locked
Firefox Start very slow using EMET 5.0 or 5.1 with EAF+ enabled RRS feed

  • Question

    • EMET 5.0 or EMET 5.1(both tested)
    • Firefox - tested with Versions: 31.1 ESR, 31.2 ESR, 31.3 ESR (prerelease), regular v33.1.1
    • OS: Windows 7 x64

    When Firefox Application-Mitigation "EAF+" is enabled, Firefox start is really really slow (~35 seconds). After disabling the "EAF+" Mitigation for Firefox.exe its start-time is reduced to ~3-5 seconds as expected.

    The "EAF+" Mitigation is by default turned on using the Default-Protection-Profile "Popular Software.xml" which is provided with EMET 5.0 and EMET 5.1.

    EMET 4.1 didn't show this behavior - but as I remember there wasn't EAF+ available with EMET 4.1.



    Wednesday, November 26, 2014 4:56 PM

All replies

  • I updated a Windows 7 SP1 32bit system from 4.1 to 5.1 yesterday and saw the same behaviour with Firefox 33.1.1. I thought Internet Explorer started more slowly as well, although not to the same extent. One core is running flat out while Firefox starts.

    I ran Process Monitor and found a delay of around 500ms following most Load Image Operations. Some EMETSendCert entries on the stack. There was nothing else that indicated what was causing this. I went back to EMET 4.1 by restoring a backup. 

    As this seems to be more than a one-off affecting my system, I'll install EMET 5.1 again (probably next week) to collect more information and post it on Connect.

    I also have EMET 5.1 installed on an old Vista laptop and this doesn't happen. The only difference in settings is that Vista has SEHOP Always On; Windows 7 has SEHOP Application Opt Out. The Vista system had the SEHOP set through the Registry before EMET was installed. 

    Wednesday, November 26, 2014 9:09 PM
  • Thursday, November 27, 2014 6:41 AM
  • Maybe this helps:

    "To wrap EMET’s protection around a program — say, Mozilla Firefox — launch EMET and click the “Apps” button in the upper portion of the main EMET window. Selecting the “Add Application” button in the next box brings up a program selection prompt; browse to C:\Program Files (x86)\Mozilla Firefox, and then add the “firefox.exe” file. It should be okay to accept all of the defaults that EMET adds for you."

    http://krebsonsecurity.com/2013/06/windows-security-101-emet-4-0/

    Friday, December 25, 2015 9:01 PM