Application Compatibility Issues

The mitigations offered by EMET have the potential to break some applications.  This thread is to discuss people's experiences with applications that do not work correctly under EMET.  The goal is to isolate which specific mitigations cause problems and for which applications (or plug-ins where appropriate).  For those trying to determine which mitigations are causing problems, the most likely candidates are EAF and DEP.

Here are the issues the EMET support team has been able to confirm:

Application or plug-in

Issues that occur

Mitigation or setting causing the issues

Skype

Fails to run

EAF

NetFlix SilverLight app

Video playback in browser fails

EAF

ATI Drivers

System blue screens on boot

System ASLR policy set to always on

(must enable unsafe settings to see this option)

iPod Synchronization service

Service crashes

System DEP policy set to always on

AOL

System gives “out of memory” error messages

System DEP policy set to always on

If you have experienced application compatibility problems with EMET, please share your experiences on this thread.  The more detail you can provide about what the issues are and what 

February 10th, 2011 2:15am

DEP set to opt out (unless set as an excluded app)and always on will result in sims 3 + expansion packs to crash to desktop after a few mins of running
Free Windows Admin Tool Kit Click here and download it now
May 20th, 2011 2:35am

You can also add UltraISO, 9.3.5.2716, which does not like mandatory DEP. All other protections can be enabled and it works fine, though.
May 22nd, 2011 6:35pm

World of Warcraft crashes with EAF enabled. This is due to battle.net.dll which may result in other Blizzard Battle.NET games crashing as well if EAF protection is enabled.
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2011 4:40pm

The mitigations offered by EMET have the potential to break some applications.  This thread is to discuss people's experiences with applications that do not work correctly under EMET.  The goal is to isolate which specific mitigations cause problems and for which applications (or plug-ins where appropriate).  For those trying to determine which mitigations are causing problems, the most likely candidates are EAF and DEP.

Here are the issues the EMET support team has been able to confirm:

Application or plug-in

Issues that occur

Mitigation or setting causing the issues

Skype

Fails to run

EAF

NetFlix SilverLight app

Video playback in browser fails

EAF

ATI Drivers

System blue screens on boot

System ASLR policy set to always on

(must enable unsafe settings to see this option)

iPod Synchronization service

Service crashes

System DEP policy set to always on

AOL

System gives “out of memory” error messages

System DEP policy set to always on

If you have experienced application compatibility problems with EMET, please share your experiences on this thread.  The more detail you can provide about what the issues are and what 


hi

include drivescrubber from iolo.com , only DEP under both vista and windows 7

have a nice day

June 9th, 2011 11:18pm

DAMN NFO Viewer (DAMN NFO Viewer.exe) crashes on every execution attempt, and that application wasn’t even added to EMET, so I added and unchecked everything and re-attempted to launch NFO file viewer application to no avail. Quick guess, might be where I have added the Windows Shell added to EMET? dunno.

Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2011 7:55am

We've seen problems with Corel Draw X4. Not sure of the exact setting.
July 25th, 2011 7:14pm

safari fails to run/possibly DEP/
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2011 3:03pm

When EMET's protections are enabled for web browsers and user installs or upgrades to latest version of Trusteer Rapport (protection from phishing, keylogging and financial malware, such as Zeus or SpyEye), browsers do not launch correctly or open blank, unusable windows.

Right now, possible solutions are:

  • stop Rapport service, launch web browser, start Rapport service;
  • uninstall Rapport, or
  • remove web browsers from the list of programs protected by EMET.

Neither of these is a good one.

This is just FYI, I see the fault at Trusteer's side.

August 5th, 2011 10:29am

Dropbox.exe 1.1.40 (99e6035826ccef09d525b2a025e1d1d7) fails to start with EMET 2.1 ARF enabled. http://forums.dropbox.com/topic.php?id=29640
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2011 8:22pm

Please add Zemana AntiLogger 1.9.2.513 EAF and BottomUpRand option need to be unchecked ( all other option are check mark ok under application configuration ) . Otherwise EAF cause it to not start and BottomUpRand causes the hot link to not to work under services/support of any four links of Zemana software. This is on WIN 7/64 PRO system. Thanks.

  • Edited by Knighthood Friday, August 26, 2011 3:05 AM Added BottomUpRand
August 26th, 2011 2:40am

Please add Zemana AntiLogger 1.9.2.513 EAF and BottomUpRand option need to be unchecked ( all other option are check mark ok under application configuration ) . Otherwise EAF cause it to not start and BottomUpRand causes the hot link to not to work under services/support of any four links of Zemana software. This is on WIN 7/64 PRO system. Thanks.

  • Edited by Knighthood Friday, August 26, 2011 3:05 AM Added BottomUpRand
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2011 2:40am

Please add Zemana AntiLogger 1.9.2.513 EAF and BottomUpRand option need to be unchecked ( all other option are check mark ok under application configuration ) . Otherwise EAF cause it to not start and BottomUpRand causes the hot link to not to work under services/support of any four links of Zemana software. This is on WIN 7/64 PRO system. Thanks.

  • Edited by Knighthood Friday, August 26, 2011 3:05 AM Added BottomUpRand
August 26th, 2011 2:40am

Please add Zemana AntiLogger 1.9.2.513 EAF and BottomUpRand option need to be unchecked ( all other option are check mark ok under application configuration ) . Otherwise EAF cause it to not start and BottomUpRand causes the hot link to not to work under services/support of any four links of Zemana software. This is on WIN 7/64 PRO system. Thanks.

Free Windows Admin Tool Kit Click here and download it now
August 26th, 2011 5:40am

Please add Zemana AntiLogger 1.9.2.513 EAF and BottomUpRand option need to be unchecked ( all other option are check mark ok under application configuration ) . Otherwise EAF cause it to not start and BottomUpRand causes the hot link to not to work under services/support of any four links of Zemana software. This is on WIN 7/64 PRO system. Thanks.

  • Edited by Knighthood Friday, August 26, 2011 3:05 AM Added BottomUpRand
August 26th, 2011 5:40am

Please add Zemana AntiLogger 1.9.2.513 EAF and BottomUpRand option need to be unchecked ( all other option are check mark ok under application configuration ) . Otherwise EAF cause it to not start and BottomUpRand causes the hot link to not to work under services/support of any four links of Zemana software. This is on WIN 7/64 PRO system. Thanks.

  • Edited by Knighthood Friday, August 26, 2011 3:05 AM Added BottomUpRand
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2011 5:40am

Please add Zemana AntiLogger 1.9.2.513 EAF and BottomUpRand option need to be unchecked ( all other option are check mark ok under application configuration ) . Otherwise EAF cause it to not start and BottomUpRand causes the hot link to not to work under services/support of any four links of Zemana software. This is on WIN 7/64 PRO system. Thanks.

  • Edited by Knighthood Friday, August 26, 2011 3:05 AM Added BottomUpRand
August 26th, 2011 5:40am

Please add Zemana AntiLogger 1.9.2.513 EAF and BottomUpRand option need to be unchecked ( all other option are check mark ok under application configuration ) . Otherwise EAF cause it to not start and BottomUpRand causes the hot link to not to work under services/support of any four links of Zemana software. This is on WIN 7/64 PRO system. Thanks.

  • Edited by Knighthood Friday, August 26, 2011 3:05 AM Added BottomUpRand
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2011 5:40am

add onlive,exe games launcher under winxp-dep & sehop activated
October 29th, 2011 12:56pm

On 64-bit Windows 7 SP1, mmc.exe (Microsoft Management Console) will crash on launch if it's included in the protected apps.  This has been observed on multiple systems, it's repeatable.

A component of a fingerprint-reader's software suite crashes if it's included in EMET's protected apps.  The software in question is the Protector Suite, available for purchase or a free trial here:  www.upek.com  The component is psqltray.exe.  This also is repeatable on two systems.  Update:  as you may have suspected, EAF is the culprit.

 

Other than that, things have been pretty smooth sailing with EMET applied to an extensive list of apps on Win7 and one recently-retired WinXP box.  From past experience, I know not to set system-wide DEP to Always On or I won't be able to make DEP exceptions.

If you want to make the exploit writers break out in a cold sweat, consider adding an EMET-driven mitigation module to Microsoft Security Essentials.  You could generate a "safe list" of high-profile targets that EMET can be safely applied to, the usual stuff like Java, media players, VoIP and email clients, etc, and distribute updated lists as part of your signature updates.  Label it with a user-friendly euphemism like "Enable anti-exploit features."




  • Edited by mechBgon Thursday, November 17, 2011 6:17 AM
Free Windows Admin Tool Kit Click here and download it now
November 13th, 2011 6:21pm

On 64-bit Windows 7 SP1, mmc.exe (Microsoft Management Console) will crash on launch if it's included in the protected apps.  This has been observed on multiple systems, it's repeatable.

A component of a fingerprint-reader's software suite crashes if it's included in EMET's protected apps.  The software in question is the Protector Suite, available for purchase or a free trial here:  www.upek.com  The component is psqltray.exe.  This also is repeatable on two systems.  Update:  as you may have suspected, EAF is the culprit.

 

Other than that, things have been pretty smooth sailing with EMET applied to an extensive list of apps on Win7 and one recently-retired WinXP box.  From past experience, I know not to set system-wide DEP to Always On or I won't be able to make DEP exceptions.

If you want to make the exploit writers break out in a cold sweat, consider adding an EMET-driven mitigation module to Microsoft Security Essentials.  You could generate a "safe list" of high-profile targets that EMET can be safely applied to, the usual stuff like Java, media players, VoIP and email clients, etc, and distribute updated lists as part of your signature updates.  Label it with a user-friendly euphemism like "Enable anti-exploit features."




  • Edited by mechBgon Thursday, November 17, 2011 6:17 AM
November 13th, 2011 6:21pm

On 64-bit Windows 7 SP1, mmc.exe (Microsoft Management Console) will crash on launch if it's included in the protected apps.  This has been observed on multiple systems, it's repeatable.

A component of a fingerprint-reader's software suite crashes if it's included in EMET's protected apps.  The software in question is the Protector Suite, available for purchase or a free trial here:  www.upek.com  The component is psqltray.exe.  This also is repeatable on two systems.  Update:  as you may have suspected, EAF is the culprit.

 

Other than that, things have been pretty smooth sailing with EMET applied to an extensive list of apps on Win7 and one recently-retired WinXP box.  From past experience, I know not to set system-wide DEP to Always On or I won't be able to make DEP exceptions.

If you want to make the exploit writers break out in a cold sweat, consider adding an EMET-driven mitigation module to Microsoft Security Essentials.  You could generate a "safe list" of high-profile targets that EMET can be safely applied to, the usual stuff like Java, media players, VoIP and email clients, etc, and distribute updated lists as part of your signature updates.  Label it with a user-friendly euphemism like "Enable anti-exploit features."




  • Edited by mechBgon Thursday, November 17, 2011 6:17 AM
Free Windows Admin Tool Kit Click here and download it now
November 13th, 2011 6:21pm

On 64-bit Windows 7 SP1, mmc.exe (Microsoft Management Console) will crash on launch if it's included in the protected apps.  This has been observed on multiple systems, it's repeatable.

A component of a fingerprint-reader's software suite crashes if it's included in EMET's protected apps.  The software in question is the Protector Suite, available for purchase or a free trial here:  www.upek.com  The component is psqltray.exe.  This also is repeatable on two systems.  Update:  as you may have suspected, EAF is the culprit.

 

Other than that, things have been pretty smooth sailing with EMET applied to an extensive list of apps on Win7 and one recently-retired WinXP box.  From past experience, I know not to set system-wide DEP to Always On or I won't be able to make DEP exceptions.

If you want to make the exploit writers break out in a cold sweat, consider adding an EMET-driven mitigation module to Microsoft Security Essentials.  You could generate a "safe list" of high-profile targets that EMET can be safely applied to, the usual stuff like Java, media players, VoIP and email clients, etc, and distribute updated lists as part of your signature updates.  Label it with a user-friendly euphemism like "Enable anti-exploit features."




November 13th, 2011 9:21pm

On 64-bit Windows 7 SP1, mmc.exe (Microsoft Management Console) will crash on launch if it's included in the protected apps.  This has been observed on multiple systems, it's repeatable.

A component of a fingerprint-reader's software suite crashes if it's included in EMET's protected apps.  The software in question is the Protector Suite, available for purchase or a free trial here:  www.upek.com  The component is psqltray.exe.  This also is repeatable on two systems.  Update:  as you may have suspected, EAF is the culprit.

 

Other than that, things have been pretty smooth sailing with EMET applied to an extensive list of apps on Win7 and one recently-retired WinXP box.  From past experience, I know not to set system-wide DEP to Always On or I won't be able to make DEP exceptions.

If you want to make the exploit writers break out in a cold sweat, consider adding an EMET-driven mitigation module to Microsoft Security Essentials.  You could generate a "safe list" of high-profile targets that EMET can be safely applied to, the usual stuff like Java, media players, VoIP and email clients, etc, and distribute updated lists as part of your signature updates.  Label it with a user-friendly euphemism like "Enable anti-exploit features."




  • Edited by mechBgon Thursday, November 17, 2011 6:17 AM
Free Windows Admin Tool Kit Click here and download it now
November 13th, 2011 9:21pm

On 64-bit Windows 7 SP1, mmc.exe (Microsoft Management Console) will crash on launch if it's included in the protected apps.  This has been observed on multiple systems, it's repeatable.

A component of a fingerprint-reader's software suite crashes if it's included in EMET's protected apps.  The software in question is the Protector Suite, available for purchase or a free trial here:  www.upek.com  The component is psqltray.exe.  This also is repeatable on two systems.  Update:  as you may have suspected, EAF is the culprit.

 

Other than that, things have been pretty smooth sailing with EMET applied to an extensive list of apps on Win7 and one recently-retired WinXP box.  From past experience, I know not to set system-wide DEP to Always On or I won't be able to make DEP exceptions.

If you want to make the exploit writers break out in a cold sweat, consider adding an EMET-driven mitigation module to Microsoft Security Essentials.  You could generate a "safe list" of high-profile targets that EMET can be safely applied to, the usual stuff like Java, media players, VoIP and email clients, etc, and distribute updated lists as part of your signature updates.  Label it with a user-friendly euphemism like "Enable anti-exploit features."




  • Edited by mechBgon Thursday, November 17, 2011 6:17 AM
November 13th, 2011 9:21pm

On 64-bit Windows 7 SP1, mmc.exe (Microsoft Management Console) will crash on launch if it's included in the protected apps.  This has been observed on multiple systems, it's repeatable.

A component of a fingerprint-reader's software suite crashes if it's included in EMET's protected apps.  The software in question is the Protector Suite, available for purchase or a free trial here:  www.upek.com  The component is psqltray.exe.  This also is repeatable on two systems.  Update:  as you may have suspected, EAF is the culprit.

 

Other than that, things have been pretty smooth sailing with EMET applied to an extensive list of apps on Win7 and one recently-retired WinXP box.  From past experience, I know not to set system-wide DEP to Always On or I won't be able to make DEP exceptions.

If you want to make the exploit writers break out in a cold sweat, consider adding an EMET-driven mitigation module to Microsoft Security Essentials.  You could generate a "safe list" of high-profile targets that EMET can be safely applied to, the usual stuff like Java, media players, VoIP and email clients, etc, and distribute updated lists as part of your signature updates.  Label it with a user-friendly euphemism like "Enable anti-exploit features."




  • Edited by mechBgon Thursday, November 17, 2011 6:17 AM
Free Windows Admin Tool Kit Click here and download it now
November 13th, 2011 9:21pm

On 64-bit Windows 7 SP1, mmc.exe (Microsoft Management Console) will crash on launch if it's included in the protected apps.  This has been observed on multiple systems, it's repeatable.

A component of a fingerprint-reader's software suite crashes if it's included in EMET's protected apps.  The software in question is the Protector Suite, available for purchase or a free trial here:  www.upek.com  The component is psqltray.exe.  This also is repeatable on two systems.  Update:  as you may have suspected, EAF is the culprit.

 

Other than that, things have been pretty smooth sailing with EMET applied to an extensive list of apps on Win7 and one recently-retired WinXP box.  From past experience, I know not to set system-wide DEP to Always On or I won't be able to make DEP exceptions.

If you want to make the exploit writers break out in a cold sweat, consider adding an EMET-driven mitigation module to Microsoft Security Essentials.  You could generate a "safe list" of high-profile targets that EMET can be safely applied to, the usual stuff like Java, media players, VoIP and email clients, etc, and distribute updated lists as part of your signature updates.  Label it with a user-friendly euphemism like "Enable anti-exploit features."




  • Edited by mechBgon Thursday, November 17, 2011 6:17 AM
November 13th, 2011 9:21pm

With Windows Server 2008 R2 SP1 as Hyper-V Host and Hyper-V Guest the EMET 3.0 EAF Mitigation may cause applications like Internet Explorer 9 x86 And Adobe Reader 10 to run about 10 times slower (means at 10% of speed without EMET/EAF). When you disable only EAF applications run fast. This should be mentioned in the EMET documentation as Hyper-V/EMET/IE are all supported products and it should be possible to disable individual mitigations for a whole system through Group Policy.

You may use <http://v8.googlecode.com/svn/data/benchmarks/current/run.html> to compare. But don't compare IE 9's result with other Browsers or you might cry ;-(

Free Windows Admin Tool Kit Click here and download it now
June 28th, 2012 6:45pm

SQL Server Analysis Services 2008 R2 Developer x64 (msmdsrv.exe) on Windows 7 x64 requires EAF to be disabled
July 31st, 2012 10:52am

As of 12.6 ATI drivers should now be compatible with ASLR.

http://www.cert.org/blogs/certcc/2012/06/amd_video_drivers_prevent_the.html

CONFIRMED: Running 12.8 with ASLR set to "Always on" and Windows 7 booted successfully.
  • Edited by Quitch Tuesday, September 18, 2012 1:20 PM Tested fix
Free Windows Admin Tool Kit Click here and download it now
September 18th, 2012 9:37am

As of 12.6 ATI drivers should now be compatible with ASLR.

http://www.cert.org/blogs/certcc/2012/06/amd_video_drivers_prevent_the.html

CONFIRMED: Running 12.8 with ASLR set to "Always on" and Windows 7 booted successfully.
  • Edited by Quitch Tuesday, September 18, 2012 1:20 PM Tested fix
September 18th, 2012 9:37am

As of 12.6 ATI drivers should now be compatible with ASLR.

http://www.cert.org/blogs/certcc/2012/06/amd_video_drivers_prevent_the.html

CONFIRMED: Running 12.8 with ASLR set to "Always on" and Windows 7 booted successfully.
  • Edited by Quitch Tuesday, September 18, 2012 1:20 PM Tested fix
Free Windows Admin Tool Kit Click here and download it now
September 18th, 2012 9:37am

As of 12.6 ATI drivers should now be compatible with ASLR.

http://www.cert.org/blogs/certcc/2012/06/amd_video_drivers_prevent_the.html

CONFIRMED: Running 12.8 with ASLR set to "Always on" and Windows 7 booted successfully.
September 18th, 2012 12:37pm

As of 12.6 ATI drivers should now be compatible with ASLR.

http://www.cert.org/blogs/certcc/2012/06/amd_video_drivers_prevent_the.html

CONFIRMED: Running 12.8 with ASLR set to "Always on" and Windows 7 booted successfully.
  • Edited by Quitch Tuesday, September 18, 2012 1:20 PM Tested fix
Free Windows Admin Tool Kit Click here and download it now
September 18th, 2012 12:37pm

As of 12.6 ATI drivers should now be compatible with ASLR.

http://www.cert.org/blogs/certcc/2012/06/amd_video_drivers_prevent_the.html

CONFIRMED: Running 12.8 with ASLR set to "Always on" and Windows 7 booted successfully.
  • Edited by Quitch Tuesday, September 18, 2012 1:20 PM Tested fix
September 18th, 2012 12:37pm

As of 12.6 ATI drivers should now be compatible with ASLR.

http://www.cert.org/blogs/certcc/2012/06/amd_video_drivers_prevent_the.html

CONFIRMED: Running 12.8 with ASLR set to "Always on" and Windows 7 booted successfully.
  • Edited by Quitch Tuesday, September 18, 2012 1:20 PM Tested fix
Free Windows Admin Tool Kit Click here and download it now
September 18th, 2012 12:37pm

As of 12.6 ATI drivers should now be compatible with ASLR.

http://www.cert.org/blogs/certcc/2012/06/amd_video_drivers_prevent_the.html

CONFIRMED: Running 12.8 with ASLR set to "Always on" and Windows 7 booted successfully.
  • Edited by Quitch Tuesday, September 18, 2012 1:20 PM Tested fix
September 18th, 2012 12:37pm

DAMN NFO Viewer (DAMN NFO Viewer.exe) crashes on every execution attempt, and that application wasnt even added to EMET, so I added and unchecked everything and re-attempted to launch NFO file viewer application to no avail. Quick guess, might be where I have added the Windows Shell added to EMET? dunno.


Windows has a built in nfo viewer. No need to install any apps to read them. Just right click the nfo file and choose to open with notepad as default.
Free Windows Admin Tool Kit Click here and download it now
September 18th, 2012 4:08pm

Windows 7 sidebar.exe (Desktop Gadgets) requires an EAF exception to run.
September 19th, 2012 2:58am

There is incompatability between Emet 3.5 TP and Comodo Internet Security. The result is high CPU usage. See my other post for details.
Free Windows Admin Tool Kit Click here and download it now
September 22nd, 2012 12:10am

I'm using Windows 7 Professional SP1 x64 and EMET 3.0.

I've found EAF to cause the following to crash on start:

getright.exe - A venerable download manager
left4dead2.exe - A video game by VALVe

borderlands.exe - A video game by Gearbox Software - crashes on start if any of NullPage, HeapSpray, EAF or MandatoryASLR are used.

September 22nd, 2012 2:22am

Audible Manager stops running just after launching, with Maximum Security enabled, but runs fine if drop back to Recommended Security Settings. Win7 x64.
Free Windows Admin Tool Kit Click here and download it now
September 29th, 2012 9:20pm

MusicMatch Jukebox fails to run.  Uninstalling EMET has not fixed the issue.

October 1st, 2012 4:19am

The system settings are registry keys. If you've changed the system settings in EMET then uninstalling it won't undo that, you need to undo the change within EMET.
Free Windows Admin Tool Kit Click here and download it now
October 1st, 2012 10:31am

I would like report that the 32 bit versions of Windows Media Player and Wordpad within Windows 8 Release Preview 64 bit are not compatible with the SEHOP mitigation of EMET 3.0 or EMET 3.5 Tech Preview.

