Doesn't give a loud warning that an executable is no longer protected (Adobe Reader updated to ver 11) RRS feed

  • General discussion

  • Running EMET 4.1 on Win XP.
    I updated Adobe PDF Reader from version 9 to version 11.   When this happens, Adobe places the program's executable file in a different subdirectory than in the previous version.  The file name is the same, but the location is completely different (Adobe uses the version number as a subdirectory name).  EMET did not loudly warn me that AcroRd32.exe was no longer protected. 

    It did mark that executable in italics to show that something was wrong. But I only noticed that because I deliberately went in to the protected apps screen to check.  There's no indication on EMET's home screen that a previously protected program is now unprotected. And there wasn't an easy right-click menu to modify the executable's path.  I had to delete, search, and re-add the Adobe executable.

    Thursday, April 10, 2014 9:27 PM

All replies

  • Use the Add Wildcard button to replace the version number in the path with *.

    The Recommended Software profile in the Deployment folder has an entry which sets the path to


    The Memprot mitigation should be disabled for Adobe Reader and Acrobat.

    Thursday, April 10, 2014 10:24 PM