locked
Application incompatibilities in All.xml of EMET v3 RRS feed

  • General discussion

  • I sent an email off to switech last night with the following text:

    ================

    Operating System: Windows XP x64
    DEP: Always On


    Offending Application: 7z920-x64.msi
    Offending Executable: 7zG.exe
    Offending setting: EAF

    To recreate the bug, follow these steps:
    1. Install 7z920-x64.msi and EMET (Duh)
    2. Import All.xml (double-Duh)
    3. In Windows Explorer highlight some files, then right-click them, select 7-Zip >> Add to archive ...
    4. In 7-Zip click on the "..." button in the top, right-hand corner
    5. Ka-Boom! DEP mitigation error
    6. Disable EAF for 7zG in EMET
    7. Repeat steps 3 & 4
    8. Where's the Ka-Boom?  There was supposed to be an Earth-shattering Ka-Boom!


    Offending Application: SkypeSetup.msi
    Offending Executable: Skype.exe
    Offending setting: SEHOP

    To recreate the bug, follow these steps:
    1. Install SkypeSetup.msi and EMET (Duh)
    2. Import All.xml (double-Duh)
    3. Attempt to login to a Skype account
    5. Dies not with a bang but a whimper
    6. Disable SEHOP for Skype in EMET
    7. Repeat step 3
    8. It's alive I tell you, it's alive!


    Tested on bare metal install with full application load-out (my desktop rig AKA how I found it) and a fully updated VirtualBox install with only 7-Zip, Skype and EMET.

    =========================

    However I decided I should really check all the listed applications that I have on hand and can now also add:

    Offending Application: 7z920-x64.msi
    Offending Executable: 7zFM.exe
    Offending setting: EAF

    Offending Application: winrar-x64-420.exe
    Offending Executable: winrar.exe
    Offending setting: EAF

    Offending Application: Internet Explorer (64-bit)
    Offending Executable: iexplore.exe
    Offending setting: EAF

    Seriously, how can Internet Explorer have slipped through the net, I know it's not the commonly used version, but it's still one of the more critical components.

    Monday, September 24, 2012 6:23 AM

All replies

  • It turns out that one has to disable SEHOP for Skype on 32-bit XP (DEP=AlwaysON) as well, found to be the case on both my Mum's travel netbook and desktop.
    Tuesday, September 25, 2012 11:53 AM
  • Addition:

    Offending Application: Video LAN Client (64-bit)
    Offending Executable: vlc-2.0.4-win64.exe
    Offending setting: EAF

    I haven't tested the 32-bit version yet.


    EDIT: The 32-bit version does NOT require EAF to be disabled.
    • Edited by Kurt.Aust Sunday, November 11, 2012 6:34 AM
    Wednesday, November 7, 2012 8:52 AM