Please see the following threads for details:

Windows Media Player (post dated: 12th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3bdfa034-4eda-4d9e-8580-c63c971bb869

Wordpad (second post dated 26th July 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3d750eee-a701-4910-aa34-e9c0e1af8aa2

Finally, the 64 bit version of Apple iTunes (iTunes.exe) is not compatible with the system wide i.e. global SEHOP setting(Application Opt-Out) when installed on Windows 7 SP1 64 bit.

Please see the following thread for details (post dated: 5th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/26d83e44-31d3-4cb8-9ae0-7a1a7c450340

EDIT: 21st April 2013: In the above thread, the version of iTunes was 10.7 64 bit. Version 11 and higher of iTunes 64 bit are not affected by this issue. I have used iTunes to purchase tracks from the iTunes Store without issues even with system wide SEHOP enabled.

I hope this helps. Thank you.

  • Edited by JamesC_836 Sunday, April 21, 2013 2:57 PM Extra info
October 12th, 2012 2:46pm

I would like report that the 32 bit versions of Windows Media Player and Wordpad within Windows 8 Release Preview 64 bit are not compatible with the SEHOP mitigation of EMET 3.0 or EMET 3.5 Tech Preview.

Please see the following threads for details:

Windows Media Player (post dated: 12th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3bdfa034-4eda-4d9e-8580-c63c971bb869

Wordpad (second post dated 26th July 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3d750eee-a701-4910-aa34-e9c0e1af8aa2

Finally, the 64 bit version of Apple iTunes (iTunes.exe) is not compatible with the system wide i.e. global SEHOP setting(Application Opt-Out) when installed on Windows 7 SP1 64 bit.

Please see the following thread for details (post dated: 5th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/26d83e44-31d3-4cb8-9ae0-7a1a7c450340

EDIT: 21st April 2013: In the above thread, the version of iTunes was 10.7 64 bit. Version 11 and higher of iTunes 64 bit are not affected by this issue. I have used iTunes to purchase tracks from the iTunes Store without issues even with system wide SEHOP enabled.

I hope this helps. Thank you.

  • Edited by JamesC_836 Sunday, April 21, 2013 2:57 PM Extra info
Free Windows Admin Tool Kit Click here and download it now
October 12th, 2012 2:46pm

I would like report that the 32 bit versions of Windows Media Player and Wordpad within Windows 8 Release Preview 64 bit are not compatible with the SEHOP mitigation of EMET 3.0 or EMET 3.5 Tech Preview.

Please see the following threads for details:

Windows Media Player (post dated: 12th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3bdfa034-4eda-4d9e-8580-c63c971bb869

Wordpad (second post dated 26th July 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3d750eee-a701-4910-aa34-e9c0e1af8aa2

Finally, the 64 bit version of Apple iTunes (iTunes.exe) is not compatible with the system wide i.e. global SEHOP setting(Application Opt-Out) when installed on Windows 7 SP1 64 bit.

Please see the following thread for details (post dated: 5th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/26d83e44-31d3-4cb8-9ae0-7a1a7c450340

EDIT: 21st April 2013: In the above thread, the version of iTunes was 10.7 64 bit. Version 11 and higher of iTunes 64 bit are not affected by this issue. I have used iTunes to purchase tracks from the iTunes Store without issues even with system wide SEHOP enabled.

I hope this helps. Thank you.

  • Edited by JamesC_836 Sunday, April 21, 2013 2:57 PM Extra info
October 12th, 2012 2:46pm

I would like report that the 32 bit versions of Windows Media Player and Wordpad within Windows 8 Release Preview 64 bit are not compatible with the SEHOP mitigation of EMET 3.0 or EMET 3.5 Tech Preview.

Please see the following threads for details:

Windows Media Player (post dated: 12th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3bdfa034-4eda-4d9e-8580-c63c971bb869

Wordpad (second post dated 26th July 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3d750eee-a701-4910-aa34-e9c0e1af8aa2

Finally, the 64 bit version of Apple iTunes (iTunes.exe) is not compatible with the system wide i.e. global SEHOP setting(Application Opt-Out) when installed on Windows 7 SP1 64 bit.

Please see the following thread for details (post dated: 5th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/26d83e44-31d3-4cb8-9ae0-7a1a7c450340

EDIT: 21st April 2013: In the above thread, the version of iTunes was 10.7 64 bit. Version 11 and higher of iTunes 64 bit are not affected by this issue. I have used iTunes to purchase tracks from the iTunes Store without issues even with system wide SEHOP enabled.

I hope this helps. Thank you.

Free Windows Admin Tool Kit Click here and download it now
October 12th, 2012 5:46pm

I would like report that the 32 bit versions of Windows Media Player and Wordpad within Windows 8 Release Preview 64 bit are not compatible with the SEHOP mitigation of EMET 3.0 or EMET 3.5 Tech Preview.

Please see the following threads for details:

Windows Media Player (post dated: 12th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3bdfa034-4eda-4d9e-8580-c63c971bb869

Wordpad (second post dated 26th July 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3d750eee-a701-4910-aa34-e9c0e1af8aa2

Finally, the 64 bit version of Apple iTunes (iTunes.exe) is not compatible with the system wide i.e. global SEHOP setting(Application Opt-Out) when installed on Windows 7 SP1 64 bit.

Please see the following thread for details (post dated: 5th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/26d83e44-31d3-4cb8-9ae0-7a1a7c450340

EDIT: 21st April 2013: In the above thread, the version of iTunes was 10.7 64 bit. Version 11 and higher of iTunes 64 bit are not affected by this issue. I have used iTunes to purchase tracks from the iTunes Store without issues even with system wide SEHOP enabled.

I hope this helps. Thank you.

  • Edited by JamesC_836 Sunday, April 21, 2013 2:57 PM Extra info
October 12th, 2012 5:46pm

I would like report that the 32 bit versions of Windows Media Player and Wordpad within Windows 8 Release Preview 64 bit are not compatible with the SEHOP mitigation of EMET 3.0 or EMET 3.5 Tech Preview.

Please see the following threads for details:

Windows Media Player (post dated: 12th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3bdfa034-4eda-4d9e-8580-c63c971bb869

Wordpad (second post dated 26th July 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3d750eee-a701-4910-aa34-e9c0e1af8aa2

Finally, the 64 bit version of Apple iTunes (iTunes.exe) is not compatible with the system wide i.e. global SEHOP setting(Application Opt-Out) when installed on Windows 7 SP1 64 bit.

Please see the following thread for details (post dated: 5th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/26d83e44-31d3-4cb8-9ae0-7a1a7c450340

EDIT: 21st April 2013: In the above thread, the version of iTunes was 10.7 64 bit. Version 11 and higher of iTunes 64 bit are not affected by this issue. I have used iTunes to purchase tracks from the iTunes Store without issues even with system wide SEHOP enabled.

I hope this helps. Thank you.

  • Edited by JamesC_836 Sunday, April 21, 2013 2:57 PM Extra info
Free Windows Admin Tool Kit Click here and download it now
October 12th, 2012 5:46pm

I would like report that the 32 bit versions of Windows Media Player and Wordpad within Windows 8 Release Preview 64 bit are not compatible with the SEHOP mitigation of EMET 3.0 or EMET 3.5 Tech Preview.

Please see the following threads for details:

Windows Media Player (post dated: 12th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3bdfa034-4eda-4d9e-8580-c63c971bb869

Wordpad (second post dated 26th July 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3d750eee-a701-4910-aa34-e9c0e1af8aa2

Finally, the 64 bit version of Apple iTunes (iTunes.exe) is not compatible with the system wide i.e. global SEHOP setting(Application Opt-Out) when installed on Windows 7 SP1 64 bit.

Please see the following thread for details (post dated: 5th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/26d83e44-31d3-4cb8-9ae0-7a1a7c450340

EDIT: 21st April 2013: In the above thread, the version of iTunes was 10.7 64 bit. Version 11 and higher of iTunes 64 bit are not affected by this issue. I have used iTunes to purchase tracks from the iTunes Store without issues even with system wide SEHOP enabled.

I hope this helps. Thank you.

  • Edited by JamesC_836 Sunday, April 21, 2013 2:57 PM Extra info
October 12th, 2012 5:46pm

I would like report that the 32 bit versions of Windows Media Player and Wordpad within Windows 8 Release Preview 64 bit are not compatible with the SEHOP mitigation of EMET 3.0 or EMET 3.5 Tech Preview.

Please see the following threads for details:

Windows Media Player (post dated: 12th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3bdfa034-4eda-4d9e-8580-c63c971bb869

Wordpad (second post dated 26th July 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/3d750eee-a701-4910-aa34-e9c0e1af8aa2

Finally, the 64 bit version of Apple iTunes (iTunes.exe) is not compatible with the system wide i.e. global SEHOP setting(Application Opt-Out) when installed on Windows 7 SP1 64 bit.

Please see the following thread for details (post dated: 5th October 2012):

http://social.technet.microsoft.com/Forums/en/emet/thread/26d83e44-31d3-4cb8-9ae0-7a1a7c450340

EDIT: 21st April 2013: In the above thread, the version of iTunes was 10.7 64 bit. Version 11 and higher of iTunes 64 bit are not affected by this issue. I have used iTunes to purchase tracks from the iTunes Store without issues even with system wide SEHOP enabled.

I hope this helps. Thank you.

  • Edited by JamesC_836 Sunday, April 21, 2013 2:57 PM Extra info
Free Windows Admin Tool Kit Click here and download it now
October 12th, 2012 5:46pm

EMET 3.5 Tech Preview ROP issues with latest Logitech Setpoint 6.50 x64 and IE9 (Win7 x64 SP1).

After installing Logitech Setpoint 6.50 x64 EMET reported continuously ROP mitigation issues from iexplore.exe whenever I start IE9.

Once Setpoint 6.50 x64 has been uninstalled everything goes back to normal.

Logitech Setpoint 6.32 x64 runs fine without issues.

October 13th, 2012 4:11am

updating to Chrome Version 23.0.1271.64 m and Chrome in EMET (all checkmarks on) crashes several extensions. Uncheck SEHOP for chrome solves the problem.

Please see:

http://forums.lastpass.com/viewtopic.php?t=83548&p=277044

http://code.google.com/p/chromium/issues/detail?id=159885

If you think that might be a security problem in Chrome, then give google support a hint. For me as private person its a little bit difficult to contact the right channels.

Thank you

Free Windows Admin Tool Kit Click here and download it now
November 8th, 2012 10:12am

Hi,

Encountered the same issues and Google's Forum has similar posting:

 http://productforums.google.com/forum/#!category-topic/chrome/report-a-problem-and-get-troubleshooting-help/windows/29WXfbcmueE

Hope this info helps other users

Best regards

November 9th, 2012 8:03am

Excel 2007 on Windows 7 32bit, with eurotool.xlam plugin, fails to run. If I disable DEP or disable the plugin it does run.
Free Windows Admin Tool Kit Click here and download it now
November 15th, 2012 4:07pm

I have Problems with Roxio easy creator and an Outlook plugin from octophone our phone Company... The application crashes directly and worked fine under Windows 7 before...
December 3rd, 2012 5:16pm

Intel Rapid Storage Technology installer fails to initialize with DEP set to Always On in system settings.
Free Windows Admin Tool Kit Click here and download it now
December 9th, 2012 12:30am

Dropbox.exe 1.1.40 (99e6035826ccef09d525b2a025e1d1d7) fails to start with EMET 2.1 ARF enabled. http://forums.dropbox.com/topic.php?id=29640

As noted by David G.1 (above), Dropbox is not compatible with the EAF mitigation of EMET. I can also confirm this for version 1.6.4 (released yesterday) when installed on Windows 7 SP1 64 bit.

Dropbox is compatible with all other mitigations from EMET 3.5 Tech Preview.

For your information, Dropbox works with system wide DEP (Application Opt-Out)(always on) and SEHOP (always on)(Application Opt-Out) applied.

I hope this helps. Thank you.

----------------------------------------------------

Off Topic:

I have submitted a feature request with Dropbox to add DEP, ASLR and /GS security mitigations to Dropbox by default.

https://forums.dropbox.com/topic.php?id=94183


  • Edited by JamesC_836 Wednesday, December 12, 2012 2:44 PM Added extra info
December 12th, 2012 2:43pm

Dropbox.exe 1.1.40 (99e6035826ccef09d525b2a025e1d1d7) fails to start with EMET 2.1 ARF enabled. http://forums.dropbox.com/topic.php?id=29640

As noted by David G.1 (above), Dropbox is not compatible with the EAF mitigation of EMET. I can also confirm this for version 1.6.4 (released yesterday) when installed on Windows 7 SP1 64 bit.

Dropbox is compatible with all other mitigations from EMET 3.5 Tech Preview.

For your information, Dropbox works with system wide DEP (Application Opt-Out)(always on) and SEHOP (always on)(Application Opt-Out) applied.

I hope this helps. Thank you.

----------------------------------------------------

Off Topic:

I have submitted a feature request with Dropbox to add DEP, ASLR and /GS security mitigations to Dropbox by default.

https://forums.dropbox.com/topic.php?id=94183


  • Edited by JamesC_836 Wednesday, December 12, 2012 2:44 PM Added extra info
Free Windows Admin Tool Kit Click here and download it now
December 12th, 2012 2:43pm

Dropbox.exe 1.1.40 (99e6035826ccef09d525b2a025e1d1d7) fails to start with EMET 2.1 ARF enabled. http://forums.dropbox.com/topic.php?id=29640

As noted by David G.1 (above), Dropbox is not compatible with the EAF mitigation of EMET. I can also confirm this for version 1.6.4 (released yesterday) when installed on Windows 7 SP1 64 bit.

Dropbox is compatible with all other mitigations from EMET 3.5 Tech Preview.

For your information, Dropbox works with system wide DEP (Application Opt-Out)(always on) and SEHOP (always on)(Application Opt-Out) applied.

I hope this helps. Thank you.

----------------------------------------------------

Off Topic:

I have submitted a feature request with Dropbox to add DEP, ASLR and /GS security mitigations to Dropbox by default.

https://forums.dropbox.com/topic.php?id=94183


  • Edited by JamesC_836 Wednesday, December 12, 2012 2:44 PM Added extra info
December 12th, 2012 2:43pm

Dropbox.exe 1.1.40 (99e6035826ccef09d525b2a025e1d1d7) fails to start with EMET 2.1 ARF enabled. http://forums.dropbox.com/topic.php?id=29640

As noted by David G.1 (above), Dropbox is not compatible with the EAF mitigation of EMET. I can also confirm this for version 1.6.4 (released yesterday) when installed on Windows 7 SP1 64 bit.

Dropbox is compatible with all other mitigations from EMET 3.5 Tech Preview.

For your information, Dropbox works with system wide DEP (Application Opt-Out)(always on) and SEHOP (always on)(Application Opt-Out) applied.

I hope this helps. Thank you.

----------------------------------------------------

Off Topic:

I have submitted a feature request with Dropbox to add DEP, ASLR and /GS security mitigations to Dropbox by default.

https://forums.dropbox.com/topic.php?id=94183


Free Windows Admin Tool Kit Click here and download it now
December 12th, 2012 5:43pm

Dropbox.exe 1.1.40 (99e6035826ccef09d525b2a025e1d1d7) fails to start with EMET 2.1 ARF enabled. http://forums.dropbox.com/topic.php?id=29640

As noted by David G.1 (above), Dropbox is not compatible with the EAF mitigation of EMET. I can also confirm this for version 1.6.4 (released yesterday) when installed on Windows 7 SP1 64 bit.

Dropbox is compatible with all other mitigations from EMET 3.5 Tech Preview.

For your information, Dropbox works with system wide DEP (Application Opt-Out)(always on) and SEHOP (always on)(Application Opt-Out) applied.

I hope this helps. Thank you.

----------------------------------------------------

Off Topic:

I have submitted a feature request with Dropbox to add DEP, ASLR and /GS security mitigations to Dropbox by default.

https://forums.dropbox.com/topic.php?id=94183


  • Edited by JamesC_836 Wednesday, December 12, 2012 2:44 PM Added extra info
December 12th, 2012 5:43pm

Dropbox.exe 1.1.40 (99e6035826ccef09d525b2a025e1d1d7) fails to start with EMET 2.1 ARF enabled. http://forums.dropbox.com/topic.php?id=29640

As noted by David G.1 (above), Dropbox is not compatible with the EAF mitigation of EMET. I can also confirm this for version 1.6.4 (released yesterday) when installed on Windows 7 SP1 64 bit.

Dropbox is compatible with all other mitigations from EMET 3.5 Tech Preview.

For your information, Dropbox works with system wide DEP (Application Opt-Out)(always on) and SEHOP (always on)(Application Opt-Out) applied.

I hope this helps. Thank you.

----------------------------------------------------

Off Topic:

I have submitted a feature request with Dropbox to add DEP, ASLR and /GS security mitigations to Dropbox by default.

https://forums.dropbox.com/topic.php?id=94183


  • Edited by JamesC_836 Wednesday, December 12, 2012 2:44 PM Added extra info
Free Windows Admin Tool Kit Click here and download it now
December 12th, 2012 5:43pm

Dropbox.exe 1.1.40 (99e6035826ccef09d525b2a025e1d1d7) fails to start with EMET 2.1 ARF enabled. http://forums.dropbox.com/topic.php?id=29640

As noted by David G.1 (above), Dropbox is not compatible with the EAF mitigation of EMET. I can also confirm this for version 1.6.4 (released yesterday) when installed on Windows 7 SP1 64 bit.

Dropbox is compatible with all other mitigations from EMET 3.5 Tech Preview.

For your information, Dropbox works with system wide DEP (Application Opt-Out)(always on) and SEHOP (always on)(Application Opt-Out) applied.

I hope this helps. Thank you.

----------------------------------------------------

Off Topic:

I have submitted a feature request with Dropbox to add DEP, ASLR and /GS security mitigations to Dropbox by default.

https://forums.dropbox.com/topic.php?id=94183


  • Edited by JamesC_836 Wednesday, December 12, 2012 2:44 PM Added extra info
December 12th, 2012 5:43pm

Dropbox.exe 1.1.40 (99e6035826ccef09d525b2a025e1d1d7) fails to start with EMET 2.1 ARF enabled. http://forums.dropbox.com/topic.php?id=29640

As noted by David G.1 (above), Dropbox is not compatible with the EAF mitigation of EMET. I can also confirm this for version 1.6.4 (released yesterday) when installed on Windows 7 SP1 64 bit.

Dropbox is compatible with all other mitigations from EMET 3.5 Tech Preview.

For your information, Dropbox works with system wide DEP (Application Opt-Out)(always on) and SEHOP (always on)(Application Opt-Out) applied.

I hope this helps. Thank you.

----------------------------------------------------

Off Topic:

I have submitted a feature request with Dropbox to add DEP, ASLR and /GS security mitigations to Dropbox by default.

https://forums.dropbox.com/topic.php?id=94183


  • Edited by JamesC_836 Wednesday, December 12, 2012 2:44 PM Added extra info
Free Windows Admin Tool Kit Click here and download it now
December 12th, 2012 5:43pm

Running EMET 3.5 Tech Preview on Win XP SP3

Microsoft Outlook Express 6.0.2900.5512 crashes on startup if the ROP Caller mitigation is enabled. 

If that ROP checkbox is cleared, Outlook Express starts and runs fine (it works well with the other ROP).

Error message generated:

EMET detected Caller Mitigation and will close the application: msimn.exe
EMET ROP checks error. Resume?
CallerCheck Failed:
PID: 0x418/1048
TID: 248
API Name: kernel32.CreateFileW
ReturnAddress: 6CDFC762
CalledAddress: 7C810CD9
StackPtr: 0007F420


  • Edited by TaskForceKen Wednesday, January 09, 2013 5:32 AM add software version number (outlook express)
December 18th, 2012 5:06am

Running EMET 3.5 Tech Preview on Win XP SP3

Microsoft Outlook Express 6.0.2900.5512 crashes on startup if the ROP Caller mitigation is enabled. 

If that ROP checkbox is cleared, Outlook Express starts and runs fine (it works well with the other ROP).

Error message generated:

EMET detected Caller Mitigation and will close the application: msimn.exe
EMET ROP checks error. Resume?
CallerCheck Failed:
PID: 0x418/1048
TID: 248
API Name: kernel32.CreateFileW
ReturnAddress: 6CDFC762
CalledAddress: 7C810CD9
StackPtr: 0007F420


  • Edited by TaskForceKen Wednesday, January 09, 2013 5:32 AM add software version number (outlook express)
Free Windows Admin Tool Kit Click here and download it now
December 18th, 2012 5:06am

Running EMET 3.5 Tech Preview on Win XP SP3

Microsoft Outlook Express 6.0.2900.5512 crashes on startup if the ROP Caller mitigation is enabled. 

If that ROP checkbox is cleared, Outlook Express starts and runs fine (it works well with the other ROP).

Error message generated:

EMET detected Caller Mitigation and will close the application: msimn.exe
EMET ROP checks error. Resume?
CallerCheck Failed:
PID: 0x418/1048
TID: 248
API Name: kernel32.CreateFileW
ReturnAddress: 6CDFC762
CalledAddress: 7C810CD9
StackPtr: 0007F420


  • Edited by TaskForceKen Wednesday, January 09, 2013 5:32 AM add software version number (outlook express)
December 18th, 2012 5:06am

Running EMET 3.5 Tech Preview on Win XP SP3

Microsoft Outlook Express 6.0.2900.5512 crashes on startup if the ROP Caller mitigation is enabled. 

If that ROP checkbox is cleared, Outlook Express starts and runs fine (it works well with the other ROP).

Error message generated:

EMET detected Caller Mitigation and will close the application: msimn.exe
EMET ROP checks error. Resume?
CallerCheck Failed:
PID: 0x418/1048
TID: 248
API Name: kernel32.CreateFileW
ReturnAddress: 6CDFC762
CalledAddress: 7C810CD9
StackPtr: 0007F420


Free Windows Admin Tool Kit Click here and download it now
December 18th, 2012 8:06am

Running EMET 3.5 Tech Preview on Win XP SP3

Microsoft Outlook Express 6.0.2900.5512 crashes on startup if the ROP Caller mitigation is enabled. 

If that ROP checkbox is cleared, Outlook Express starts and runs fine (it works well with the other ROP).

