locked
Caller Mitigation closes all apps after running Symantec Ghost Image Explorer RRS feed

  • Question

  • Hey folks,

    My company is currently testing EMET 4.1 U1 for deployment. Recently, members of the Help Desk have called to our attention the fact that EMET will start closing protected applications (such as Outlook, Chrome, IE, Word, Excel, etc) with caller mitigation after running the Symantec Ghost Image Explorer. This keeps happening even after closing Ghost and rebooting the machine. Essentially, any computer where Ghost is run will keep shutting down everything unless EMET is removed.

    Any idea what this could be? We are using Windows 7.

    We are configuring EMET via GPO, the settings are the following:

    Setting

    Recommended Value

    System ASLR

    Enabled -> Application Opt In

    Default Action and Mitigation Settings

    Enabled -> Deep Hooks: Enabled, Anti Detours: Enabled, Banned Functions: Enabled, Exploit Action: Stop Program

    EMET Agent Visibility

    Enabled -> Start Agent Hidden: Disabled

    Application Configuration

    All the defaults

    System DEP

    Enabled -> Application Opt In

    Default Protections for Internet Explorer

    Disabled

    Default Protections for Recommended Software

    Disabled

    Default Protections for Popular software

    Disabled

    Reporting

    Enabled -> Event Log: Enabled, Tray Icon: Enabled, Early Warning: Disabled

    System SEHOP

    Enabled -> Application Opt In

    EMET Agent Custom Message

    Enabled: “EMET has detected an exception and has closed an application”

    Thursday, July 3, 2014 4:01 PM