locked
EMET 5.2 latest build - IE11 will not launch in Windows 10 rtm RRS feed

  • Question

  • Upgrade a Win 8.1 pro machine to Win 10 pro.  EMET 5.2 survived the upgrade process.  It appears to be running in Windows 10 but the issue I have is when you go to launch Internet Explorer 11, you get nothing.  You do not even get a message back or any other feedback that something happened.  When you go into the Event Viewer you see these events for every instance of clicking on the IE window]

    Event ID: 1000 Source: Application Error

    Faulting application name: iexplore.exe, version: 11.0.10240.16384, time stamp: 0x559f3a1c
    Faulting module name: ntdll.dll, version: 10.0.10240.16392, time stamp: 0x55a864a2
    Exception code: 0xc0000409
    Fault offset: 0x00000000000963e0
    Faulting process id: 0x24e8
    Faulting application start time: 0x01d0cb1baa48625b
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 6feb4755-5ca5-477a-9326-32074335ad08
    Faulting package full name: 
    Faulting package-relative application ID: 

    I uninstalled EMET 5.2 and now IE 11 fires right up.  I would not normally use IE 11 but we have a few business applications that require it.  Any updates to EMET compatibility with Windows 10 build 10240 (RTM Build)?

    Friday, July 31, 2015 1:07 PM

All replies

  • Turn iexplore.exe EAF off to make your IE 11 live again, tested on EMET 5.2.

    Microsoft Security team should release an update for this and/or other issues soon.

    • Proposed as answer by EvilRix Monday, January 11, 2016 12:18 PM
    Tuesday, August 4, 2015 5:57 AM
  • I upgraded Windows 7 Professional to Windows 10.

    Internet Explorer 11 was working perfectly until I opened the EMET 5.2 GUI. After that I experienced the same thing as you. Interestingly, the EMET GUI does not report any processes as running EMET.

    Removing Internet Explorer completely from EMET solved the problem for me. EAF was not enough.

    Wednesday, August 5, 2015 3:08 PM
  • confirmed EAF is culprit and I am using windows 7 so isnt a win10 issue but rather EMET issue.

    Funny enough emet 5.1 works just fine with IE11, so microsoft broke their own software.


    simexecflow also has to be turned off and again that was fien in 5.1.
    • Edited by chrcoluk Friday, August 7, 2015 8:17 PM update
    Friday, August 7, 2015 8:16 PM
  • What is the correct syntax to do this in EMET group Policy?

    Would I just omit the -EAF line from the Application Configuration element?

    Example

    iexplore.exe -SEHOP -DEP -ManditoryASLR -NullPage -BottomUpASLR -HeapSpray -LoadLib -MemProt -Caller -SimExecFlow -StackPivot

    I just don't want to add too much to IE that it breaks it.  Then I assume change "Default Protections for Internet Explorer" to disabled or not configured.

    Thursday, August 20, 2015 1:21 PM
  • Hmm seems I figured it out.  That GPO element is where you only mention things to subtract from protections.  So In that value box I entered

    iexplore.exe -EAF

    Then in the Default Protections for Internet Explorer I changed that from Enabled to Not Configured.

    Ran gpupdate /force on my windows 10 machine, and now IE 11 opens up fine.  Opened the EMET 5.2 user interface and the iexplore.exe process is showing as protected.  More details on this process show everything checked except for EAF+ and ASR.

    So far so good I guess.

    Thursday, August 20, 2015 1:26 PM