Error message generated:

EMET detected Caller Mitigation and will close the application: msimn.exe
EMET ROP checks error. Resume?
CallerCheck Failed:
PID: 0x418/1048
TID: 248
API Name: kernel32.CreateFileW
ReturnAddress: 6CDFC762
CalledAddress: 7C810CD9
StackPtr: 0007F420


  • Edited by TaskForceKen Wednesday, January 09, 2013 5:32 AM add software version number (outlook express)
December 18th, 2012 8:06am

Running EMET 3.5 Tech Preview on Win XP SP3

Microsoft Outlook Express 6.0.2900.5512 crashes on startup if the ROP Caller mitigation is enabled. 

If that ROP checkbox is cleared, Outlook Express starts and runs fine (it works well with the other ROP).

Error message generated:

EMET detected Caller Mitigation and will close the application: msimn.exe
EMET ROP checks error. Resume?
CallerCheck Failed:
PID: 0x418/1048
TID: 248
API Name: kernel32.CreateFileW
ReturnAddress: 6CDFC762
CalledAddress: 7C810CD9
StackPtr: 0007F420


  • Edited by TaskForceKen Wednesday, January 09, 2013 5:32 AM add software version number (outlook express)
Free Windows Admin Tool Kit Click here and download it now
December 18th, 2012 8:06am

Running EMET 3.5 Tech Preview on Win XP SP3

Microsoft Outlook Express 6.0.2900.5512 crashes on startup if the ROP Caller mitigation is enabled. 

If that ROP checkbox is cleared, Outlook Express starts and runs fine (it works well with the other ROP).

Error message generated:

EMET detected Caller Mitigation and will close the application: msimn.exe
EMET ROP checks error. Resume?
CallerCheck Failed:
PID: 0x418/1048
TID: 248
API Name: kernel32.CreateFileW
ReturnAddress: 6CDFC762
CalledAddress: 7C810CD9
StackPtr: 0007F420


  • Edited by TaskForceKen Wednesday, January 09, 2013 5:32 AM add software version number (outlook express)
December 18th, 2012 8:06am

Running EMET 3.5 Tech Preview on Win XP SP3

Microsoft Outlook Express 6.0.2900.5512 crashes on startup if the ROP Caller mitigation is enabled. 

If that ROP checkbox is cleared, Outlook Express starts and runs fine (it works well with the other ROP).

Error message generated:

EMET detected Caller Mitigation and will close the application: msimn.exe
EMET ROP checks error. Resume?
CallerCheck Failed:
PID: 0x418/1048
TID: 248
API Name: kernel32.CreateFileW
ReturnAddress: 6CDFC762
CalledAddress: 7C810CD9
StackPtr: 0007F420


  • Edited by TaskForceKen Wednesday, January 09, 2013 5:32 AM add software version number (outlook express)
Free Windows Admin Tool Kit Click here and download it now
December 18th, 2012 8:06am

Windows 7 Ultimate x64:

Possibly since November 2012 Windows Update and update to Windows Essentials 16.4.3505.0912:

  • Windows Explorer frequent minor corruption of Videos library by spontaneous addition of Pictures folder to Videos library (have not yet discovered which action/application triggers this).

Possibly since December 2012 Windows Update and addition of Windows Management Framework 3.0:

  • Clicking Control Panel links frequently causes Windows Explorer crash with invalid parameter error message.

Disabling EAF for Windows Explorer seems to fix these problems.

December 23rd, 2012 7:28am

Windows 7 64-bit

The ROP caller mitigation causes all my Office 2010 products to crash when accessing mapped network drives.

  • Edited by Quitch Sunday, December 23, 2012 11:57 AM
Free Windows Admin Tool Kit Click here and download it now
December 23rd, 2012 11:57am

Windows 7 64-bit

The ROP caller mitigation causes all my Office 2010 products to crash when accessing mapped network drives.

  • Edited by Quitch Sunday, December 23, 2012 11:57 AM
December 23rd, 2012 11:57am

Windows 7 64-bit

The ROP caller mitigation causes all my Office 2010 products to crash when accessing mapped network drives.

  • Edited by Quitch Sunday, December 23, 2012 11:57 AM
Free Windows Admin Tool Kit Click here and download it now
December 23rd, 2012 11:57am

Windows 7 64-bit

The ROP caller mitigation causes all my Office 2010 products to crash when accessing mapped network drives.

December 23rd, 2012 2:57pm

Windows 7 64-bit

The ROP caller mitigation causes all my Office 2010 products to crash when accessing mapped network drives.

  • Edited by Quitch Sunday, December 23, 2012 11:57 AM
Free Windows Admin Tool Kit Click here and download it now
December 23rd, 2012 2:57pm

Windows 7 64-bit

The ROP caller mitigation causes all my Office 2010 products to crash when accessing mapped network drives.

  • Edited by Quitch Sunday, December 23, 2012 11:57 AM
December 23rd, 2012 2:57pm

Windows 7 64-bit

The ROP caller mitigation causes all my Office 2010 products to crash when accessing mapped network drives.

  • Edited by Quitch Sunday, December 23, 2012 11:57 AM
Free Windows Admin Tool Kit Click here and download it now
December 23rd, 2012 2:57pm

Windows 7 64-bit

The ROP caller mitigation causes all my Office 2010 products to crash when accessing mapped network drives.

  • Edited by Quitch Sunday, December 23, 2012 11:57 AM
December 23rd, 2012 2:57pm

Google Earth appears to work OK, but I noticed that it was showing errors in Windows 8 Action Centre > View Reliability History.

After un-checking SEHOP, the errors no longer appear.

Free Windows Admin Tool Kit Click here and download it now
December 27th, 2012 4:07am

Some technical background for this repeatable issue:

OS: Windows 7 Professional, SP1 (64-bit), upto date patches
EMET: version 3.5
Browser: IE 9.0, ROP protection enabled
Application: SnippingTool.exe, version 6.1.76

Issue: When trying to capture some of the content within Internet Explorer with the Snipping tool, the system freezes and only the Task manager is available. EMET Notfier logs this message:

EMET_DLL module logged the following event:

EMET encountered an error in 'C:\Program Files (x86)\Internet Explorer\iexplore.exe'
CallerCheck Failed:
  PID          : 0x1508/5384
  TID          : 1184
  API Name     : kernel32.VirtualAllocEx
  ReturnAddress: 6AF9B294
  CalledAddress: 7644D998
  StackPtr     : 0014DC64

Capturing image with Snipping tool within any other applications or browsers with ROP protection enabled does not result in this error. Ending task for IE through Task Manager unfreezes the system and Snipping shows the captured image; however, ending task for Snipping does not unfreeze the system. EMET ask, "Do you want to resume?" Selecting "Yes" results in more EMET notifications, conversely, selecting "No" keeps the system frozen.

Disabling all ROP mitigation for IE resolves this issue. Removing the check mark for the mitigation identified as "Caller" only also resolves this issue. It seems that Windows SnippingTool.exe application code isn't "secure" and might be the next attack vector for hackers for Windows. In either case, IE should freeze the whole system.

December 30th, 2012 6:48pm

After installing EMET 3.5 on Win7/64.  Now AOL will not run.  Says out of memory.

I uninstalled EMET, but the problem persists.  Clearly EMET is leaving some registry settings behind when it uninstalls.

I went to the advanced system settings control panel, and now I see the DEP settings are all greyed out.  I used to be able to turn DEP on and off here, but no longer.

I tried rolling back to a system recovery point before installing EMET, but that was no help.

How do I fix this?  Should I reinstall EMET and use it to make an exception of AOL, or what?

How do I get the advanced system settings control panel to let me set DEP settings as it used to?

Can we get EMET fixed so that it uninstalls better?

PS: On a hunch, I reinstalled EMET 3.0, set settings to recommended, then rebooted.

Now AOL works again. 

  • Edited by FAntonio2 Friday, January 04, 2013 3:20 AM
Free Windows Admin Tool Kit Click here and download it now
January 3rd, 2013 9:06pm

After installing EMET 3.5 on Win7/64.  Now AOL will not run.  Says out of memory.

I uninstalled EMET, but the problem persists.  Clearly EMET is leaving some registry settings behind when it uninstalls.

I went to the advanced system settings control panel, and now I see the DEP settings are all greyed out.  I used to be able to turn DEP on and off here, but no longer.

I tried rolling back to a system recovery point before installing EMET, but that was no help.

How do I fix this?  Should I reinstall EMET and use it to make an exception of AOL, or what?

How do I get the advanced system settings control panel to let me set DEP settings as it used to?

Can we get EMET fixed so that it uninstalls better?

PS: On a hunch, I reinstalled EMET 3.0, set settings to recommended, then rebooted.

Now AOL works again. 

  • Edited by FAntonio2 Friday, January 04, 2013 3:20 AM
January 3rd, 2013 9:06pm

After installing EMET 3.5 on Win7/64.  Now AOL will not run.  Says out of memory.

I uninstalled EMET, but the problem persists.  Clearly EMET is leaving some registry settings behind when it uninstalls.

I went to the advanced system settings control panel, and now I see the DEP settings are all greyed out.  I used to be able to turn DEP on and off here, but no longer.

I tried rolling back to a system recovery point before installing EMET, but that was no help.

How do I fix this?  Should I reinstall EMET and use it to make an exception of AOL, or what?

How do I get the advanced system settings control panel to let me set DEP settings as it used to?

Can we get EMET fixed so that it uninstalls better?

PS: On a hunch, I reinstalled EMET 3.0, set settings to recommended, then rebooted.

Now AOL works again. 

  • Edited by FAntonio2 Friday, January 04, 2013 3:20 AM
Free Windows Admin Tool Kit Click here and download it now
January 3rd, 2013 9:06pm

After installing EMET 3.5 on Win7/64.  Now AOL will not run.  Says out of memory.

I uninstalled EMET, but the problem persists.  Clearly EMET is leaving some registry settings behind when it uninstalls.

I went to the advanced system settings control panel, and now I see the DEP settings are all greyed out.  I used to be able to turn DEP on and off here, but no longer.

I tried rolling back to a system recovery point before installing EMET, but that was no help.

How do I fix this?  Should I reinstall EMET and use it to make an exception of AOL, or what?

How do I get the advanced system settings control panel to let me set DEP settings as it used to?

Can we get EMET fixed so that it uninstalls better?

PS: On a hunch, I reinstalled EMET 3.0, set settings to recommended, then rebooted.

Now AOL works again. 

January 4th, 2013 12:06am

After installing EMET 3.5 on Win7/64.  Now AOL will not run.  Says out of memory.

I uninstalled EMET, but the problem persists.  Clearly EMET is leaving some registry settings behind when it uninstalls.

I went to the advanced system settings control panel, and now I see the DEP settings are all greyed out.  I used to be able to turn DEP on and off here, but no longer.

I tried rolling back to a system recovery point before installing EMET, but that was no help.

How do I fix this?  Should I reinstall EMET and use it to make an exception of AOL, or what?

How do I get the advanced system settings control panel to let me set DEP settings as it used to?

Can we get EMET fixed so that it uninstalls better?

PS: On a hunch, I reinstalled EMET 3.0, set settings to recommended, then rebooted.

Now AOL works again. 

  • Edited by FAntonio2 Friday, January 04, 2013 3:20 AM
Free Windows Admin Tool Kit Click here and download it now
January 4th, 2013 12:06am

After installing EMET 3.5 on Win7/64.  Now AOL will not run.  Says out of memory.

I uninstalled EMET, but the problem persists.  Clearly EMET is leaving some registry settings behind when it uninstalls.

I went to the advanced system settings control panel, and now I see the DEP settings are all greyed out.  I used to be able to turn DEP on and off here, but no longer.

I tried rolling back to a system recovery point before installing EMET, but that was no help.

How do I fix this?  Should I reinstall EMET and use it to make an exception of AOL, or what?

How do I get the advanced system settings control panel to let me set DEP settings as it used to?

Can we get EMET fixed so that it uninstalls better?

PS: On a hunch, I reinstalled EMET 3.0, set settings to recommended, then rebooted.

Now AOL works again. 

  • Edited by FAntonio2 Friday, January 04, 2013 3:20 AM
January 4th, 2013 12:06am

After installing EMET 3.5 on Win7/64.  Now AOL will not run.  Says out of memory.

I uninstalled EMET, but the problem persists.  Clearly EMET is leaving some registry settings behind when it uninstalls.

I went to the advanced system settings control panel, and now I see the DEP settings are all greyed out.  I used to be able to turn DEP on and off here, but no longer.

I tried rolling back to a system recovery point before installing EMET, but that was no help.

How do I fix this?  Should I reinstall EMET and use it to make an exception of AOL, or what?

How do I get the advanced system settings control panel to let me set DEP settings as it used to?

Can we get EMET fixed so that it uninstalls better?

PS: On a hunch, I reinstalled EMET 3.0, set settings to recommended, then rebooted.

Now AOL works again. 

  • Edited by FAntonio2 Friday, January 04, 2013 3:20 AM
Free Windows Admin Tool Kit Click here and download it now
January 4th, 2013 12:06am

After installing EMET 3.5 on Win7/64.  Now AOL will not run.  Says out of memory.

I uninstalled EMET, but the problem persists.  Clearly EMET is leaving some registry settings behind when it uninstalls.

I went to the advanced system settings control panel, and now I see the DEP settings are all greyed out.  I used to be able to turn DEP on and off here, but no longer.

I tried rolling back to a system recovery point before installing EMET, but that was no help.

How do I fix this?  Should I reinstall EMET and use it to make an exception of AOL, or what?

How do I get the advanced system settings control panel to let me set DEP settings as it used to?

Can we get EMET fixed so that it uninstalls better?

PS: On a hunch, I reinstalled EMET 3.0, set settings to recommended, then rebooted.

Now AOL works again. 

  • Edited by FAntonio2 Friday, January 04, 2013 3:20 AM
January 4th, 2013 12:06am

Hi FAntonio2,

You are correct, AOL will give this error when system wide DEP is enabled. Since the option of turning off system wide DEP is unavailable to you, the following thread may be of assistance to you. From what I can tell these steps only apply to Windows XP:

http://social.technet.microsoft.com/Forums/en/emet/thread/b6a3fbf2-0e2f-43f1-a8ca-9b7c0da2f1b0

The steps that apply for Windows 7 (they should be the same for Windows Vista) are mentioned in the following thread:

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/0310435c-e04a-4204-8bd4-fcc9c2498556

I hope the above information is of assistance to you. Thank you.

--------------------------------

EDIT: Thanks for your update FAntonio2. If re-installing EMET and setting it to recommended setting had not resolved the issue, the threads I linked to above would have been the next steps. Thank you for providing the solution that worked for you.

  • Edited by JamesC_836 Friday, January 04, 2013 11:43 AM
Free Windows Admin Tool Kit Click here and download it now
January 4th, 2013 11:16am

Hi FAntonio2,

You are correct, AOL will give this error when system wide DEP is enabled. Since the option of turning off system wide DEP is unavailable to you, the following thread may be of assistance to you. From what I can tell these steps only apply to Windows XP:

http://social.technet.microsoft.com/Forums/en/emet/thread/b6a3fbf2-0e2f-43f1-a8ca-9b7c0da2f1b0

The steps that apply for Windows 7 (they should be the same for Windows Vista) are mentioned in the following thread:

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/0310435c-e04a-4204-8bd4-fcc9c2498556

I hope the above information is of assistance to you. Thank you.

--------------------------------

EDIT: Thanks for your update FAntonio2. If re-installing EMET and setting it to recommended setting had not resolved the issue, the threads I linked to above would have been the next steps. Thank you for providing the solution that worked for you.

  • Edited by JamesC_836 Friday, January 04, 2013 11:43 AM
January 4th, 2013 11:16am

Hi FAntonio2,

You are correct, AOL will give this error when system wide DEP is enabled. Since the option of turning off system wide DEP is unavailable to you, the following thread may be of assistance to you. From what I can tell these steps only apply to Windows XP:

http://social.technet.microsoft.com/Forums/en/emet/thread/b6a3fbf2-0e2f-43f1-a8ca-9b7c0da2f1b0

The steps that apply for Windows 7 (they should be the same for Windows Vista) are mentioned in the following thread:

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/0310435c-e04a-4204-8bd4-fcc9c2498556

I hope the above information is of assistance to you. Thank you.

--------------------------------

EDIT: Thanks for your update FAntonio2. If re-installing EMET and setting it to recommended setting had not resolved the issue, the threads I linked to above would have been the next steps. Thank you for providing the solution that worked for you.

  • Edited by JamesC_836 Friday, January 04, 2013 11:43 AM
Free Windows Admin Tool Kit Click here and download it now
January 4th, 2013 11:16am

Hi FAntonio2,

You are correct, AOL will give this error when system wide DEP is enabled. Since the option of turning off system wide DEP is unavailable to you, the following thread may be of assistance to you. From what I can tell these steps only apply to Windows XP:

http://social.technet.microsoft.com/Forums/en/emet/thread/b6a3fbf2-0e2f-43f1-a8ca-9b7c0da2f1b0

The steps that apply for Windows 7 (they should be the same for Windows Vista) are mentioned in the following thread:

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/0310435c-e04a-4204-8bd4-fcc9c2498556

I hope the above information is of assistance to you. Thank you.

--------------------------------

EDIT: Thanks for your update FAntonio2. If re-installing EMET and setting it to recommended setting had not resolved the issue, the threads I linked to above would have been the next steps. Thank you for providing the solution that worked for you.

January 4th, 2013 2:16pm

Hi FAntonio2,

You are correct, AOL will give this error when system wide DEP is enabled. Since the option of turning off system wide DEP is unavailable to you, the following thread may be of assistance to you. From what I can tell these steps only apply to Windows XP:

http://social.technet.microsoft.com/Forums/en/emet/thread/b6a3fbf2-0e2f-43f1-a8ca-9b7c0da2f1b0

The steps that apply for Windows 7 (they should be the same for Windows Vista) are mentioned in the following thread:

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/0310435c-e04a-4204-8bd4-fcc9c2498556

I hope the above information is of assistance to you. Thank you.

--------------------------------

EDIT: Thanks for your update FAntonio2. If re-installing EMET and setting it to recommended setting had not resolved the issue, the threads I linked to above would have been the next steps. Thank you for providing the solution that worked for you.

  • Edited by JamesC_836 Friday, January 04, 2013 11:43 AM
Free Windows Admin Tool Kit Click here and download it now
January 4th, 2013 2:16pm

Hi FAntonio2,

You are correct, AOL will give this error when system wide DEP is enabled. Since the option of turning off system wide DEP is unavailable to you, the following thread may be of assistance to you. From what I can tell these steps only apply to Windows XP:

http://social.technet.microsoft.com/Forums/en/emet/thread/b6a3fbf2-0e2f-43f1-a8ca-9b7c0da2f1b0

The steps that apply for Windows 7 (they should be the same for Windows Vista) are mentioned in the following thread:

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/0310435c-e04a-4204-8bd4-fcc9c2498556

I hope the above information is of assistance to you. Thank you.

--------------------------------

EDIT: Thanks for your update FAntonio2. If re-installing EMET and setting it to recommended setting had not resolved the issue, the threads I linked to above would have been the next steps. Thank you for providing the solution that worked for you.

  • Edited by JamesC_836 Friday, January 04, 2013 11:43 AM
January 4th, 2013 2:16pm

Hi FAntonio2,

You are correct, AOL will give this error when system wide DEP is enabled. Since the option of turning off system wide DEP is unavailable to you, the following thread may be of assistance to you. From what I can tell these steps only apply to Windows XP:

http://social.technet.microsoft.com/Forums/en/emet/thread/b6a3fbf2-0e2f-43f1-a8ca-9b7c0da2f1b0

The steps that apply for Windows 7 (they should be the same for Windows Vista) are mentioned in the following thread:

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/0310435c-e04a-4204-8bd4-fcc9c2498556

I hope the above information is of assistance to you. Thank you.

--------------------------------

EDIT: Thanks for your update FAntonio2. If re-installing EMET and setting it to recommended setting had not resolved the issue, the threads I linked to above would have been the next steps. Thank you for providing the solution that worked for you.

  • Edited by JamesC_836 Friday, January 04, 2013 11:43 AM
Free Windows Admin Tool Kit Click here and download it now
January 4th, 2013 2:16pm

Hi FAntonio2,

You are correct, AOL will give this error when system wide DEP is enabled. Since the option of turning off system wide DEP is unavailable to you, the following thread may be of assistance to you. From what I can tell these steps only apply to Windows XP:

http://social.technet.microsoft.com/Forums/en/emet/thread/b6a3fbf2-0e2f-43f1-a8ca-9b7c0da2f1b0

The steps that apply for Windows 7 (they should be the same for Windows Vista) are mentioned in the following thread:

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/0310435c-e04a-4204-8bd4-fcc9c2498556

I hope the above information is of assistance to you. Thank you.

--------------------------------

EDIT: Thanks for your update FAntonio2. If re-installing EMET and setting it to recommended setting had not resolved the issue, the threads I linked to above would have been the next steps. Thank you for providing the solution that worked for you.

  • Edited by JamesC_836 Friday, January 04, 2013 11:43 AM
January 4th, 2013 2:16pm

Running EMET 3.5 Tech Preview on Windows XP SP3

Word 2000 SP3 and Excel 2000 SP3 running well with all mitigations on, including the DEP that both the .xml protection profile and the EMET guide listed as incompatible in the later Office XP. 

Both Word and Excel have all patches up to their end-of-life date in 2009.
Caveat: I have an older Pentium 4 that does not support hardware-based DEP; my DEP is the software-based variant.  This might be the reason why DEP did not crash the applications.

