Misleading documentation or bug? RRS feed

  • Question

  • Hi,

    I've just been playing with the command-line program for EMET 3.0 and I'm confused as to how EMET is handing adding of an entry when just specifying an application name (with no directory or wildcard components). The docs state: "Another option is to just use the executable name without the path, such as wmplayer.exe."

    I have just tried this, using "notepad.exe" as the parameter, and the EMET added it in but prepended it with the current working directory. I only noticed this by mistake and could have been fooled into thinking that any application image with filename "notepad.exe" was protected - when in fact only one matching the current directory with that filename is matched.

    Should EMET be matching any instance of notepad.exe in this case, or is it meant to be only matching current directory + image name? If the latter I fail to see the usefulness of this feature.

    Friday, September 21, 2012 12:51 AM