locked
questions about emet notifier, side effect possible if EMET is not configured ? RRS feed

  • Question

  • As part of a large Windows deployment, we are testing EMET to help secure our environments against known and potentially unknown exploits.
    In this context, we are struggling to find answers to the following questions:

    1- If EMET is _not_ configured (no application configured), should we expect side effects (for instance via system wide settings)?

    2- EMET installs a component (emet_notifier) that the logged on user can stop. In this case, is protection still in place? If so, what kind of EMET functionalities are lost? (I mean, apart from the user not being notified J)

    3- For some applications, like IE, EMET notified that IE has been closed. However, it does not “look like” it closed anything. Are those “IE closed” notification related to worker processes being terminated and IE windows are still visible/running? (These notifications are causing support calls because users don’t understand why they get this notification with no apparent “application being closed”). Is there anything that can be done to better handle these situations configuration wise?

    Thanks in advance. Regards

    Christian

    Wednesday, December 19, 2012 12:57 PM

Answers