Some other software not listed in the EMET guide that are also running all mitigations, with no issues:
Rhapsody 4.0.6.7 (the standalone application for music streaming and searching)
Irfanview 4.3.3.0
Sumatra PDF reader 2.1.1.0

Free Windows Admin Tool Kit Click here and download it now
January 9th, 2013 8:25am

Setting DEP to Always On in EMET v3.0 and v3.5 causes the following application to not start:

Cisco WebEx Productivity Tools One-Click (ptoneclick.exe) v2800.400.1205.1700

January 15th, 2013 11:12pm

Add Xobni to that list too.  Seemed that no matter what settings I selected in EMET 3.0 or 3.5, Outlook 2010 kept blowing up on startup.
Free Windows Admin Tool Kit Click here and download it now
January 19th, 2013 1:04am

Flash fails to load in Google Chrome  24.0.1312.56  if SEHOP is enabled in application settings (EMET 3.5 on Windows 8 x64).
  • Edited by Sand Storm Sunday, January 27, 2013 8:42 AM
January 26th, 2013 7:52pm

Flash fails to load in Google Chrome  24.0.1312.56  if SEHOP is enabled in application settings (EMET 3.5 on Windows 8 x64).
  • Edited by Sand Storm Sunday, January 27, 2013 8:42 AM
Free Windows Admin Tool Kit Click here and download it now
January 26th, 2013 7:52pm

Flash fails to load in Google Chrome  24.0.1312.56  if SEHOP is enabled in application settings (EMET 3.5 on Windows 8 x64).
  • Edited by Sand Storm Sunday, January 27, 2013 8:42 AM
January 26th, 2013 7:52pm

Flash fails to load in Google Chrome  24.0.1312.56  if SEHOP is enabled in application settings (EMET 3.5 on Windows 8 x64).
Free Windows Admin Tool Kit Click here and download it now
January 26th, 2013 10:52pm

Flash fails to load in Google Chrome  24.0.1312.56  if SEHOP is enabled in application settings (EMET 3.5 on Windows 8 x64).
  • Edited by Sand Storm Sunday, January 27, 2013 8:42 AM
January 26th, 2013 10:52pm

Flash fails to load in Google Chrome  24.0.1312.56  if SEHOP is enabled in application settings (EMET 3.5 on Windows 8 x64).
  • Edited by Sand Storm Sunday, January 27, 2013 8:42 AM
Free Windows Admin Tool Kit Click here and download it now
January 26th, 2013 10:52pm

Flash fails to load in Google Chrome  24.0.1312.56  if SEHOP is enabled in application settings (EMET 3.5 on Windows 8 x64).
  • Edited by Sand Storm Sunday, January 27, 2013 8:42 AM
January 26th, 2013 10:52pm

Flash fails to load in Google Chrome  24.0.1312.56  if SEHOP is enabled in application settings (EMET 3.5 on Windows 8 x64).
  • Edited by Sand Storm Sunday, January 27, 2013 8:42 AM
Free Windows Admin Tool Kit Click here and download it now
January 26th, 2013 10:52pm

 

Running EMET 3.5 on Windows 7 Professional 32-bit.

MS Money 2005 fails with DEP error.

Outlook 2003 fails when ROP Caller setting is enabled.

February 1st, 2013 7:36pm

EMET is closing Explorer.EXE. Fault Module Name: ShellExtensionNative.dll_unloaded

I had this problem with EMET 3.0 and now I still have it with 3.5 Tech Preview. I have EMET configured to opt out explorer.exe for all protection types, but it still crashes and EMET reports it did a DEP mitigation. Looking at the report, it appears there's a shell extension or context menu causing it to crash? Shouldn't the opt-out of explorer.exe prevent this?


EMET_DLL module logged the following event:
EMET detected DEP mitigation and will close the application: C:\Windows\Explorer.EXE

Problem signature:

  Problem Event Name:                        BEX64

  Application Name:                             Explorer.EXE

  Application Version:                           6.1.7601.17567

  Application Timestamp:                     4d672ee4

  Fault Module Name:                          ShellExtensionNative.dll_unloaded

  Fault Module Version:                        0.0.0.0

  Fault Module Timestamp:                  4d106bed

  Exception Offset:                                000007fedfc76a59

  Exception Code:                                  c0000005

  Exception Data:                                   0000000000000008

  OS Version:                                          6.1.7601.2.1.0.256.1

  Locale ID:                                             1033

  Additional Information 1:                  2264

  Additional Information 2:                  2264db07e74365624c50317d7b856ae9

  Additional Information 3:                  4ad6

  Additional Information 4:                  4ad6e4750e042fff050fdb2aa067881f

Free Windows Admin Tool Kit Click here and download it now
February 1st, 2013 8:14pm

Hi Lucas Z.,

I would suggest simply removing explorer.exe from being protected by EMET. I have not seen this included on any tried and tested list of applications to protect with EMET since explorer.exe is a crucial process that must remain stable.

Since you are running Windows 7 64 bit (your exception shows this, namely BEX64 and Application Version: 6.1.7601.17567. 6.1.7601 is Windows 7 with SP1) explorer.exe already has DEP, ASLR and /GS (Guard Stack) v2 enabled and this should be enough protection.

Here are 2 examples of such lists of applications to protect. The first link cautions you about what applications you add to the list, especially for operating system processes.

http://www.rationallyparanoid.com/articles/microsoft-emet-3.html

http://krebsonsecurity.com/tools-for-a-safer-pc/

If you wish to troubleshoot this issue further, please create a new thread (topic) in this forum.

Thank you.

  • Edited by JamesC_836 Monday, February 04, 2013 6:11 PM Added further info
February 1st, 2013 8:14pm

Hi Lucas Z.,

I would suggest simply removing explorer.exe from being protected by EMET. I have not seen this included on any tried and tested list of applications to protect with EMET since explorer.exe is a crucial process that must remain stable.

Since you are running Windows 7 64 bit (your exception shows this, namely BEX64 and Application Version: 6.1.7601.17567. 6.1.7601 is Windows 7 with SP1) explorer.exe already has DEP, ASLR and /GS (Guard Stack) v2 enabled and this should be enough protection.

Here are 2 examples of such lists of applications to protect. The first link cautions you about what applications you add to the list, especially for operating system processes.

http://www.rationallyparanoid.com/articles/microsoft-emet-3.html

http://krebsonsecurity.com/tools-for-a-safer-pc/

If you wish to troubleshoot this issue further, please create a new thread (topic) in this forum.

Thank you.

  • Edited by JamesC_836 Monday, February 04, 2013 6:11 PM Added further info
Free Windows Admin Tool Kit Click here and download it now
February 1st, 2013 8:14pm

Hi Lucas Z.,

I would suggest simply removing explorer.exe from being protected by EMET. I have not seen this included on any tried and tested list of applications to protect with EMET since explorer.exe is a crucial process that must remain stable.

Since you are running Windows 7 64 bit (your exception shows this, namely BEX64 and Application Version: 6.1.7601.17567. 6.1.7601 is Windows 7 with SP1) explorer.exe already has DEP, ASLR and /GS (Guard Stack) v2 enabled and this should be enough protection.

Here are 2 examples of such lists of applications to protect. The first link cautions you about what applications you add to the list, especially for operating system processes.

http://www.rationallyparanoid.com/articles/microsoft-emet-3.html

http://krebsonsecurity.com/tools-for-a-safer-pc/

If you wish to troubleshoot this issue further, please create a new thread (topic) in this forum.

Thank you.

  • Edited by JamesC_836 Monday, February 04, 2013 6:11 PM Added further info
February 1st, 2013 8:14pm

Hi Lucas Z.,

I would suggest simply removing explorer.exe from being protected by EMET. I have not seen this included on any tried and tested list of applications to protect with EMET since explorer.exe is a crucial process that must remain stable.

Since you are running Windows 7 64 bit (your exception shows this, namely BEX64 and Application Version: 6.1.7601.17567. 6.1.7601 is Windows 7 with SP1) explorer.exe already has DEP, ASLR and /GS (Guard Stack) v2 enabled and this should be enough protection.

Here are 2 examples of such lists of applications to protect. The first link cautions you about what applications you add to the list, especially for operating system processes.

http://www.rationallyparanoid.com/articles/microsoft-emet-3.html

http://krebsonsecurity.com/tools-for-a-safer-pc/

If you wish to troubleshoot this issue further, please create a new thread (topic) in this forum.

Thank you.

Free Windows Admin Tool Kit Click here and download it now
February 1st, 2013 11:14pm

Hi Lucas Z.,

I would suggest simply removing explorer.exe from being protected by EMET. I have not seen this included on any tried and tested list of applications to protect with EMET since explorer.exe is a crucial process that must remain stable.

Since you are running Windows 7 64 bit (your exception shows this, namely BEX64 and Application Version: 6.1.7601.17567. 6.1.7601 is Windows 7 with SP1) explorer.exe already has DEP, ASLR and /GS (Guard Stack) v2 enabled and this should be enough protection.

Here are 2 examples of such lists of applications to protect. The first link cautions you about what applications you add to the list, especially for operating system processes.

http://www.rationallyparanoid.com/articles/microsoft-emet-3.html

http://krebsonsecurity.com/tools-for-a-safer-pc/

If you wish to troubleshoot this issue further, please create a new thread (topic) in this forum.

Thank you.

  • Edited by JamesC_836 Monday, February 04, 2013 6:11 PM Added further info
February 1st, 2013 11:14pm

Hi Lucas Z.,

I would suggest simply removing explorer.exe from being protected by EMET. I have not seen this included on any tried and tested list of applications to protect with EMET since explorer.exe is a crucial process that must remain stable.

Since you are running Windows 7 64 bit (your exception shows this, namely BEX64 and Application Version: 6.1.7601.17567. 6.1.7601 is Windows 7 with SP1) explorer.exe already has DEP, ASLR and /GS (Guard Stack) v2 enabled and this should be enough protection.

Here are 2 examples of such lists of applications to protect. The first link cautions you about what applications you add to the list, especially for operating system processes.

http://www.rationallyparanoid.com/articles/microsoft-emet-3.html

http://krebsonsecurity.com/tools-for-a-safer-pc/

If you wish to troubleshoot this issue further, please create a new thread (topic) in this forum.

Thank you.

  • Edited by JamesC_836 Monday, February 04, 2013 6:11 PM Added further info
Free Windows Admin Tool Kit Click here and download it now
February 1st, 2013 11:14pm

Hi Lucas Z.,

I would suggest simply removing explorer.exe from being protected by EMET. I have not seen this included on any tried and tested list of applications to protect with EMET since explorer.exe is a crucial process that must remain stable.

Since you are running Windows 7 64 bit (your exception shows this, namely BEX64 and Application Version: 6.1.7601.17567. 6.1.7601 is Windows 7 with SP1) explorer.exe already has DEP, ASLR and /GS (Guard Stack) v2 enabled and this should be enough protection.

Here are 2 examples of such lists of applications to protect. The first link cautions you about what applications you add to the list, especially for operating system processes.

http://www.rationallyparanoid.com/articles/microsoft-emet-3.html

http://krebsonsecurity.com/tools-for-a-safer-pc/

If you wish to troubleshoot this issue further, please create a new thread (topic) in this forum.

Thank you.

  • Edited by JamesC_836 Monday, February 04, 2013 6:11 PM Added further info
February 1st, 2013 11:14pm

Hi Lucas Z.,

I would suggest simply removing explorer.exe from being protected by EMET. I have not seen this included on any tried and tested list of applications to protect with EMET since explorer.exe is a crucial process that must remain stable.

Since you are running Windows 7 64 bit (your exception shows this, namely BEX64 and Application Version: 6.1.7601.17567. 6.1.7601 is Windows 7 with SP1) explorer.exe already has DEP, ASLR and /GS (Guard Stack) v2 enabled and this should be enough protection.

Here are 2 examples of such lists of applications to protect. The first link cautions you about what applications you add to the list, especially for operating system processes.

http://www.rationallyparanoid.com/articles/microsoft-emet-3.html

http://krebsonsecurity.com/tools-for-a-safer-pc/

If you wish to troubleshoot this issue further, please create a new thread (topic) in this forum.

Thank you.

  • Edited by JamesC_836 Monday, February 04, 2013 6:11 PM Added further info
Free Windows Admin Tool Kit Click here and download it now
February 1st, 2013 11:14pm

LogMeIn Rescue Technician Console (LMIRTechConsole.exe) fails if ROP Caller is enabled.

Log Name:      Application
Source:        EMET
Date:          2/26/2013 2:03:19 AM
Event ID:      2
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      XXXXXXXX
Description:
EMET_DLL module logged the following event:

EMET encountered an error in 'C:\Program Files\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x86\LMIRTechConsole.exe'
CallerCheck Failed:
  PID          : 0x5DC/1500
  TID          : E48
  API Name     : kernel32.CreateFileW
  ReturnAddress: 004D6104
  CalledAddress: 771AE8A5
  StackPtr     : 0012EF84
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="EMET" />
    <EventID Qualifiers="0">2</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-02-26T07:03:19.000000000Z" />
    <EventRecordID>194249</EventRecordID>
    <Channel>Application</Channel>
    <Computer>XXXXXXXX</Computer>
    <Security />
  </System>
  <EventData>
    <Data>EMET_DLL module logged the following event:

EMET encountered an error in 'C:\Program Files\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x86\LMIRTechConsole.exe'
CallerCheck Failed:
  PID          : 0x5DC/1500
  TID          : E48
  API Name     : kernel32.CreateFileW
  ReturnAddress: 004D6104
  CalledAddress: 771AE8A5
  StackPtr     : 0012EF84</Data>
  </EventData>
</Event>

February 26th, 2013 6:33pm

Hi RDinerman,

Does this error still occur if you disable the Caller Checks mitigation of EMET 3.5 Tech Preview?

Thanks.

Free Windows Admin Tool Kit Click here and download it now
February 27th, 2013 1:40pm

No.  Disabling Caller Checks allows the program to work without issue.  This is the workaround.
March 17th, 2013 1:37am

Hi RDinerman.

Thanks for the additional information.

Free Windows Admin Tool Kit Click here and download it now
March 18th, 2013 12:58am

Thanks James! That appears to have worked.
March 21st, 2013 5:34pm

Hi Lucas Z. _,

You are more than welcome. I am really glad that helped.

Thanks.

Free Windows Admin Tool Kit Click here and download it now
March 22nd, 2013 12:10am

McAfee H-IPS incompatibility, causing all applications to fail to launch when enabled with EMET v4 Beta.

Did not affect EMET v3.5 Tech Preview


  • Edited by Nullsec Tuesday, April 23, 2013 5:02 AM
April 23rd, 2013 5:01am

McAfee H-IPS incompatibility, causing all applications to fail to launch when enabled with EMET v4 Beta.

Did not affect EMET v3.5 Tech Preview


  • Edited by Nullsec Tuesday, April 23, 2013 5:02 AM
Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2013 5:01am

McAfee H-IPS incompatibility, causing all applications to fail to launch when enabled with EMET v4 Beta.

Did not affect EMET v3.5 Tech Preview


  • Edited by Nullsec Tuesday, April 23, 2013 5:02 AM
April 23rd, 2013 5:01am

McAfee H-IPS incompatibility, causing all applications to fail to launch when enabled with EMET v4 Beta.

Did not affect EMET v3.5 Tech Preview


Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2013 8:01am

McAfee H-IPS incompatibility, causing all applications to fail to launch when enabled with EMET v4 Beta.

Did not affect EMET v3.5 Tech Preview


  • Edited by Nullsec Tuesday, April 23, 2013 5:02 AM
April 23rd, 2013 8:01am

McAfee H-IPS incompatibility, causing all applications to fail to launch when enabled with EMET v4 Beta.

Did not affect EMET v3.5 Tech Preview


  • Edited by Nullsec Tuesday, April 23, 2013 5:02 AM
Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2013 8:01am

McAfee H-IPS incompatibility, causing all applications to fail to launch when enabled with EMET v4 Beta.

Did not affect EMET v3.5 Tech Preview


  • Edited by Nullsec Tuesday, April 23, 2013 5:02 AM
April 23rd, 2013 8:01am

McAfee H-IPS incompatibility, causing all applications to fail to launch when enabled with EMET v4 Beta.

Did not affect EMET v3.5 Tech Preview


  • Edited by Nullsec Tuesday, April 23, 2013 5:02 AM
Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2013 8:01am

I am using EMET v4 on windows 7 32bit with IE 10. I had to uncheck ROP Caller for iexplorer to stop pop up errors every time I restarted the computer and opened IE. No more pop ups after the uncheck, here is a sample of the type of error

Application Name: C:\Program Files\Internet Explorer\iexplore.exe

CallerCheck Failed:

  PID          : 0xF74/3956

  TID          : B68

  API Name     : kernelbase.LoadLibraryExW

  ReturnAddress: 6FFF0D2C

  CalledAddress: 7606B8B1

  StackPtr     : 0331BB90

Also I registered on this site to post this and wanted to make the error a screen shot but every time I try it gives me an error about I am not allowed to add photo till my account email is checked. I set up alert me and received a confirm email. It has not been 24 hours, do you have to wait longer or can someone tell where to write to get this fixed. thanks Lynn


EDIT I did not know about registry files to delete. So uninstalled, only found one registry file to delete the, HKLM\Software\Microsoft\EMET. And then reinstalled, so far no errors. I have started another post about settings to import.
  • Edited by Lynn53 Wednesday, April 24, 2013 1:35 PM
April 24th, 2013 7:17am

I am using EMET v4 on windows 7 32bit with IE 10. I had to uncheck ROP Caller for iexplorer to stop pop up errors every time I restarted the computer and opened IE. No more pop ups after the uncheck, here is a sample of the type of error

Application Name: C:\Program Files\Internet Explorer\iexplore.exe

CallerCheck Failed:

  PID          : 0xF74/3956

  TID          : B68

  API Name     : kernelbase.LoadLibraryExW

  ReturnAddress: 6FFF0D2C

  CalledAddress: 7606B8B1

  StackPtr     : 0331BB90

Also I registered on this site to post this and wanted to make the error a screen shot but every time I try it gives me an error about I am not allowed to add photo till my account email is checked. I set up alert me and received a confirm email. It has not been 24 hours, do you have to wait longer or can someone tell where to write to get this fixed. thanks Lynn


EDIT I did not know about registry files to delete. So uninstalled, only found one registry file to delete the, HKLM\Software\Microsoft\EMET. And then reinstalled, so far no errors. I have started another post about settings to import.
  • Edited by Lynn53 Wednesday, April 24, 2013 1:35 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 7:17am

I am using EMET v4 on windows 7 32bit with IE 10. I had to uncheck ROP Caller for iexplorer to stop pop up errors every time I restarted the computer and opened IE. No more pop ups after the uncheck, here is a sample of the type of error

Application Name: C:\Program Files\Internet Explorer\iexplore.exe

CallerCheck Failed:

  PID          : 0xF74/3956

  TID          : B68

  API Name     : kernelbase.LoadLibraryExW

  ReturnAddress: 6FFF0D2C

  CalledAddress: 7606B8B1

  StackPtr     : 0331BB90

Also I registered on this site to post this and wanted to make the error a screen shot but every time I try it gives me an error about I am not allowed to add photo till my account email is checked. I set up alert me and received a confirm email. It has not been 24 hours, do you have to wait longer or can someone tell where to write to get this fixed. thanks Lynn


EDIT I did not know about registry files to delete. So uninstalled, only found one registry file to delete the, HKLM\Software\Microsoft\EMET. And then reinstalled, so far no errors. I have started another post about settings to import.
  • Edited by Lynn53 Wednesday, April 24, 2013 1:35 PM
April 24th, 2013 7:17am

I am using EMET v4 on windows 7 32bit with IE 10. I had to uncheck ROP Caller for iexplorer to stop pop up errors every time I restarted the computer and opened IE. No more pop ups after the uncheck, here is a sample of the type of error

Application Name: C:\Program Files\Internet Explorer\iexplore.exe

CallerCheck Failed:

  PID          : 0xF74/3956

  TID          : B68

  API Name     : kernelbase.LoadLibraryExW

  ReturnAddress: 6FFF0D2C

  CalledAddress: 7606B8B1

  StackPtr     : 0331BB90

Also I registered on this site to post this and wanted to make the error a screen shot but every time I try it gives me an error about I am not allowed to add photo till my account email is checked. I set up alert me and received a confirm email. It has not been 24 hours, do you have to wait longer or can someone tell where to write to get this fixed. thanks Lynn


EDIT I did not know about registry files to delete. So uninstalled, only found one registry file to delete the, HKLM\Software\Microsoft\EMET. And then reinstalled, so far no errors. I have started another post about settings to import.
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 10:17am

I am using EMET v4 on windows 7 32bit with IE 10. I had to uncheck ROP Caller for iexplorer to stop pop up errors every time I restarted the computer and opened IE. No more pop ups after the uncheck, here is a sample of the type of error

Application Name: C:\Program Files\Internet Explorer\iexplore.exe

CallerCheck Failed:

  PID          : 0xF74/3956

  TID          : B68

  API Name     : kernelbase.LoadLibraryExW

  ReturnAddress: 6FFF0D2C

  CalledAddress: 7606B8B1

  StackPtr     : 0331BB90

Also I registered on this site to post this and wanted to make the error a screen shot but every time I try it gives me an error about I am not allowed to add photo till my account email is checked. I set up alert me and received a confirm email. It has not been 24 hours, do you have to wait longer or can someone tell where to write to get this fixed. thanks Lynn


EDIT I did not know about registry files to delete. So uninstalled, only found one registry file to delete the, HKLM\Software\Microsoft\EMET. And then reinstalled, so far no errors. I have started another post about settings to import.
  • Edited by Lynn53 Wednesday, April 24, 2013 1:35 PM
April 24th, 2013 10:17am

I am using EMET v4 on windows 7 32bit with IE 10. I had to uncheck ROP Caller for iexplorer to stop pop up errors every time I restarted the computer and opened IE. No more pop ups after the uncheck, here is a sample of the type of error

Application Name: C:\Program Files\Internet Explorer\iexplore.exe

CallerCheck Failed:

  PID          : 0xF74/3956

  TID          : B68

  API Name     : kernelbase.LoadLibraryExW

  ReturnAddress: 6FFF0D2C

  CalledAddress: 7606B8B1

  StackPtr     : 0331BB90

Also I registered on this site to post this and wanted to make the error a screen shot but every time I try it gives me an error about I am not allowed to add photo till my account email is checked. I set up alert me and received a confirm email. It has not been 24 hours, do you have to wait longer or can someone tell where to write to get this fixed. thanks Lynn


EDIT I did not know about registry files to delete. So uninstalled, only found one registry file to delete the, HKLM\Software\Microsoft\EMET. And then reinstalled, so far no errors. I have started another post about settings to import.
  • Edited by Lynn53 Wednesday, April 24, 2013 1:35 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 10:17am

I am using EMET v4 on windows 7 32bit with IE 10. I had to uncheck ROP Caller for iexplorer to stop pop up errors every time I restarted the computer and opened IE. No more pop ups after the uncheck, here is a sample of the type of error

Application Name: C:\Program Files\Internet Explorer\iexplore.exe

CallerCheck Failed:

  PID          : 0xF74/3956

  TID          : B68

  API Name     : kernelbase.LoadLibraryExW

  ReturnAddress: 6FFF0D2C

  CalledAddress: 7606B8B1

  StackPtr     : 0331BB90

Also I registered on this site to post this and wanted to make the error a screen shot but every time I try it gives me an error about I am not allowed to add photo till my account email is checked. I set up alert me and received a confirm email. It has not been 24 hours, do you have to wait longer or can someone tell where to write to get this fixed. thanks Lynn


EDIT I did not know about registry files to delete. So uninstalled, only found one registry file to delete the, HKLM\Software\Microsoft\EMET. And then reinstalled, so far no errors. I have started another post about settings to import.
  • Edited by Lynn53 Wednesday, April 24, 2013 1:35 PM
April 24th, 2013 10:17am

I am using EMET v4 on windows 7 32bit with IE 10. I had to uncheck ROP Caller for iexplorer to stop pop up errors every time I restarted the computer and opened IE. No more pop ups after the uncheck, here is a sample of the type of error

Application Name: C:\Program Files\Internet Explorer\iexplore.exe

CallerCheck Failed:

  PID          : 0xF74/3956

  TID          : B68

  API Name     : kernelbase.LoadLibraryExW

  ReturnAddress: 6FFF0D2C

  CalledAddress: 7606B8B1

  StackPtr     : 0331BB90

Also I registered on this site to post this and wanted to make the error a screen shot but every time I try it gives me an error about I am not allowed to add photo till my account email is checked. I set up alert me and received a confirm email. It has not been 24 hours, do you have to wait longer or can someone tell where to write to get this fixed. thanks Lynn


EDIT I did not know about registry files to delete. So uninstalled, only found one registry file to delete the, HKLM\Software\Microsoft\EMET. And then reinstalled, so far no errors. I have started another post about settings to import.
  • Edited by Lynn53 Wednesday, April 24, 2013 1:35 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 10:17am

Hi Lynn53,

Thanks for highlighting this issue.

