLR

                    SEHOP

                    EAF

                    Any other mitigations remaining

    For Windows 8 Release Preview, my Configure System options are as follows (which also works with Windows Media Player 32 bit):

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Win8MediaPlayerMySytemSettings_zps08544248.png

    However if you experience any issues with any program I would first recommend the default settings of EMET:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Win8MediaPlayerDefaultSytemSettings_zpsc22755e1.png

    As I describe in a recent thread (link below), EMET cannot always be simply enabled for any application. After enabling it, you must test it. I have found the majority of applications to work with all EMET mitigations enabled but this is not always the case (especially with EMET 3.5 Tech Preview). Its ROP (Return Oriented Programming) mitigations can be more problematic.

    http://social.technet.microsoft.com/Forums/en/emet/thread/26d83e44-31d3-4cb8-9ae0-7a1a7c450340

    I would recommend using EMET 3.0 with Windows 8 Release Preview  until 3.5 Tech Preview is officially tested and supported as 3.0 now is. I am only using 3.5 Tech Preview for testing and compatibility purposes. By default 3.5 has the same mitigations as 3.0, the extra mitigations must be enabled manually.

    I have added the incompatibility of Windows Media Player of Windows 8 to the list of application compatibility issues in the following thread:

    http://social.technet.microsoft.com/Forums/en/emet/thread/1e70c72b-67b2-43c4-bd36-a0edd1857875

    If you have any other questions related to EMET 3.0 and IE 10, please post in this thread; otherwise please create a new thread since my post today is off-topic.

    I hope this information is of assistance to you. Thank you.

    • Edited by JamesC_836 Friday, October 12, 2012 2:43 PM Corrected image link
    Friday, October 12, 2012 2:42 PM