locked
What to do on EMET mitigations RRS feed

  • Question

  • Is there any additional documentation on what to do on EMET mitigations? So I have several computers that have reported EMET mitigations, when I check the logs I see they happened but not sure how to proceed as they happened on sites that are common, such as a DEP mitigation on www.msn.com and an EZF+ mitigation on https://www.google.com/?gwds_rd=ssl.  I try to duplicate the issue by going to the same site on a test computer with EMET but it works just fine.  Are there any additional logging the will allow me to dig into to the issue?

    An Example

    EMET version 5.5.5871.31892
    EMET detected EAF+ mitigation and will close the application: IEXPLORE.EXE
    
    EAF+ check failed:
      Application 	: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      User Name 	: Removed
      Session ID 	: 1
      PID 		: 0x2784 (10116)
      TID 		: 0x203C (8252)
      Module 	: slc.dll
      Mod Base 	: 0x12AA0000
      Mod Address 	: 0x12AA48C8
      Mem Address 	: 0x77D9B298
      Web address 	: https://www.google.com/?gws_rd=ssl
      Url zone 	: Internet
    

    Wednesday, March 30, 2016 7:14 PM