Due to the variety of add-ons that Internet Explorer may have installed, an incompatibility with a mitigation can be expected. Thanks for pointing out which mitigation you disabled in order to resolve this.

What you describe in relation to the registry keys sounds fine. Another forum user, Quitch mentioned this in the following thread:

http://social.technet.microsoft.com/Forums/en-US/emet/thread/56d4edf8-f250-4aea-9c93-72a25d5bfd0e

I have also only found 1 registry key that was present to delete.

  • Edited by JamesC_836 Wednesday, April 24, 2013 3:52 PM
April 24th, 2013 2:42pm

Hi Lynn53,

Thanks for highlighting this issue.

Due to the variety of add-ons that Internet Explorer may have installed, an incompatibility with a mitigation can be expected. Thanks for pointing out which mitigation you disabled in order to resolve this.

What you describe in relation to the registry keys sounds fine. Another forum user, Quitch mentioned this in the following thread:

http://social.technet.microsoft.com/Forums/en-US/emet/thread/56d4edf8-f250-4aea-9c93-72a25d5bfd0e

I have also only found 1 registry key that was present to delete.

  • Edited by JamesC_836 Wednesday, April 24, 2013 3:52 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 2:42pm

Hi Lynn53,

Thanks for highlighting this issue.

Due to the variety of add-ons that Internet Explorer may have installed, an incompatibility with a mitigation can be expected. Thanks for pointing out which mitigation you disabled in order to resolve this.

What you describe in relation to the registry keys sounds fine. Another forum user, Quitch mentioned this in the following thread:

http://social.technet.microsoft.com/Forums/en-US/emet/thread/56d4edf8-f250-4aea-9c93-72a25d5bfd0e

I have also only found 1 registry key that was present to delete.

  • Edited by JamesC_836 Wednesday, April 24, 2013 3:52 PM
April 24th, 2013 2:42pm

Hi JamesC_836, after importing the Popular and Recommended settings started getting the pop ups again. Removed the checkmark for ROP Caller iexplorer and they have again stopped. Just wanted to report this for others.
Should add that the checkmark had been  added with the new install of EMET that I did.
  • Edited by Lynn53 Wednesday, April 24, 2013 3:50 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 3:48pm

Hi JamesC_836, after importing the Popular and Recommended settings started getting the pop ups again. Removed the checkmark for ROP Caller iexplorer and they have again stopped. Just wanted to report this for others.
Should add that the checkmark had been  added with the new install of EMET that I did.
  • Edited by Lynn53 Wednesday, April 24, 2013 3:50 PM
April 24th, 2013 3:48pm

Hi JamesC_836, after importing the Popular and Recommended settings started getting the pop ups again. Removed the checkmark for ROP Caller iexplorer and they have again stopped. Just wanted to report this for others.
Should add that the checkmark had been  added with the new install of EMET that I did.
  • Edited by Lynn53 Wednesday, April 24, 2013 3:50 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 3:48pm

Hi Lynn53,

Thanks for your update.

In an effort to narrow down what is causing Internet Explorer to close due to the ROP Caller Checks mitigation, would you be willing to re-enable this mitigation and try to use Internet Explorer without add-ons? This is a temporary mode of Internet Explorer.

If Internet Explorer continues to work correctly in this mode, you will then have determined that an add-on for Internet Explorer is causing this issue. The support article linked to below describes how to this. Disabling add-ons one by one is also mentioned.

http://windows.microsoft.com/en-ie/windows7/how-do-browser-add-ons-affect-my-computer

While not every security mitigation of EMET is compatible with every add-on, if the name of the specific add-on causing the issue can be determined, it may be possible to fix this compatibility issue.

Alternatively you can simply leave the ROP Caller Checks mitigation disabled and continue to use Internet Explorer as normal.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, April 24, 2013 4:53 PM
April 24th, 2013 4:08pm

Hi Lynn53,

Thanks for your update.

In an effort to narrow down what is causing Internet Explorer to close due to the ROP Caller Checks mitigation, would you be willing to re-enable this mitigation and try to use Internet Explorer without add-ons? This is a temporary mode of Internet Explorer.

If Internet Explorer continues to work correctly in this mode, you will then have determined that an add-on for Internet Explorer is causing this issue. The support article linked to below describes how to this. Disabling add-ons one by one is also mentioned.

http://windows.microsoft.com/en-ie/windows7/how-do-browser-add-ons-affect-my-computer

While not every security mitigation of EMET is compatible with every add-on, if the name of the specific add-on causing the issue can be determined, it may be possible to fix this compatibility issue.

Alternatively you can simply leave the ROP Caller Checks mitigation disabled and continue to use Internet Explorer as normal.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, April 24, 2013 4:53 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 4:08pm

Hi Lynn53,

Thanks for your update.

In an effort to narrow down what is causing Internet Explorer to close due to the ROP Caller Checks mitigation, would you be willing to re-enable this mitigation and try to use Internet Explorer without add-ons? This is a temporary mode of Internet Explorer.

If Internet Explorer continues to work correctly in this mode, you will then have determined that an add-on for Internet Explorer is causing this issue. The support article linked to below describes how to this. Disabling add-ons one by one is also mentioned.

http://windows.microsoft.com/en-ie/windows7/how-do-browser-add-ons-affect-my-computer

While not every security mitigation of EMET is compatible with every add-on, if the name of the specific add-on causing the issue can be determined, it may be possible to fix this compatibility issue.

Alternatively you can simply leave the ROP Caller Checks mitigation disabled and continue to use Internet Explorer as normal.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, April 24, 2013 4:53 PM
April 24th, 2013 4:08pm

Hi Lynn53,

Thanks for highlighting this issue.

Due to the variety of add-ons that Internet Explorer may have installed, an incompatibility with a mitigation can be expected. Thanks for pointing out which mitigation you disabled in order to resolve this.

What you describe in relation to the registry keys sounds fine. Another forum user, Quitch mentioned this in the following thread:

http://social.technet.microsoft.com/Forums/en-US/emet/thread/56d4edf8-f250-4aea-9c93-72a25d5bfd0e

I have also only found 1 registry key that was present to delete.

Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 5:42pm

Hi Lynn53,

Thanks for highlighting this issue.

Due to the variety of add-ons that Internet Explorer may have installed, an incompatibility with a mitigation can be expected. Thanks for pointing out which mitigation you disabled in order to resolve this.

What you describe in relation to the registry keys sounds fine. Another forum user, Quitch mentioned this in the following thread:

http://social.technet.microsoft.com/Forums/en-US/emet/thread/56d4edf8-f250-4aea-9c93-72a25d5bfd0e

I have also only found 1 registry key that was present to delete.

  • Edited by JamesC_836 Wednesday, April 24, 2013 3:52 PM
April 24th, 2013 5:42pm

Hi Lynn53,

Thanks for highlighting this issue.

Due to the variety of add-ons that Internet Explorer may have installed, an incompatibility with a mitigation can be expected. Thanks for pointing out which mitigation you disabled in order to resolve this.

What you describe in relation to the registry keys sounds fine. Another forum user, Quitch mentioned this in the following thread:

http://social.technet.microsoft.com/Forums/en-US/emet/thread/56d4edf8-f250-4aea-9c93-72a25d5bfd0e

I have also only found 1 registry key that was present to delete.

  • Edited by JamesC_836 Wednesday, April 24, 2013 3:52 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 5:42pm

Hi Lynn53,

Thanks for highlighting this issue.

Due to the variety of add-ons that Internet Explorer may have installed, an incompatibility with a mitigation can be expected. Thanks for pointing out which mitigation you disabled in order to resolve this.

What you describe in relation to the registry keys sounds fine. Another forum user, Quitch mentioned this in the following thread:

http://social.technet.microsoft.com/Forums/en-US/emet/thread/56d4edf8-f250-4aea-9c93-72a25d5bfd0e

I have also only found 1 registry key that was present to delete.

  • Edited by JamesC_836 Wednesday, April 24, 2013 3:52 PM
April 24th, 2013 5:42pm

Hi Lynn53,

Thanks for highlighting this issue.

Due to the variety of add-ons that Internet Explorer may have installed, an incompatibility with a mitigation can be expected. Thanks for pointing out which mitigation you disabled in order to resolve this.

What you describe in relation to the registry keys sounds fine. Another forum user, Quitch mentioned this in the following thread:

http://social.technet.microsoft.com/Forums/en-US/emet/thread/56d4edf8-f250-4aea-9c93-72a25d5bfd0e

I have also only found 1 registry key that was present to delete.

  • Edited by JamesC_836 Wednesday, April 24, 2013 3:52 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 5:42pm

Well I disabled all IE add ons and was still getting the errors. I have four computers, the one with the problem is an old vista that I installed a fresh windows 7 so I would not have all that useless junk. I also use it for testing and learning as the reason this is the only one with EMET v4 the others have v3. I have Winpatrol Plus program I have been trying out, I stop it from loading at startup and thought that was the problem so uninstalled it but now am still getting the errors, so that was not the problem. So I have eliminated the IE add ons and Winpatrol as the problem. The only other thing I can think of is I have Avast Pro antivirus. What do you think I should try next JamesC_836.

Edit, disabled Avast and still getting error, so Avast has been eliminated as the problem.

  • Edited by Lynn53 Wednesday, April 24, 2013 7:00 PM
April 24th, 2013 6:39pm

Well I disabled all IE add ons and was still getting the errors. I have four computers, the one with the problem is an old vista that I installed a fresh windows 7 so I would not have all that useless junk. I also use it for testing and learning as the reason this is the only one with EMET v4 the others have v3. I have Winpatrol Plus program I have been trying out, I stop it from loading at startup and thought that was the problem so uninstalled it but now am still getting the errors, so that was not the problem. So I have eliminated the IE add ons and Winpatrol as the problem. The only other thing I can think of is I have Avast Pro antivirus. What do you think I should try next JamesC_836.

Edit, disabled Avast and still getting error, so Avast has been eliminated as the problem.

  • Edited by Lynn53 Wednesday, April 24, 2013 7:00 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 6:39pm

Well I disabled all IE add ons and was still getting the errors. I have four computers, the one with the problem is an old vista that I installed a fresh windows 7 so I would not have all that useless junk. I also use it for testing and learning as the reason this is the only one with EMET v4 the others have v3. I have Winpatrol Plus program I have been trying out, I stop it from loading at startup and thought that was the problem so uninstalled it but now am still getting the errors, so that was not the problem. So I have eliminated the IE add ons and Winpatrol as the problem. The only other thing I can think of is I have Avast Pro antivirus. What do you think I should try next JamesC_836.

Edit, disabled Avast and still getting error, so Avast has been eliminated as the problem.

  • Edited by Lynn53 Wednesday, April 24, 2013 7:00 PM
April 24th, 2013 6:39pm

Hi JamesC_836, after importing the Popular and Recommended settings started getting the pop ups again. Removed the checkmark for ROP Caller iexplorer and they have again stopped. Just wanted to report this for others.
Should add that the checkmark had been  added with the new install of EMET that I did.
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 6:48pm

Hi JamesC_836, after importing the Popular and Recommended settings started getting the pop ups again. Removed the checkmark for ROP Caller iexplorer and they have again stopped. Just wanted to report this for others.
Should add that the checkmark had been  added with the new install of EMET that I did.
  • Edited by Lynn53 Wednesday, April 24, 2013 3:50 PM
April 24th, 2013 6:48pm

Hi JamesC_836, after importing the Popular and Recommended settings started getting the pop ups again. Removed the checkmark for ROP Caller iexplorer and they have again stopped. Just wanted to report this for others.
Should add that the checkmark had been  added with the new install of EMET that I did.
  • Edited by Lynn53 Wednesday, April 24, 2013 3:50 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 6:48pm

Hi JamesC_836, after importing the Popular and Recommended settings started getting the pop ups again. Removed the checkmark for ROP Caller iexplorer and they have again stopped. Just wanted to report this for others.
Should add that the checkmark had been  added with the new install of EMET that I did.
  • Edited by Lynn53 Wednesday, April 24, 2013 3:50 PM
April 24th, 2013 6:48pm

Hi JamesC_836, after importing the Popular and Recommended settings started getting the pop ups again. Removed the checkmark for ROP Caller iexplorer and they have again stopped. Just wanted to report this for others.
Should add that the checkmark had been  added with the new install of EMET that I did.
  • Edited by Lynn53 Wednesday, April 24, 2013 3:50 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 6:48pm

Hi Lynn53,

Thanks for your update.

In an effort to narrow down what is causing Internet Explorer to close due to the ROP Caller Checks mitigation, would you be willing to re-enable this mitigation and try to use Internet Explorer without add-ons? This is a temporary mode of Internet Explorer.

If Internet Explorer continues to work correctly in this mode, you will then have determined that an add-on for Internet Explorer is causing this issue. The support article linked to below describes how to this. Disabling add-ons one by one is also mentioned.

http://windows.microsoft.com/en-ie/windows7/how-do-browser-add-ons-affect-my-computer

While not every security mitigation of EMET is compatible with every add-on, if the name of the specific add-on causing the issue can be determined, it may be possible to fix this compatibility issue.

Alternatively you can simply leave the ROP Caller Checks mitigation disabled and continue to use Internet Explorer as normal.

I hope this helps. Thank you.

April 24th, 2013 7:08pm

Hi Lynn53,

Thanks for your update.

In an effort to narrow down what is causing Internet Explorer to close due to the ROP Caller Checks mitigation, would you be willing to re-enable this mitigation and try to use Internet Explorer without add-ons? This is a temporary mode of Internet Explorer.

If Internet Explorer continues to work correctly in this mode, you will then have determined that an add-on for Internet Explorer is causing this issue. The support article linked to below describes how to this. Disabling add-ons one by one is also mentioned.

http://windows.microsoft.com/en-ie/windows7/how-do-browser-add-ons-affect-my-computer

While not every security mitigation of EMET is compatible with every add-on, if the name of the specific add-on causing the issue can be determined, it may be possible to fix this compatibility issue.

Alternatively you can simply leave the ROP Caller Checks mitigation disabled and continue to use Internet Explorer as normal.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, April 24, 2013 4:53 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 7:08pm

Hi Lynn53,

Thanks for your update.

In an effort to narrow down what is causing Internet Explorer to close due to the ROP Caller Checks mitigation, would you be willing to re-enable this mitigation and try to use Internet Explorer without add-ons? This is a temporary mode of Internet Explorer.

If Internet Explorer continues to work correctly in this mode, you will then have determined that an add-on for Internet Explorer is causing this issue. The support article linked to below describes how to this. Disabling add-ons one by one is also mentioned.

http://windows.microsoft.com/en-ie/windows7/how-do-browser-add-ons-affect-my-computer

While not every security mitigation of EMET is compatible with every add-on, if the name of the specific add-on causing the issue can be determined, it may be possible to fix this compatibility issue.

Alternatively you can simply leave the ROP Caller Checks mitigation disabled and continue to use Internet Explorer as normal.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, April 24, 2013 4:53 PM
April 24th, 2013 7:08pm

Hi Lynn53,

Thanks for your update.

In an effort to narrow down what is causing Internet Explorer to close due to the ROP Caller Checks mitigation, would you be willing to re-enable this mitigation and try to use Internet Explorer without add-ons? This is a temporary mode of Internet Explorer.

If Internet Explorer continues to work correctly in this mode, you will then have determined that an add-on for Internet Explorer is causing this issue. The support article linked to below describes how to this. Disabling add-ons one by one is also mentioned.

http://windows.microsoft.com/en-ie/windows7/how-do-browser-add-ons-affect-my-computer

While not every security mitigation of EMET is compatible with every add-on, if the name of the specific add-on causing the issue can be determined, it may be possible to fix this compatibility issue.

Alternatively you can simply leave the ROP Caller Checks mitigation disabled and continue to use Internet Explorer as normal.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, April 24, 2013 4:53 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 7:08pm

Hi Lynn53,

Thanks for your update.

In an effort to narrow down what is causing Internet Explorer to close due to the ROP Caller Checks mitigation, would you be willing to re-enable this mitigation and try to use Internet Explorer without add-ons? This is a temporary mode of Internet Explorer.

If Internet Explorer continues to work correctly in this mode, you will then have determined that an add-on for Internet Explorer is causing this issue. The support article linked to below describes how to this. Disabling add-ons one by one is also mentioned.

http://windows.microsoft.com/en-ie/windows7/how-do-browser-add-ons-affect-my-computer

While not every security mitigation of EMET is compatible with every add-on, if the name of the specific add-on causing the issue can be determined, it may be possible to fix this compatibility issue.

Alternatively you can simply leave the ROP Caller Checks mitigation disabled and continue to use Internet Explorer as normal.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, April 24, 2013 4:53 PM
April 24th, 2013 7:08pm

Hi JamesC_836 , Yes sounds easy enough to try just will take some time. I will report back when done. Lynn
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 7:36pm

Well I disabled all IE add ons and was still getting the errors. I have four computers, the one with the problem is an old vista that I installed a fresh windows 7 so I would not have all that useless junk. I also use it for testing and learning as the reason this is the only one with EMET v4 the others have v3. I have Winpatrol Plus program I have been trying out, I stop it from loading at startup and thought that was the problem so uninstalled it but now am still getting the errors, so that was not the problem. So I have eliminated the IE add ons and Winpatrol as the problem. The only other thing I can think of is I have Avast Pro antivirus. What do you think I should try next JamesC_836.

Edit, disabled Avast and still getting error, so Avast has been eliminated as the problem.

April 24th, 2013 9:39pm

Well I disabled all IE add ons and was still getting the errors. I have four computers, the one with the problem is an old vista that I installed a fresh windows 7 so I would not have all that useless junk. I also use it for testing and learning as the reason this is the only one with EMET v4 the others have v3. I have Winpatrol Plus program I have been trying out, I stop it from loading at startup and thought that was the problem so uninstalled it but now am still getting the errors, so that was not the problem. So I have eliminated the IE add ons and Winpatrol as the problem. The only other thing I can think of is I have Avast Pro antivirus. What do you think I should try next JamesC_836.

Edit, disabled Avast and still getting error, so Avast has been eliminated as the problem.

  • Edited by Lynn53 Wednesday, April 24, 2013 7:00 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 9:39pm

Well I disabled all IE add ons and was still getting the errors. I have four computers, the one with the problem is an old vista that I installed a fresh windows 7 so I would not have all that useless junk. I also use it for testing and learning as the reason this is the only one with EMET v4 the others have v3. I have Winpatrol Plus program I have been trying out, I stop it from loading at startup and thought that was the problem so uninstalled it but now am still getting the errors, so that was not the problem. So I have eliminated the IE add ons and Winpatrol as the problem. The only other thing I can think of is I have Avast Pro antivirus. What do you think I should try next JamesC_836.

Edit, disabled Avast and still getting error, so Avast has been eliminated as the problem.

  • Edited by Lynn53 Wednesday, April 24, 2013 7:00 PM
April 24th, 2013 9:39pm

Well I disabled all IE add ons and was still getting the errors. I have four computers, the one with the problem is an old vista that I installed a fresh windows 7 so I would not have all that useless junk. I also use it for testing and learning as the reason this is the only one with EMET v4 the others have v3. I have Winpatrol Plus program I have been trying out, I stop it from loading at startup and thought that was the problem so uninstalled it but now am still getting the errors, so that was not the problem. So I have eliminated the IE add ons and Winpatrol as the problem. The only other thing I can think of is I have Avast Pro antivirus. What do you think I should try next JamesC_836.

Edit, disabled Avast and still getting error, so Avast has been eliminated as the problem.

  • Edited by Lynn53 Wednesday, April 24, 2013 7:00 PM
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 9:39pm

Well I disabled all IE add ons and was still getting the errors. I have four computers, the one with the problem is an old vista that I installed a fresh windows 7 so I would not have all that useless junk. I also use it for testing and learning as the reason this is the only one with EMET v4 the others have v3. I have Winpatrol Plus program I have been trying out, I stop it from loading at startup and thought that was the problem so uninstalled it but now am still getting the errors, so that was not the problem. So I have eliminated the IE add ons and Winpatrol as the problem. The only other thing I can think of is I have Avast Pro antivirus. What do you think I should try next JamesC_836.

Edit, disabled Avast and still getting error, so Avast has been eliminated as the problem.

  • Edited by Lynn53 Wednesday, April 24, 2013 7:00 PM
April 24th, 2013 9:39pm

Hi Lynn53,

Thanks again for your update and for the thoroughness of your testing.

Among my PCs, I also have a Windows Vista 64 bit SP2 PC with EMET v3 loaded. I have found that settings that work perfectly on Windows 7 64 bit do not work as well for Vista. I am not sure exactly why this is. I have had to customize EMET settings to keep 3rd party programs on Vista working smoothly.

My advice would be to leave the mitigations disabled that are causing the issues. This is an advantage of EMET it can provide extra protection while maintaining compatibility/usability by simply turning off mitigations that crash programs. The settings that you mentioned earlier today seemed to work very well.

