locked
Does EMET only prevent network based vulnerabilities? RRS feed

  • Question

  • Hi,

    I have a standalone machine and was wondering whether or not it's worth it to install EMET. If the machine is never connected to a network, is it worth it to install EMET?

    Thanks,

    M. Stoner

    Monday, April 27, 2015 9:16 PM

All replies

  • The exploit has got to get to the machine somehow.

    Are USB drives attached to the machine ever? That was how the Stuxnet malware was introduced into the Iranian uranium enrichment facility.

    Thursday, April 30, 2015 11:38 AM
  • That's funny you mentioned Stuxnet. I was just talking to a coworker about this issue and he used Stuxnet as an example of how there's really no such thing as a "standalone" system.

    But no. Only CD's are used on the system when patches come out or virus definitions need updates. The system is also in a secured facility.

    Thanks for the reply!

    Thursday, April 30, 2015 6:26 PM
  • Looks like several individuals are wondering the same thing.  I look forward to the answer.
    Thursday, June 25, 2015 2:54 PM
  • There are benefits to using it on a non-networked device.  Note that EMET doesn't block a user from running or installing a malicious program / application, whether from the network or USB or CD, so it won't help in that case.  However, EMET does block it if a user views a malicious document / picture / data file on the USB or CD that corrupts the document viewer's memory so much that it runs malware secretly embedded in the document.  Also note that manual antivirus/antimalware definition file updates might not happen as often as they should if the device is not connected to a network, but EMET doesn't rely on daily definition file updates so is good that way.  Hopefully this helps better explain the benefits for your risk assessment to determine whether it is worth it in your specific environment to install EMET.

    Wednesday, July 1, 2015 1:03 PM