I emailed this, sorry if it's a duplication. I enabled CWDIllegalInDllSearch at the 0xffffffff level with minimal impact (I had to create one exception for a cheapo image-editing program), so it occurred to me that it could be a viable EMET option
if you add an opt-out routine for programs that need exemptions.
I'd also find an AutoRun toggle useful. AutoRun malware can spread on more than just USB devices; there are malware families that will add AutoRun worms to the files waiting to be burned to CD/DVD, for example. Part of my system configuration
routine is to disable all AutoRun functionality via both GPO and Microsoft's FixIt. Add it to EMET and it'll be up to the customer to decide if they can trade ease of use for a proactive security countermeasure.
Keep up the good work. When's EMET 3.5 Final coming out?