Thanks for testing and eliminating Avast and WinPatrol as potential causes. Please feel free to re-enable Avast and re-install WinPatrol and set them up as you have found to work best for you. Please also feel free to use Internet Explorer as normal with EMET settings that do not cause it to crash but still provide the best protection. Apologies for any inconvenience that this testing has caused.

I am sorry that I cant provide more specific advice but with the different combinations of programs that each of us use we need to find what settings work best for us and continue to use them.

I have marked your above post as helpful since you have carried out a lot of testing which will benefit others.

If I can provide any further assistance, please let me know. Thank you.

Free Windows Admin Tool Kit Click here and download it now
April 24th, 2013 10:29pm

Thank You, I enjoy the learning. Lynn

April 24th, 2013 10:36pm

Windows 7 Professional 32-bit

EMET 4.0 Technical Preview System Settings settings as follows,

DEP - Always On

SEHOP - Application Opt Out

ASLR - Always On

Certificate Trust - Enabled.

Regression testing against 3.5 results in,

Outlook 2003 now works fine whereas in EMET 3.5 it failed when ROP caller check was active, so something

fixed/changed. 

MS Money 2005 UK now fails with Caller Check error but in EMET 3.5 it failed with a DEP error.

Currently happy to switch ROP caller checking off for this application.

Everything else looks good.

Free Windows Admin Tool Kit Click here and download it now
April 26th, 2013 5:00pm

Every could of days a random Windows 7 64 bit user will have an issue when running EMET 3.0 and Microsoft Office 2010 looking at a known good document, where one of the Office apps they are using will crash with a DEP error when opening or closing the application.  This is logged in the Windows Application logs as an Error:

Source: EMET
Event ID: 2
EMET_DLL module logged the following event:
EMET detected DEP mitigation and will close the application: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

The next second, another log will be generated:
Source: Application Error
Event ID: 1000
Faulting application name: WINWORD.EXE, version: 14.0.6129.5000
Faulting module name: log4cxx.dll_unloaded, version: 0.0.0.0
Exception code: 0xc0000005
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: log4cxx.dll

This has happened for "Faulting module path" values of: log4cxx.dll, unknown, PGPlsp.dll, and others.  The Office application may be different for each.

This seems non-repeatable but an occasional random occurance. 


April 30th, 2013 10:00pm

Every could of days a random Windows 7 64 bit user will have an issue when running EMET 3.0 and Microsoft Office 2010 looking at a known good document, where one of the Office apps they are using will crash with a DEP error when opening or closing the application.  This is logged in the Windows Application logs as an Error:

Source: EMET
Event ID: 2
EMET_DLL module logged the following event:
EMET detected DEP mitigation and will close the application: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

The next second, another log will be generated:
Source: Application Error
Event ID: 1000
Faulting application name: WINWORD.EXE, version: 14.0.6129.5000
Faulting module name: log4cxx.dll_unloaded, version: 0.0.0.0
Exception code: 0xc0000005
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: log4cxx.dll

This has happened for "Faulting module path" values of: log4cxx.dll, unknown, PGPlsp.dll, and others.  The Office application may be different for each.

This seems non-repeatable but an occasional random occurance. 


Free Windows Admin Tool Kit Click here and download it now
April 30th, 2013 10:00pm

Every could of days a random Windows 7 64 bit user will have an issue when running EMET 3.0 and Microsoft Office 2010 looking at a known good document, where one of the Office apps they are using will crash with a DEP error when opening or closing the application.  This is logged in the Windows Application logs as an Error:

Source: EMET
Event ID: 2
EMET_DLL module logged the following event:
EMET detected DEP mitigation and will close the application: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

The next second, another log will be generated:
Source: Application Error
Event ID: 1000
Faulting application name: WINWORD.EXE, version: 14.0.6129.5000
Faulting module name: log4cxx.dll_unloaded, version: 0.0.0.0
Exception code: 0xc0000005
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: log4cxx.dll

This has happened for "Faulting module path" values of: log4cxx.dll, unknown, PGPlsp.dll, and others.  The Office application may be different for each.

This seems non-repeatable but an occasional random occurance. 


April 30th, 2013 10:00pm

Every could of days a random Windows 7 64 bit user will have an issue when running EMET 3.0 and Microsoft Office 2010 looking at a known good document, where one of the Office apps they are using will crash with a DEP error when opening or closing the application.  This is logged in the Windows Application logs as an Error:

Source: EMET
Event ID: 2
EMET_DLL module logged the following event:
EMET detected DEP mitigation and will close the application: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

The next second, another log will be generated:
Source: Application Error
Event ID: 1000
Faulting application name: WINWORD.EXE, version: 14.0.6129.5000
Faulting module name: log4cxx.dll_unloaded, version: 0.0.0.0
Exception code: 0xc0000005
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: log4cxx.dll

This has happened for "Faulting module path" values of: log4cxx.dll, unknown, PGPlsp.dll, and others.  The Office application may be different for each.

This seems non-repeatable but an occasional random occurance. 


Free Windows Admin Tool Kit Click here and download it now
April 30th, 2013 10:00pm

Every could of days a random Windows 7 64 bit user will have an issue when running EMET 3.0 and Microsoft Office 2010 looking at a known good document, where one of the Office apps they are using will crash with a DEP error when opening or closing the application.  This is logged in the Windows Application logs as an Error:

Source: EMET
Event ID: 2
EMET_DLL module logged the following event:
EMET detected DEP mitigation and will close the application: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

The next second, another log will be generated:
Source: Application Error
Event ID: 1000
Faulting application name: WINWORD.EXE, version: 14.0.6129.5000
Faulting module name: log4cxx.dll_unloaded, version: 0.0.0.0
Exception code: 0xc0000005
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: log4cxx.dll

This has happened for "Faulting module path" values of: log4cxx.dll, unknown, PGPlsp.dll, and others.  The Office application may be different for each.

This seems non-repeatable but an occasional random occurance. 


May 1st, 2013 1:00am

Every could of days a random Windows 7 64 bit user will have an issue when running EMET 3.0 and Microsoft Office 2010 looking at a known good document, where one of the Office apps they are using will crash with a DEP error when opening or closing the application.  This is logged in the Windows Application logs as an Error:

Source: EMET
Event ID: 2
EMET_DLL module logged the following event:
EMET detected DEP mitigation and will close the application: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

The next second, another log will be generated:
Source: Application Error
Event ID: 1000
Faulting application name: WINWORD.EXE, version: 14.0.6129.5000
Faulting module name: log4cxx.dll_unloaded, version: 0.0.0.0
Exception code: 0xc0000005
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: log4cxx.dll

This has happened for "Faulting module path" values of: log4cxx.dll, unknown, PGPlsp.dll, and others.  The Office application may be different for each.

This seems non-repeatable but an occasional random occurance. 


Free Windows Admin Tool Kit Click here and download it now
May 1st, 2013 1:00am

Every could of days a random Windows 7 64 bit user will have an issue when running EMET 3.0 and Microsoft Office 2010 looking at a known good document, where one of the Office apps they are using will crash with a DEP error when opening or closing the application.  This is logged in the Windows Application logs as an Error:

Source: EMET
Event ID: 2
EMET_DLL module logged the following event:
EMET detected DEP mitigation and will close the application: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

The next second, another log will be generated:
Source: Application Error
Event ID: 1000
Faulting application name: WINWORD.EXE, version: 14.0.6129.5000
Faulting module name: log4cxx.dll_unloaded, version: 0.0.0.0
Exception code: 0xc0000005
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: log4cxx.dll

This has happened for "Faulting module path" values of: log4cxx.dll, unknown, PGPlsp.dll, and others.  The Office application may be different for each.

This seems non-repeatable but an occasional random occurance. 


May 1st, 2013 1:00am

Every could of days a random Windows 7 64 bit user will have an issue when running EMET 3.0 and Microsoft Office 2010 looking at a known good document, where one of the Office apps they are using will crash with a DEP error when opening or closing the application.  This is logged in the Windows Application logs as an Error:

Source: EMET
Event ID: 2
EMET_DLL module logged the following event:
EMET detected DEP mitigation and will close the application: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

The next second, another log will be generated:
Source: Application Error
Event ID: 1000
Faulting application name: WINWORD.EXE, version: 14.0.6129.5000
Faulting module name: log4cxx.dll_unloaded, version: 0.0.0.0
Exception code: 0xc0000005
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: log4cxx.dll

This has happened for "Faulting module path" values of: log4cxx.dll, unknown, PGPlsp.dll, and others.  The Office application may be different for each.

This seems non-repeatable but an occasional random occurance. 


Free Windows Admin Tool Kit Click here and download it now
May 1st, 2013 1:00am

Every could of days a random Windows 7 64 bit user will have an issue when running EMET 3.0 and Microsoft Office 2010 looking at a known good document, where one of the Office apps they are using will crash with a DEP error when opening or closing the application.  This is logged in the Windows Application logs as an Error:

Source: EMET
Event ID: 2
EMET_DLL module logged the following event:
EMET detected DEP mitigation and will close the application: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

The next second, another log will be generated:
Source: Application Error
Event ID: 1000
Faulting application name: WINWORD.EXE, version: 14.0.6129.5000
Faulting module name: log4cxx.dll_unloaded, version: 0.0.0.0
Exception code: 0xc0000005
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: log4cxx.dll

This has happened for "Faulting module path" values of: log4cxx.dll, unknown, PGPlsp.dll, and others.  The Office application may be different for each.

This seems non-repeatable but an occasional random occurance. 


May 1st, 2013 1:00am

Hi Chris,

The log4cxx.dll is a DLL related to Nero CD/DVD Authoring software and is included with Nero Burning ROM. It is possible that this DLL is being loaded by Word 2010 through an Add-in (another less likely possibility is that this DLL is being loaded into Word via the AppInit_DLLs value within the Windows Registry since Word does load user32.dll).

Please find below links describing how to disable such add-ins. This should prevent Word from crashing in the future.

http://www.itechtalk.com/thread8986.html

http://support.microsoft.com/kb/921541

PGPLsp.dll is related to the Symantec PGP Desktop encryption product. Since this provides encryption for sensitive data, I would advise against removing this particular add-in.

If the Windows Registry is being used to load these DLLs additional steps will be necessary to remove them.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, May 01, 2013 11:34 AM
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2013 10:01am

Hi Chris,

The log4cxx.dll is a DLL related to Nero CD/DVD Authoring software and is included with Nero Burning ROM. It is possible that this DLL is being loaded by Word 2010 through an Add-in (another less likely possibility is that this DLL is being loaded into Word via the AppInit_DLLs value within the Windows Registry since Word does load user32.dll).

Please find below links describing how to disable such add-ins. This should prevent Word from crashing in the future.

http://www.itechtalk.com/thread8986.html

http://support.microsoft.com/kb/921541

PGPLsp.dll is related to the Symantec PGP Desktop encryption product. Since this provides encryption for sensitive data, I would advise against removing this particular add-in.

If the Windows Registry is being used to load these DLLs additional steps will be necessary to remove them.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, May 01, 2013 11:34 AM
May 1st, 2013 10:01am

Hi Chris,

The log4cxx.dll is a DLL related to Nero CD/DVD Authoring software and is included with Nero Burning ROM. It is possible that this DLL is being loaded by Word 2010 through an Add-in (another less likely possibility is that this DLL is being loaded into Word via the AppInit_DLLs value within the Windows Registry since Word does load user32.dll).

Please find below links describing how to disable such add-ins. This should prevent Word from crashing in the future.

http://www.itechtalk.com/thread8986.html

http://support.microsoft.com/kb/921541

PGPLsp.dll is related to the Symantec PGP Desktop encryption product. Since this provides encryption for sensitive data, I would advise against removing this particular add-in.

If the Windows Registry is being used to load these DLLs additional steps will be necessary to remove them.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, May 01, 2013 11:34 AM
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2013 10:01am

Hi Chris,

The log4cxx.dll is a DLL related to Nero CD/DVD Authoring software and is included with Nero Burning ROM. It is possible that this DLL is being loaded by Word 2010 through an Add-in (another less likely possibility is that this DLL is being loaded into Word via the AppInit_DLLs value within the Windows Registry since Word does load user32.dll).

Please find below links describing how to disable such add-ins. This should prevent Word from crashing in the future.

http://www.itechtalk.com/thread8986.html

http://support.microsoft.com/kb/921541

PGPLsp.dll is related to the Symantec PGP Desktop encryption product. Since this provides encryption for sensitive data, I would advise against removing this particular add-in.

If the Windows Registry is being used to load these DLLs additional steps will be necessary to remove them.

I hope this helps. Thank you.

May 1st, 2013 1:01pm

Hi Chris,

The log4cxx.dll is a DLL related to Nero CD/DVD Authoring software and is included with Nero Burning ROM. It is possible that this DLL is being loaded by Word 2010 through an Add-in (another less likely possibility is that this DLL is being loaded into Word via the AppInit_DLLs value within the Windows Registry since Word does load user32.dll).

Please find below links describing how to disable such add-ins. This should prevent Word from crashing in the future.

http://www.itechtalk.com/thread8986.html

http://support.microsoft.com/kb/921541

PGPLsp.dll is related to the Symantec PGP Desktop encryption product. Since this provides encryption for sensitive data, I would advise against removing this particular add-in.

If the Windows Registry is being used to load these DLLs additional steps will be necessary to remove them.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, May 01, 2013 11:34 AM
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2013 1:01pm

Hi Chris,

The log4cxx.dll is a DLL related to Nero CD/DVD Authoring software and is included with Nero Burning ROM. It is possible that this DLL is being loaded by Word 2010 through an Add-in (another less likely possibility is that this DLL is being loaded into Word via the AppInit_DLLs value within the Windows Registry since Word does load user32.dll).

Please find below links describing how to disable such add-ins. This should prevent Word from crashing in the future.

http://www.itechtalk.com/thread8986.html

http://support.microsoft.com/kb/921541

PGPLsp.dll is related to the Symantec PGP Desktop encryption product. Since this provides encryption for sensitive data, I would advise against removing this particular add-in.

If the Windows Registry is being used to load these DLLs additional steps will be necessary to remove them.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, May 01, 2013 11:34 AM
May 1st, 2013 1:01pm

Hi Chris,

The log4cxx.dll is a DLL related to Nero CD/DVD Authoring software and is included with Nero Burning ROM. It is possible that this DLL is being loaded by Word 2010 through an Add-in (another less likely possibility is that this DLL is being loaded into Word via the AppInit_DLLs value within the Windows Registry since Word does load user32.dll).

Please find below links describing how to disable such add-ins. This should prevent Word from crashing in the future.

http://www.itechtalk.com/thread8986.html

http://support.microsoft.com/kb/921541

PGPLsp.dll is related to the Symantec PGP Desktop encryption product. Since this provides encryption for sensitive data, I would advise against removing this particular add-in.

If the Windows Registry is being used to load these DLLs additional steps will be necessary to remove them.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, May 01, 2013 11:34 AM
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2013 1:01pm

Hi Chris,

The log4cxx.dll is a DLL related to Nero CD/DVD Authoring software and is included with Nero Burning ROM. It is possible that this DLL is being loaded by Word 2010 through an Add-in (another less likely possibility is that this DLL is being loaded into Word via the AppInit_DLLs value within the Windows Registry since Word does load user32.dll).

Please find below links describing how to disable such add-ins. This should prevent Word from crashing in the future.

http://www.itechtalk.com/thread8986.html

http://support.microsoft.com/kb/921541

PGPLsp.dll is related to the Symantec PGP Desktop encryption product. Since this provides encryption for sensitive data, I would advise against removing this particular add-in.

If the Windows Registry is being used to load these DLLs additional steps will be necessary to remove them.

I hope this helps. Thank you.

  • Edited by JamesC_836 Wednesday, May 01, 2013 11:34 AM
May 1st, 2013 1:01pm

Thanks for the help James!
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2013 12:19am

You're welcome, Chris.<o:p></o:p>

I am not sure if what I mentioned about add-ins for Microsoft Office helps or not. If you need the functionality they offer, the only remaining option is to disable
the DEP mitigation of EMET
for any Office application that uses these add-ins. Also ensure that system wide DEP is set to Application Opt-in (or essential Windows programs and services only option within the Windows Control Panel).

Thanks.

May 4th, 2013 6:42pm

We have identified one Office EMET 3.0 DEP issue as correlating with a separate Cisco Click to Call plug-in error in the OS application logs.  Other EMET Office 2010 OS application crash logs, mostly DEP related, occur every now and then across our workstations randomly and non-repeatedly with known good documents and have no correlated plug-in OS application log messages, so I am unable to troubleshoot.
Free Windows Admin Tool Kit Click here and download it now
June 11th, 2013 4:10pm

Salesforce Chatter Desktop crashes on startup when ROP is enabled along with the Deep Hooks setting.

Faulting application name: Chatter Desktop.exe, version: 0.0.0.0, time stamp: 0x51817ac0
Faulting module name: EMET.DLL, version: 4.0.0.0, time stamp: 0x51ba563b
Exception code: 0xc0000005
Fault offset: 0x0004ef31
Faulting process id: 0x17c8
Faulting application start time: 0x01ce6d8d96c4e29f
Faulting application path: C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe
Faulting module path: C:\Windows\AppPatch\EMET.DLL
Report Id: d6b00a34-d980-11e2-bb4b-74e543520225

EMET does not display a notification when this occurs.

June 20th, 2013 11:17am

I had EMET V3.5 Tech Preview installed for a long time on Windows 7 and since inception on Windows 8 with no problems.

I uninstalled V3.5, restarted Windows 8 and installed V4.0.4913.26122 and all of: Adobe Acrobat, Lenovo Hot Spot Service, Skype C2C Service, Internet Explorer and DU Meter failed with KERNELBASE.dll errors. Acrobat and Internet Explorer would not even start.

I had installed V4 with Recommended Settings.

I uninstalled V4, restarted, and reinstall V3.5 Tech Preview. This substantially reduced the errors.

I again uninstalled V3.5 and this time removed the two EMET Registry Keys. I restarted and installed EMET V4 with no setup.

I then added about a dozen and a half programs manually:  All of Office 2013 including ONENOTEM, Adobe, both iexplore (32 and 64), Java, and jusched, integratedoffice, and PopPeeper (email daemon). I then imported the certificates file.

Time will tell if this bizarre and worthless Windows 8 system will just keep crashing.

With over 150 processes and 12 flags, adding one each day to test will take 1800 days to set it up. EMET V4 was not made for mortal human beings and yet mortal human being are precisely the ones that need it.

Free Windows Admin Tool Kit Click here and download it now
June 21st, 2013 4:26am

Windows XP SP3, all Updates. Office 2010, all Updates. We installed EMET 4.0 last night, used standard settings and could not open Outlook any more. After we uninstalled EMET all was well again.

Event Error "EMET 2"

Application Name: C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE
CallerCheck Failed:
  PID          : 0x788/1928
  TID          : 124C
  API Name     : kernel32.CreateFileW
  ReturnAddress: 21872340
  CalledAddress: 7C810CD9
  StackPtr     : 0013E4E8

Event Warning "EMET 1"

"Error Sending Telemetry Data: Config Not Initialized"

June 21st, 2013 11:30am

We had used "recommended settings" as well as "normal settings". I don't remember the exact names of these two any more.
Free Windows Admin Tool Kit Click here and download it now
June 21st, 2013 11:32am

Foxit Reader version 6.0.3.0524 crashes on startup unless SEHOP is disabled for it.

Running EMET version 4.0.4913.26122 on Windows 7 Ultimate 64-bit

Edit: The FoxIt crash with SEHOP does not happen on a second PC, all the versions are the same, the only difference is the working system has a Core 2 Duo CPU and the problem PC is a workstation with dual older XEON CPUs.  We've had several other applications that acted up on that XEON PC, in one case it was tracked down to a libgnutls26 bug that only happened on CPUs that have MMX but not SSE2.

  • Edited by jh_314159 Friday, June 28, 2013 7:41 PM additional info
June 27th, 2013 8:10pm

Foxit Reader version 6.0.3.0524 crashes on startup unless SEHOP is disabled for it.

Running EMET version 4.0.4913.26122 on Windows 7 Ultimate 64-bit

Edit: The FoxIt crash with SEHOP does not happen on a second PC, all the versions are the same, the only difference is the working system has a Core 2 Duo CPU and the problem PC is a workstation with dual older XEON CPUs.  We've had several other applications that acted up on that XEON PC, in one case it was tracked down to a libgnutls26 bug that only happened on CPUs that have MMX but not SSE2.

  • Edited by jh_314159 Friday, June 28, 2013 7:41 PM additional info
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2013 8:10pm

Foxit Reader version 6.0.3.0524 crashes on startup unless SEHOP is disabled for it.

Running EMET version 4.0.4913.26122 on Windows 7 Ultimate 64-bit

Edit: The FoxIt crash with SEHOP does not happen on a second PC, all the versions are the same, the only difference is the working system has a Core 2 Duo CPU and the problem PC is a workstation with dual older XEON CPUs.  We've had several other applications that acted up on that XEON PC, in one case it was tracked down to a libgnutls26 bug that only happened on CPUs that have MMX but not SSE2.

  • Edited by jh_314159 Friday, June 28, 2013 7:41 PM additional info
June 27th, 2013 8:10pm

Foxit Reader version 6.0.3.0524 crashes on startup unless SEHOP is disabled for it.

Running EMET version 4.0.4913.26122 on Windows 7 Ultimate 64-bit

Edit: The FoxIt crash with SEHOP does not happen on a second PC, all the versions are the same, the only difference is the working system has a Core 2 Duo CPU and the problem PC is a workstation with dual older XEON CPUs.  We've had several other applications that acted up on that XEON PC, in one case it was tracked down to a libgnutls26 bug that only happened on CPUs that have MMX but not SSE2.

Free Windows Admin Tool Kit Click here and download it now
June 27th, 2013 11:10pm

Foxit Reader version 6.0.3.0524 crashes on startup unless SEHOP is disabled for it.

Running EMET version 4.0.4913.26122 on Windows 7 Ultimate 64-bit

Edit: The FoxIt crash with SEHOP does not happen on a second PC, all the versions are the same, the only difference is the working system has a Core 2 Duo CPU and the problem PC is a workstation with dual older XEON CPUs.  We've had several other applications that acted up on that XEON PC, in one case it was tracked down to a libgnutls26 bug that only happened on CPUs that have MMX but not SSE2.

  • Edited by jh_314159 Friday, June 28, 2013 7:41 PM additional info
June 27th, 2013 11:10pm

Foxit Reader version 6.0.3.0524 crashes on startup unless SEHOP is disabled for it.

Running EMET version 4.0.4913.26122 on Windows 7 Ultimate 64-bit

Edit: The FoxIt crash with SEHOP does not happen on a second PC, all the versions are the same, the only difference is the working system has a Core 2 Duo CPU and the problem PC is a workstation with dual older XEON CPUs.  We've had several other applications that acted up on that XEON PC, in one case it was tracked down to a libgnutls26 bug that only happened on CPUs that have MMX but not SSE2.

  • Edited by jh_314159 Friday, June 28, 2013 7:41 PM additional info
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2013 11:10pm

Foxit Reader version 6.0.3.0524 crashes on startup unless SEHOP is disabled for it.

Running EMET version 4.0.4913.26122 on Windows 7 Ultimate 64-bit

Edit: The FoxIt crash with SEHOP does not happen on a second PC, all the versions are the same, the only difference is the working system has a Core 2 Duo CPU and the problem PC is a workstation with dual older XEON CPUs.  We've had several other applications that acted up on that XEON PC, in one case it was tracked down to a libgnutls26 bug that only happened on CPUs that have MMX but not SSE2.

  • Edited by jh_314159 Friday, June 28, 2013 7:41 PM additional info
June 27th, 2013 11:10pm

Foxit Reader version 6.0.3.0524 crashes on startup unless SEHOP is disabled for it.

Running EMET version 4.0.4913.26122 on Windows 7 Ultimate 64-bit

Edit: The FoxIt crash with SEHOP does not happen on a second PC, all the versions are the same, the only difference is the working system has a Core 2 Duo CPU and the problem PC is a workstation with dual older XEON CPUs.  We've had several other applications that acted up on that XEON PC, in one case it was tracked down to a libgnutls26 bug that only happened on CPUs that have MMX but not SSE2.

  • Edited by jh_314159 Friday, June 28, 2013 7:41 PM additional info
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2013 11:10pm

TeamViewer (8.0.19045) crashes if the ROP mitigation "Caller checks" is enabled (using EMET 4.0.4913.26122). You need to disable it for both "TeamViewer.exe" and "TeamViewer_Service.exe". All the other mitigations can be enabled. Also you can enable all mitigations for "TeamViewer_Desktop.exe", "tv_w32.exe" and "tv_x64.exe".


Application Name: C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
CallerCheck Failed:
  PID          : 0xC0C/3084
  TID          : B4C
  API Name     : kernel32.LoadLibraryExW
  ReturnAddress: 0101A299
  CalledAddress: 759C4945
  StackPtr     : 0016F274

Application Name: C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
CallerCheck Failed:
  PID          : 0x12A0/4768
  TID          : A94
  API Name     : kernel32.LoadLibraryExW
  ReturnAddress: 00B11CDA
  CalledAddress: 759C4945
  StackPtr     : 002DF9DC


July 3rd, 2013 12:29am

AQTime 7 by SmartBear is a .exe profiling application used by software developers.

I cannot disable the "SimExecFlow" check for this application, no matter what I try.

I added an entry to AQTime.exe and all other *.exe files installed by the application. I disabled all mitigations for all these executables. But when I start AQTime, EMET always detects a SimExecFlow, even if that checkbox is off.

The only way I can run AQTime is to switch from "Stop On Exploit" to "Audit Only". EMET will display the "SimExecFlow" detection for AQTime.exe but the application itself continues and works as expected.

Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2013 2:33am

Please consider the following "EMET 4.0: Configuration issues with XML profile" bug report: http://social.technet.microsoft.com/Forums/en-US/d3d8c845-20b1-46eb-91e6-d9f34ca1b302/emet-40-configuration-issues-with-xml-profile
July 3rd, 2013 10:39pm

EMET 4.0 with Outlook 2010 & CRM 2011 Plugin - Outlook crashing -stackpivot to fix
Free Windows Admin Tool Kit Click here and download it now
July 4th, 2013 12:30pm

New today.

Windows 7 x64 SP1

EMET 3.0. MS default config as installed - all opt in.

Google Chrome major version 28 completely broken by EMET 3.0. Google Chrome calendar major version 27 broken by same.

Solution: Disable SEHOP protection for chrome.exe. Fixed!

July 11th, 2013 12:30pm

Ubisoft Uplay (uplay.exe) crashes when launching unless "Caller" is unchecked in EMET.
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2013 11:55am

I had the same issue. seems to be fixed in EMET 4.0. Able to enable all protection for chrome without any issue (so far so good). Windows 7 32-bit SP1
July 19th, 2013 4:51am

I had same issue (same IE, same OS 32-bit, same EMET version). For me, I had to disable SEHOP. I have disabled all add-ons.

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 0000071a
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 800706ba
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417
  Additional Information 1: b628
  Additional Information 2: b6287eb38608c03c51f0e30bc059b95b
  Additional Information 3: dda5
  Additional Information 4: dda5a25c34804fd8baa0fa966fea80b9



Free Windows Admin Tool Kit Click here and download it now
July 19th, 2013 5:20am

I had same issue (same IE, same OS 32-bit, same EMET version). For me, I had to disable SEHOP. I have disabled all add-ons.

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 0000071a
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 800706ba
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417
  Additional Information 1: b628
  Additional Information 2: b6287eb38608c03c51f0e30bc059b95b
  Additional Information 3: dda5
  Additional Information 4: dda5a25c34804fd8baa0fa966fea80b9



  • Edited by Larry Patch Friday, July 19, 2013 9:18 AM added 32-bit
July 19th, 2013 9:18am

I had same issue (same IE, same OS 32-bit, same EMET version). For me, I had to disable SEHOP. I have disabled all add-ons.

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 0000071a
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 800706ba
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417
  Additional Information 1: b628
  Additional Information 2: b6287eb38608c03c51f0e30bc059b95b
  Additional Information 3: dda5
  Additional Information 4: dda5a25c34804fd8baa0fa966fea80b9



  • Edited by Larry Patch Friday, July 19, 2013 9:18 AM added 32-bit
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2013 9:18am

I had same issue (same IE, same OS 32-bit, same EMET version). For me, I had to disable SEHOP. I have disabled all add-ons.

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 0000071a
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 800706ba
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417
  Additional Information 1: b628
  Additional Information 2: b6287eb38608c03c51f0e30bc059b95b
  Additional Information 3: dda5
  Additional Information 4: dda5a25c34804fd8baa0fa966fea80b9



  • Edited by Larry Patch Friday, July 19, 2013 9:18 AM added 32-bit
July 19th, 2013 9:18am

I had same issue (same IE, same OS 32-bit, same EMET version). For me, I had to disable SEHOP. I have disabled all add-ons.

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 0000071a
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 800706ba
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417
  Additional Information 1: b628
  Additional Information 2: b6287eb38608c03c51f0e30bc059b95b
  Additional Information 3: dda5
  Additional Information 4: dda5a25c34804fd8baa0fa966fea80b9



  • Edited by Larry Patch Friday, July 19, 2013 9:18 AM added 32-bit
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2013 12:18pm

I had same issue (same IE, same OS 32-bit, same EMET version). For me, I had to disable SEHOP. I have disabled all add-ons.

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 0000071a
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 800706ba
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417
  Additional Information 1: b628
  Additional Information 2: b6287eb38608c03c51f0e30bc059b95b
  Additional Information 3: dda5
  Additional Information 4: dda5a25c34804fd8baa0fa966fea80b9



  • Edited by Larry Patch Friday, July 19, 2013 9:18 AM added 32-bit
July 19th, 2013 12:18pm

I had same issue (same IE, same OS 32-bit, same EMET version). For me, I had to disable SEHOP. I have disabled all add-ons.

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 0000071a
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 800706ba
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417
  Additional Information 1: b628
  Additional Information 2: b6287eb38608c03c51f0e30bc059b95b
  Additional Information 3: dda5
  Additional Information 4: dda5a25c34804fd8baa0fa966fea80b9



  • Edited by Larry Patch Friday, July 19, 2013 9:18 AM added 32-bit
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2013 12:18pm

I had same issue (same IE, same OS 32-bit, same EMET version). For me, I had to disable SEHOP. I have disabled all add-ons.

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 0000071a
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16635
  Application Timestamp: 51b7a921
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.1.7601.18015
  Fault Module Timestamp: 50b83b16
  Exception Code: 800706ba
  Exception Offset: 0000812f
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 17417
  Additional Information 1: b628
  Additional Information 2: b6287eb38608c03c51f0e30bc059b95b
  Additional Information 3: dda5
  Additional Information 4: dda5a25c34804fd8baa0fa966fea80b9



  • Edited by Larry Patch Friday, July 19, 2013 9:18 AM added 32-bit
July 19th, 2013 12:18pm

Acrobat Reader always hangs and eventually closes itself with EMET 4.0 installed. Works just fine when SEHOP is disabled for AcroRd32.exe.
Free Windows Admin Tool Kit Click here and download it now
August 15th, 2013 12:43pm

Brocade Switch configuration and other Java Web Start Applets: 

"could not create the java virtual machine" caused by EMET 4.0 HeapSpray Mitigation.

Solution: disable Heap Spray Mitigation for javaw.exe


August 20th, 2013 12:08pm

Brocade Switch configuration and other Java Web Start Applets: 

"could not create the java virtual machine" caused by EMET 4.0 HeapSpray Mitigation.

Solution: disable Heap Spray Mitigation for javaw.exe


Free Windows Admin Tool Kit Click here and download it now
August 20th, 2013 12:08pm

Brocade Switch configuration and other Java Web Start Applets: 

"could not create the java virtual machine" caused by EMET 4.0 HeapSpray Mitigation.

Solution: disable Heap Spray Mitigation for javaw.exe


August 20th, 2013 12:08pm

Brocade Switch configuration and other Java Web Start Applets: 

"could not create the java virtual machine" caused by EMET 4.0 HeapSpray Mitigation.

Solution: disable Heap Spray Mitigation for javaw.exe


Free Windows Admin Tool Kit Click here and download it now
August 20th, 2013 3:08pm

Brocade Switch configuration and other Java Web Start Applets: 

"could not create the java virtual machine" caused by EMET 4.0 HeapSpray Mitigation.

Solution: disable Heap Spray Mitigation for javaw.exe


August 20th, 2013 3:08pm

Brocade Switch configuration and other Java Web Start Applets: 

"could not create the java virtual machine" caused by EMET 4.0 HeapSpray Mitigation.

Solution: disable Heap Spray Mitigation for javaw.exe


Free Windows Admin Tool Kit Click here and download it now
August 20th, 2013 3:08pm

Brocade Switch configuration and other Java Web Start Applets: 

"could not create the java virtual machine" caused by EMET 4.0 HeapSpray Mitigation.

Solution: disable Heap Spray Mitigation for javaw.exe


August 20th, 2013 3:08pm

Angebotsassistent e-Vergabe (http://www.evergabe-online.de/) does not work as long as EMET 4.0 is installed.

Disabling all Mitigations does not seem to help - but it works again after EMET 4.0 is uninstalled.

Free Windows Admin Tool Kit Click here and download it now
August 20th, 2013 5:06pm

Yahoo Messenger will not start with the DEP mitigation enabled.  EMET does not present an error or a log when this happens.

EMET 4.0

Win7 Pro 64-bit

August 20th, 2013 10:07pm

The Think Cell addon for Powerpoint will trigger a Caller mitigation when importing data from Excel.  This will cause EMET to close Excel.  Disabling the Caller mitigation resolved this issue.

EMET 4.0

Win7 Pro 64-bit

Free Windows Admin Tool Kit Click here and download it now
August 28th, 2013 9:52pm

I have seen the same thing with Outlook and a specific add-in.  EMET stops Outlook due to SimExecFlow.  Disable SimExecFlow, same issue.  Disable all mitigations, SAME ISSUE.  The only way around is to completely remove the process from EMET.  Currently working with Microsoft on this issue, I will update you if we get a resolution.
September 12th, 2013 2:31am

The PhonerLite VoIP softphone (http://www.phonerlite.de/download_en.htm) in its current version 2.11 gets prevented from starting up by the EMET's "SimExecFlow".

See following forum thread for details: http://www.forum.phoner.de/YaBB.pl?num=1379779020
Free Windows Admin Tool Kit Click here and download it now
September 24th, 2013 7:39pm

If you boot with a Windows Mobile device connected (at least when connected via USB), Windows Mobile Device Center (v6.1.6965) crashes on startup. You can start WMDC once the system has finished startup, and you can plug a device in after startup, either way WMDC will work fine. But if you startup with a device attached, WMDC try to start and will crash. This is with EMET 4.0 on Windows 7 Ultimate x64. Did not have this problem until after EMET was installed. WMDC services are set for Auto (delayed) start. WMDC is runing under EMET with all mitigations enabled.

Also Speedfan 4.49 will not run under EMET. It fails with a SimExecFlow error. And seems to "load" in EMET twice or something. I had to disable all mitigations and remove it in the list in the Applications Configuration window, and again in the Running Processes list in the main window. I tried adding each mitigation separately, to see if a specific mitigation was the issue, but it simply would not work if any of the mitigations were enabled in EMET. Same computer as the WMDC issue.

September 28th, 2013 9:23pm

mmc.exe with AGPM 4.0 crashes when I switch to "Change Control" section. Fixed by uncheck EAF for mmc.exe.
Free Windows Admin Tool Kit Click here and download it now
October 27th, 2013 7:43pm

Chrome 31.0.1650.58 does not load tabs/websites, Mitigation "Caller" causes this problem. 

I had this issue on several computers. Can't say for now whether it's new with Chrome 31 or EMET 4.1, since both updates were installed at the same time. Maybe someone else has this problem, too. 

November 14th, 2013 1:14am

multiple DEP alert on Word 2013 (EMET 4.1 default values/Windows 7 64bits./INTEL Core2quad Q9950)

Free Windows Admin Tool Kit Click here and download it now
November 15th, 2013 8:27pm

Adobe Acrobat 8.3.1.289
Windows XP SP3

EMET 4:
EMET Detected caller mitigation and will close the application: acrobat.exe

But, the notice is erroneous: It occurs after i disable Caller for Acrobat & it does not close acrobat. Additionally, the notice is set off when acrobat is launched without a pdf.

November 19th, 2013 10:35pm

Windows 7 x64

Office 2010

We are seeing stackpivot mitigations for Outlook.exe for those users that have the MS CRM Plugin for Outlook installed FYI. All MS products and apparently not playing nicely.

StackPivot check failed:  

Application : C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

User Name : DOMAIN\USER

Session ID : 1 PID : 0x384 (900)

TID : 0x10C (268)

API name : kernel32.CreateFileMappingA

ReturnAddress : 0x63474146

CalledAddress : 0x769D54A6

Thread stack area range: [0x18EC9000..0x18ED0000]

StackPtr : 0x18EC5744



Free Windows Admin Tool Kit Click here and download it now
November 21st, 2013 4:16pm

I'm also experiencing a "SimExecFlow" error when using a specific application - even if all mitigations have been turned off. You have to actually remove the app from the apps list. The apps concerned are the DirectShow filters subsumed under the name "LAV Filters" (https://code.google.com/p/lavfilters/). If their ffmpeg part is compiled using gcc 4.8.x EMET will close them upon start. I'm testing it with the MPC-HC media player 1.7.1 (it comes with LAV Filters built in, so you don't have to download those extra), download below:

http://mpc-hc.org/downloads/

Tested with EMET 4.0 and EMET 4.1 under Windows 7 x64 SP1.

To reproduce:

Add mpc-hc to EMET list (or possibly other DirectShow players), open mpc-hc and make it use one of the LAV Filters by opening a file that needs them or changing their settings. (For the built-in ones: Options>Internal Filters>[one of the bottons at the bottom])

  • Edited by mwellm Sunday, December 01, 2013 11:49 PM
December 1st, 2013 11:14pm

I'm also experiencing a "SimExecFlow" error when using a specific application - even if all mitigations have been turned off. You have to actually remove the app from the apps list. The apps concerned are the DirectShow filters subsumed under the name "LAV Filters" (https://code.google.com/p/lavfilters/). If their ffmpeg part is compiled using gcc 4.8.x EMET will close them upon start. I'm testing it with the MPC-HC media player 1.7.1 (it comes with LAV Filters built in, so you don't have to download those extra), download below:

http://mpc-hc.org/downloads/

Tested with EMET 4.0 and EMET 4.1 under Windows 7 x64 SP1.

To reproduce:

Add mpc-hc to EMET list (or possibly other DirectShow players), open mpc-hc and make it use one of the LAV Filters by opening a file that needs them or changing their settings. (For the built-in ones: Options>Internal Filters>[one of the bottons at the bottom])

  • Edited by mwellm Sunday, December 01, 2013 11:49 PM
Free Windows Admin Tool Kit Click here and download it now
December 1st, 2013 11:14pm

I'm also experiencing a "SimExecFlow" error when using a specific application - even if all mitigations have been turned off. You have to actually remove the app from the apps list. The apps concerned are the DirectShow filters subsumed under the name "LAV Filters" (https://code.google.com/p/lavfilters/). If their ffmpeg part is compiled using gcc 4.8.x EMET will close them upon start. I'm testing it with the MPC-HC media player 1.7.1 (it comes with LAV Filters built in, so you don't have to download those extra), download below:

http://mpc-hc.org/downloads/

Tested with EMET 4.0 and EMET 4.1 under Windows 7 x64 SP1.

To reproduce:

Add mpc-hc to EMET list (or possibly other DirectShow players), open mpc-hc and make it use one of the LAV Filters by opening a file that needs them or changing their settings. (For the built-in ones: Options>Internal Filters>[one of the bottons at the bottom])

  • Edited by mwellm Sunday, December 01, 2013 11:49 PM
December 1st, 2013 11:14pm

I'm also experiencing a "SimExecFlow" error when using a specific application - even if all mitigations have been turned off. You have to actually remove the app from the apps list. The apps concerned are the DirectShow filters subsumed under the name "LAV Filters" (https://code.google.com/p/lavfilters/). If their ffmpeg part is compiled using gcc 4.8.x EMET will close them upon start. I'm testing it with the MPC-HC media player 1.7.1 (it comes with LAV Filters built in, so you don't have to download those extra), download below:

http://mpc-hc.org/downloads/

Tested with EMET 4.0 and EMET 4.1 under Windows 7 x64 SP1.

To reproduce:

Add mpc-hc to EMET list (or possibly other DirectShow players), open mpc-hc and make it use one of the LAV Filters by opening a file that needs them or changing their settings. (For the built-in ones: Options>Internal Filters>[one of the bottons at the bottom])

  • Edited by mwellm Sunday, December 01, 2013 11:49 PM
Free Windows Admin Tool Kit Click here and download it now
December 2nd, 2013 2:14am

I'm also experiencing a "SimExecFlow" error when using a specific application - even if all mitigations have been turned off. You have to actually remove the app from the apps list. The apps concerned are the DirectShow filters subsumed under the name "LAV Filters" (https://code.google.com/p/lavfilters/). If their ffmpeg part is compiled using gcc 4.8.x EMET will close them upon start. I'm testing it with the MPC-HC media player 1.7.1 (it comes with LAV Filters built in, so you don't have to download those extra), download below:

http://mpc-hc.org/downloads/

Tested with EMET 4.0 and EMET 4.1 under Windows 7 x64 SP1.

To reproduce:

Add mpc-hc to EMET list (or possibly other DirectShow players), open mpc-hc and make it use one of the LAV Filters by opening a file that needs them or changing their settings. (For the built-in ones: Options>Internal Filters>[one of the bottons at the bottom])

  • Edited by mwellm Sunday, December 01, 2013 11:49 PM
December 2nd, 2013 2:14am

I'm also experiencing a "SimExecFlow" error when using a specific application - even if all mitigations have been turned off. You have to actually remove the app from the apps list. The apps concerned are the DirectShow filters subsumed under the name "LAV Filters" (https://code.google.com/p/lavfilters/). If their ffmpeg part is compiled using gcc 4.8.x EMET will close them upon start. I'm testing it with the MPC-HC media player 1.7.1 (it comes with LAV Filters built in, so you don't have to download those extra), download below:

http://mpc-hc.org/downloads/

Tested with EMET 4.0 and EMET 4.1 under Windows 7 x64 SP1.

To reproduce:

Add mpc-hc to EMET list (or possibly other DirectShow players), open mpc-hc and make it use one of the LAV Filters by opening a file that needs them or changing their settings. (For the built-in ones: Options>Internal Filters>[one of the bottons at the bottom])

  • Edited by mwellm Sunday, December 01, 2013 11:49 PM
Free Windows Admin Tool Kit Click here and download it now
December 2nd, 2013 2:14am

I'm also experiencing a "SimExecFlow" error when using a specific application - even if all mitigations have been turned off. You have to actually remove the app from the apps list. The apps concerned are the DirectShow filters subsumed under the name "LAV Filters" (https://code.google.com/p/lavfilters/). If their ffmpeg part is compiled using gcc 4.8.x EMET will close them upon start. I'm testing it with the MPC-HC media player 1.7.1 (it comes with LAV Filters built in, so you don't have to download those extra), download below:

http://mpc-hc.org/downloads/

Tested with EMET 4.0 and EMET 4.1 under Windows 7 x64 SP1.

To reproduce:

Add mpc-hc to EMET list (or possibly other DirectShow players), open mpc-hc and make it use one of the LAV Filters by opening a file that needs them or changing their settings. (For the built-in ones: Options>Internal Filters>[one of the bottons at the bottom])

  • Edited by mwellm Sunday, December 01, 2013 11:49 PM
December 2nd, 2013 2:14am

I'm having reports from all our developers on the following Emet 4.1 issue:

  • Windows 7 64bit
  • EMET 4.1
  • Visual Studio 2010 (32 bit)
  • Internet Explorer 9 32bit
  • Silverlight 5 (5.1.20913.0)
  • F5 in Visual Studio, builds and attaches to IE for Silverlight debugging, loads start page hosting Silverlight plugin

Result is silent end of IE process

No log.

Disabling all EMET checks does not resolve.

Uninstalling EMET resolves.


Free Windows Admin Tool Kit Click here and download it now
December 2nd, 2013 4:22pm

On my Win7 w/ Office 64bit machine Excel crashes on launch with EMET 4.1. Problem with the Excel MS Power Query November update add-in. Disabled all mitigations but same result. Un-installing EMET fixes. 

December 5th, 2013 2:38am

ArcSoft TotalMedia Theatre 6.5.1.150

Application crashes when try to play Blu-Ray disk with java apps on it. Caused by system-enabled DEP. The only workaround is to set system DEP setting to Application Opt In.

Free Windows Admin Tool Kit Click here and download it now
December 16th, 2013 1:45am

Certificate Pinning feature conflicts with Comodo's certsentry (it's bundled with installer version of Comodo Dragon), causes lots of programs fail to connect internet properly, but connect to "no-dns-yet.ccanet.co.uk".

Disabling the feature or uninstalling certsentry (i.e. uninstall Dragon & re-install Dragon portable version) immediately solve the problem.

Somohow when both are enabled and system is restarted, the conflict seem not to appear immediatly, but seem to need several hours to produce the problem.

Sorry for poor English!

December 17th, 2013 9:54am

I'm having reports from all our developers on the following Emet 4.1 issue:

I'm not sure if this is similar or not, since our issue logs to the Windows OS Application log, but just in case -

Our programmers who use Visual Studio with Internet Explorer applications and set breakpoints will trigger EMET EAF mitigation after pressing F10.  To fix that, we put that PC in its own OU inside its present OU, and then created a group policy for an OU with the following settings:

Default Protections for Internet Explorer: Disabled

 Application Settings: Enabled & Show. (note: no spaces before the asterisk):

                *\Internet Explorer\iexplore.exe -EAF


Free Windows Admin Tool Kit Click here and download it now
December 27th, 2013 8:15pm

I'm having reports from all our developers on the following Emet 4.1 issue:

I'm not sure if this is similar or not, since our issue logs to the Windows OS Application log, but just in case -

Our programmers who use Visual Studio with Internet Explorer applications and set breakpoints will trigger EMET EAF mitigation after pressing F10.  To fix that, we put that PC in its own OU inside its present OU, and then created a group policy for an OU with the following settings:

Default Protections for Internet Explorer: Disabled

 Application Settings: Enabled & Show. (note: no spaces before the asterisk):

                *\Internet Explorer\iexplore.exe -EAF


December 27th, 2013 8:15pm

I'm having reports from all our developers on the following Emet 4.1 issue:

I'm not sure if this is similar or not, since our issue logs to the Windows OS Application log, but just in case -

Our programmers who use Visual Studio with Internet Explorer applications and set breakpoints will trigger EMET EAF mitigation after pressing F10.  To fix that, we put that PC in its own OU inside its present OU, and then created a group policy for an OU with the following settings:

Default Protections for Internet Explorer: Disabled

 Application Settings: Enabled & Show. (note: no spaces before the asterisk):

                *\Internet Explorer\iexplore.exe -EAF


Free Windows Admin Tool Kit Click here and download it now
December 27th, 2013 8:15pm

I'm having reports from all our developers on the following Emet 4.1 issue:

I'm not sure if this is similar or not, since our issue logs to the Windows OS Application log, but just in case -

Our programmers who use Visual Studio with Internet Explorer applications and set breakpoints will trigger EMET EAF mitigation after pressing F10.  To fix that, we put that PC in its own OU inside its present OU, and then created a group policy for an OU with the following settings:

Default Protections for Internet Explorer: Disabled

 Application Settings: Enabled & Show. (note: no spaces before the asterisk):

                *\Internet Explorer\iexplore.exe -EAF


December 27th, 2013 8:15pm

I'm having reports from all our developers on the following Emet 4.1 issue:

I'm not sure if this is similar or not, since our issue logs to the Windows OS Application log, but just in case -

Our programmers who use Visual Studio with Internet Explorer applications and set breakpoints will trigger EMET EAF mitigation after pressing F10.  To fix that, we put that PC in its own OU inside its present OU, and then created a group policy for an OU with the following settings:

Default Protections for Internet Explorer: Disabled

 Application Settings: Enabled & Show. (note: no spaces before the asterisk):

                *\Internet Explorer\iexplore.exe -EAF


Free Windows Admin Tool Kit Click here and download it now
December 27th, 2013 11:15pm

I'm having reports from all our developers on the following Emet 4.1 issue:

I'm not sure if this is similar or not, since our issue logs to the Windows OS Application log, but just in case -

Our programmers who use Visual Studio with Internet Explorer applications and set breakpoints will trigger EMET EAF mitigation after pressing F10.  To fix that, we put that PC in its own OU inside its present OU, and then created a group policy for an OU with the following settings:

Default Protections for Internet Explorer: Disabled

 Application Settings: Enabled & Show. (note: no spaces before the asterisk):

                *\Internet Explorer\iexplore.exe -EAF


December 27th, 2013 11:15pm

I'm having reports from all our developers on the following Emet 4.1 issue:

I'm not sure if this is similar or not, since our issue logs to the Windows OS Application log, but just in case -

Our programmers who use Visual Studio with Internet Explorer applications and set breakpoints will trigger EMET EAF mitigation after pressing F10.  To fix that, we put that PC in its own OU inside its present OU, and then created a group policy for an OU with the following settings:

Default Protections for Internet Explorer: Disabled

 Application Settings: Enabled & Show. (note: no spaces before the asterisk):

                *\Internet Explorer\iexplore.exe -EAF


Free Windows Admin Tool Kit Click here and download it now
December 27th, 2013 11:15pm

I'm having reports from all our developers on the following Emet 4.1 issue:

I'm not sure if this is similar or not, since our issue logs to the Windows OS Application log, but just in case -

Our programmers who use Visual Studio with Internet Explorer applications and set breakpoints will trigger EMET EAF mitigation after pressing F10.  To fix that, we put that PC in its own OU inside its present OU, and then created a group policy for an OU with the following settings:

Default Protections for Internet Explorer: Disabled

 Application Settings: Enabled & Show. (note: no spaces before the asterisk):

                *\Internet Explorer\iexplore.exe -EAF


December 27th, 2013 11:15pm

Yuki2718,

This problem can be solved as follows:at the command prompt as Administrator regsvr32 /u certsentry.dll and prohibiting in Group Policy application execution certsentry_setup.exe. Though the course is a crutch.



  • Edited by Wednesday, January 01, 2014 12:01 PM
Free Windows Admin Tool Kit Click here and download it now
December 28th, 2013 1:07pm

Yuki2718,

This problem can be solved as follows:at the command prompt as Administrator regsvr32 /u certsentry.dll and prohibiting in Group Policy application execution certsentry_setup.exe. Though the course is a crutch.



  • Edited by Wednesday, January 01, 2014 12:01 PM
December 28th, 2013 1:07pm

Yuki2718,

This problem can be solved as follows:at the command prompt as Administrator regsvr32 /u certsentry.dll and prohibiting in Group Policy application execution certsentry_setup.exe. Though the course is a crutch.



  • Edited by Wednesday, January 01, 2014 12:01 PM
Free Windows Admin Tool Kit Click here and download it now
December 28th, 2013 1:07pm

Yuki2718,

This problem can be solved as follows:at the command prompt as Administrator regsvr32 /u certsentry.dll and prohibiting in Group Policy application execution certsentry_setup.exe. Though the course is a crutch.



  • Edited by Wednesday, January 01, 2014 12:01 PM
December 28th, 2013 4:07pm

Yuki2718,

This problem can be solved as follows:at the command prompt as Administrator regsvr32 /u certsentry.dll and prohibiting in Group Policy application execution certsentry_setup.exe. Though the course is a crutch.



  • Edited by Wednesday, January 01, 2014 12:01 PM
Free Windows Admin Tool Kit Click here and download it now
December 28th, 2013 4:07pm

Yuki2718,

This problem can be solved as follows:at the command prompt as Administrator regsvr32 /u certsentry.dll and prohibiting in Group Policy application execution certsentry_setup.exe. Though the course is a crutch.



  • Edited by Wednesday, January 01, 2014 12:01 PM
December 28th, 2013 4:07pm

Yuki2718,

This problem can be solved as follows:at the command prompt as Administrator regsvr32 /u certsentry.dll and prohibiting in Group Policy application execution certsentry_setup.exe. Though the course is a crutch.



  • Edited by Wednesday, January 01, 2014 12:01 PM
Free Windows Admin Tool Kit Click here and download it now
December 28th, 2013 4:07pm

EMET 4.0 with Outlook 2010 & CRM 2011 Plugin - Outlook crashing -stackpivot to fix

I realize I can disable the stackpivot check however what if there is a real stackpivot vul that isn't CRM related? We would be unprotected. That and I thought MS products were EMET certified? I suppose I can ask them...

In fact EMET isn't actually closing outlook when the stackpivot mitigation happens. We are just getting a lot of EMET alert (noise) emails.

January 17th, 2014 2:46pm

Outlook 2007
SalesForce For Outlook plugin
https://na9.salesforce.com/setup/crmforoutlook/bin/SalesforceForOutlook.exe

Login to SalesForce via the plugin. Outlook will crash and notify user about SimExecFlow. Turning this option off gets rid of the error.

Free Windows Admin Tool Kit Click here and download it now
January 21st, 2014 6:01pm

Turns out a reinstall of the CRM plugin fixed some cobwebs and EMET is no longer alerting on Stackpivot.

I'd also like to point out that telling people to just turn off the mitigation kind of defeats the purpose of EMET. It is there to let you know you have some software doing bad (malware-like) things...and the correct action would be to fix said software. In the case of Outlook, I did not want to turn off any mitigations. Perhaps for small corner case LOB apps that is more doable.

January 29th, 2014 1:06pm

Hi,

I would like to report the following:

Netbook with Intel Atom CPU
OS : Windows 7 Starter (32Bit)


EMET 4.1
======

System-Wide Configuration:
------------------------------
DEP - App-Opt-Out (instead of App-Opt-In)
SEHOP - App-Opt-In
ASLR - App-Opt-In
CERT TRUST - Enabled


Application/Trust Certificate Configurations:
-----------------------------------------------
Default Profiles provided via installed deployment folder:

Popular Software.xml
CertTrust.xml

and manual additions of other installed applications.


Reporting Options:
--------------------
Windows Event Log - On
Tray Icon - On
Early Warning - On


Problem : Palemoon Version 24.3.0 (Atom) internet browser starts as indicated by Task Manager but does not launch. No alerts by EMET Agent Tray Icon.

Offending Mitigation : ROP - SimExecFlow.

Solution Applied : Unchecked ROP - SimExecFlow Mitigation.


Hope this information helps other users.

Free Windows Admin Tool Kit Click here and download it now
January 31st, 2014 6:17am

Just as an FYI I've started a spreadsheet with issues. If you could when reporting add them to the spreadsheet it will help the community and us (MSFT) to tailor installs to our organizations as well as help drive to resolution issues that are encountered.

http://social.technet.microsoft.com/wiki/contents/articles/22931.emet-known-application-issues-table.aspx is the wiki page however due to formatting issues the actual data is hosted in an Excel Web Page instead located at

http://sdrv.ms/LS9PNV which should be open to all to edit.  Try to fill in fields as much as possible to help out when you encounter app issues.  The first page in the workbook is EMET mitigations which are the specific emet.dll injection mitigations provided to applications, the 2nd page is the System-Wide Mitigations (DEP/SEHOP/ASLR) which realistically are not EMET however can be controlled by EMET so if you do have a system-wide protection mechanism crash post it on the 2nd page.

Thanks for your help with this :)

Kurt Falde

MSFT

February 6th, 2014 9:22pm

I want to bring to your attention:

Settings for Vlc.exe are proposed in popular software.xml

Up to version 2.1.2 of vlc those settings are compatible.

vlc 2.1.3 is not compatible with SimExecFlow.

EMET notification: "EMET detected SimExecFlow mitigation and will close the application: vlc.exe"

right after vlc.exe start.

This has been reported as h...://social.technet.microsoft.com/Forums/security/en-US/b603ecaa-441c-4256-8f3f-ce5c33e3723a/

There are also posts about this incompability as

h...://trac.videolan.org/vlc/ticket/10583

and as

h...://forum.videolan.org/viewtopic.php?f=14&t=117231

As the incompatible setting is part of a proposed and predefined set of settings this might be of interest for you.


  • Edited by happywing93 Wednesday, February 19, 2014 7:56 AM
Free Windows Admin Tool Kit Click here and download it now
February 19th, 2014 7:55am

I want to bring to your attention:

Settings for Vlc.exe are proposed in popular software.xml

Up to version 2.1.2 of vlc those settings are compatible.

vlc 2.1.3 is not compatible with SimExecFlow.

EMET notification: "EMET detected SimExecFlow mitigation and will close the application: vlc.exe"

right after vlc.exe start.

This has been reported as h...://social.technet.microsoft.com/Forums/security/en-US/b603ecaa-441c-4256-8f3f-ce5c33e3723a/

There are also posts about this incompability as

h...://trac.videolan.org/vlc/ticket/10583

and as

h...://forum.videolan.org/viewtopic.php?f=14&t=117231

As the incompatible setting is part of a proposed and predefined set of settings this might be of interest for you.


  • Edited by happywing93 Wednesday, February 19, 2014 7:56 AM
February 19th, 2014 7:55am

I want to bring to your attention:

Settings for Vlc.exe are proposed in popular software.xml

Up to version 2.1.2 of vlc those settings are compatible.

vlc 2.1.3 is not compatible with SimExecFlow.

EMET notification: "EMET detected SimExecFlow mitigation and will close the application: vlc.exe"

right after vlc.exe start.

This has been reported as h...://social.technet.microsoft.com/Forums/security/en-US/b603ecaa-441c-4256-8f3f-ce5c33e3723a/

There are also posts about this incompability as

h...://trac.videolan.org/vlc/ticket/10583

and as

h...://forum.videolan.org/viewtopic.php?f=14&t=117231

As the incompatible setting is part of a proposed and predefined set of settings this might be of interest for you.


  • Edited by happywing93 Wednesday, February 19, 2014 7:56 AM
Free Windows Admin Tool Kit Click here and download it now
February 19th, 2014 7:55am

I want to bring to your attention:

Settings for Vlc.exe are proposed in popular software.xml

Up to version 2.1.2 of vlc those settings are compatible.

vlc 2.1.3 is not compatible with SimExecFlow.

EMET notification: "EMET detected SimExecFlow mitigation and will close the application: vlc.exe"

right after vlc.exe start.

This has been reported as h...://social.technet.microsoft.com/Forums/security/en-US/b603ecaa-441c-4256-8f3f-ce5c33e3723a/

There are also posts about this incompability as

h...://trac.videolan.org/vlc/ticket/10583

and as

h...://forum.videolan.org/viewtopic.php?f=14&t=117231

As the incompatible setting is part of a proposed and predefined set of settings this might be of interest for you.


  • Edited by happywing93 Wednesday, February 19, 2014 7:56 AM
February 19th, 2014 10:55am

I want to bring to your attention:

Settings for Vlc.exe are proposed in popular software.xml

Up to version 2.1.2 of vlc those settings are compatible.

vlc 2.1.3 is not compatible with SimExecFlow.

EMET notification: "EMET detected SimExecFlow mitigation and will close the application: vlc.exe"

right after vlc.exe start.

This has been reported as h...://social.technet.microsoft.com/Forums/security/en-US/b603ecaa-441c-4256-8f3f-ce5c33e3723a/

There are also posts about this incompability as

h...://trac.videolan.org/vlc/ticket/10583

and as

h...://forum.videolan.org/viewtopic.php?f=14&t=117231

As the incompatible setting is part of a proposed and predefined set of settings this might be of interest for you.


  • Edited by happywing93 Wednesday, February 19, 2014 7:56 AM
Free Windows Admin Tool Kit Click here and download it now
February 19th, 2014 10:55am

I want to bring to your attention:

Settings for Vlc.exe are proposed in popular software.xml

Up to version 2.1.2 of vlc those settings are compatible.

vlc 2.1.3 is not compatible with SimExecFlow.

EMET notification: "EMET detected SimExecFlow mitigation and will close the application: vlc.exe"

right after vlc.exe start.

This has been reported as h...://social.technet.microsoft.com/Forums/security/en-US/b603ecaa-441c-4256-8f3f-ce5c33e3723a/

There are also posts about this incompability as

h...://trac.videolan.org/vlc/ticket/10583

and as

h...://forum.videolan.org/viewtopic.php?f=14&t=117231

As the incompatible setting is part of a proposed and predefined set of settings this might be of interest for you.


  • Edited by happywing93 Wednesday, February 19, 2014 7:56 AM
February 19th, 2014 10:55am

Your EXEL ONLINE spreadsheet should be formated as table in order to let everyone be able to see table headers, even if doing edits in in high numbered rows.

"Format as table" is available in web interface but there seems to be no obvious way to correct/revert table format for "everyone" users.

So it might be necessary for Support personal to have a look at that table and think of a practical solution for this comfort/accebility problem/feature.

Thank you.



  • Edited by Riopantr193 Friday, February 21, 2014 4:07 PM
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2014 4:05pm

Your EXEL ONLINE spreadsheet should be formated as table in order to let everyone be able to see table headers, even if doing edits in in high numbered rows.

"Format as table" is available in web interface but there seems to be no obvious way to correct/revert table format for "everyone" users.

So it might be necessary for Support personal to have a look at that table and think of a practical solution for this comfort/accebility problem/feature.

Thank you.



  • Edited by Riopantr193 Friday, February 21, 2014 4:07 PM
February 21st, 2014 4:05pm

Your EXEL ONLINE spreadsheet should be formated as table in order to let everyone be able to see table headers, even if doing edits in in high numbered rows.

"Format as table" is available in web interface but there seems to be no obvious way to correct/revert table format for "everyone" users.

So it might be necessary for Support personal to have a look at that table and think of a practical solution for this comfort/accebility problem/feature.

Thank you.



  • Edited by Riopantr193 Friday, February 21, 2014 4:07 PM
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2014 4:05pm

Your EXEL ONLINE spreadsheet should be formated as table in order to let everyone be able to see table headers, even if doing edits in in high numbered rows.

"Format as table" is available in web interface but there seems to be no obvious way to correct/revert table format for "everyone" users.

So it might be necessary for Support personal to have a look at that table and think of a practical solution for this comfort/accebility problem/feature.

Thank you.



  • Edited by Riopantr193 Friday, February 21, 2014 4:07 PM
February 21st, 2014 7:05pm

Your EXEL ONLINE spreadsheet should be formated as table in order to let everyone be able to see table headers, even if doing edits in in high numbered rows.

"Format as table" is available in web interface but there seems to be no obvious way to correct/revert table format for "everyone" users.

So it might be necessary for Support personal to have a look at that table and think of a practical solution for this comfort/accebility problem/feature.

Thank you.



  • Edited by Riopantr193 Friday, February 21, 2014 4:07 PM
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2014 7:05pm

Your EXEL ONLINE spreadsheet should be formated as table in order to let everyone be able to see table headers, even if doing edits in in high numbered rows.

"Format as table" is available in web interface but there seems to be no obvious way to correct/revert table format for "everyone" users.

So it might be necessary for Support personal to have a look at that table and think of a practical solution for this comfort/accebility problem/feature.

Thank you.



  • Edited by Riopantr193 Friday, February 21, 2014 4:07 PM
February 21st, 2014 7:05pm

Windows 7 x86 SP1, EMET 5.0 Technical Preview, system settings: DEP=Opt In, SEHOP=Opt In, ASLR=Opt In, CertTrust=Enabled.

1) Adobe Reader 11.0.6 hang on opening the document due EAF enabled by default; when EAF disabled, crash on exit

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: AcroRd32.exe
  Application Version: 11.0.6.70
  Application Timestamp: 52b528e2
  Fault Module Name: EMET.DLL
  Fault Module Version: 5.0.0.0
  Fault Module Timestamp: 530b82f5
  Exception Code: c0000005
  Exception Offset: 0002b5cb
  OS Version: 6.1.7601.2.1.0.256.1
  Locale ID: 1049
  Additional Information 1: 45fc
  Additional Information 2: 45fc2d309b68ba45f0ab6d26aa89f613
  Additional Information 3: 2126
  Additional Information 4: 212673e4d3966f14628a4684356d1887

2) Internet Explorer 10 while logging in to this very forum thread crashed twice:

Problem signature:
  Problem Event Name: APPCRASH
  Application Name: iexplore.exe
  Application Version: 10.0.9200.16798
  Application Timestamp: 52ec7da1
  Fault Module Name: EMET.DLL
  Fault Module Version: 5.0.0.0
  Fault Module Timestamp: 530b82f5
  Exception Code: c0000005
  Exception Offset: 0002ad98
  OS Version: 6.1.7601.2.1.0.256.1
  Locale ID: 1049
  Additional Information 1: bda1
  Additional Information 2: bda121a38238ccf5ccb8b5cefddc9000
  Additional Information 3: 2e07
  Additional Information 4: 2e073306618385ff80227a2109092d69

Free Windows Admin Tool Kit Click here and download it now
February 26th, 2014 11:10am

Microsoft Office Word 2003 (11.0.8409.8405) SP3 crash on exit if any of DEP, EAF Mandatory ASLR are enabled.

  Problem Event Name: APPCRASH
  Application Name: WINWORD.EXE
  Application Version: 11.0.8409.0
  Application Timestamp: 52a8dbe1
  Fault Module Name: EMET.DLL
  Fault Module Version: 5.0.0.0
  Fault Module Timestamp: 530b82f5
  Exception Code: c0000005
  Exception Offset: 0002ad98
  OS Version: 6.1.7601.2.1.0.256.1
  Locale ID: 1049
  Additional Information 1: bda1
  Additional Information 2: bda121a38238ccf5ccb8b5cefddc9000
  Additional Information 3: 2e07
  Additional Information 4: 2e073306618385ff80227a2109092d69

February 26th, 2014 12:35pm

Internet Explorer 10 crash on exit when any of these settings are enabled: Mandatory ASLR, LoadLib, MemProt, Caller, SimExecFlow, StackPivot.
Free Windows Admin Tool Kit Click here and download it now
February 26th, 2014 1:47pm

If you have experienced application compatibility problems with EMET, please share your experiences on this thread. 


NOPDB.EXE 19.0.0.8 (7.00.0.24) 11/03/2005 21:44 Size: 176,193
Copyright (c) 1997-2005 Symantec Corporation
C:\Program Files\Norton SystemWorks Basic Edition\Norton Utilities\Speed Disk

Running under XP SP3.

With EMET 4.1 DEP set to "Always On" (System Setting) this program errors at boot time with
"cannot write to memory" error. No problems when DEP is set to "Application Opt Out".

- Wayne

February 27th, 2014 3:54am

I don't see anything here about windows update.  If anyone else has this problem I'd be interested in the solution.  Since EMET install time, I always receive error code 80244019 when trying to run windows update.   I have switched to downloading them manually when they appear.   I'd like to know how to enable EMET to allow windows updates to work again.  Have reinstalled the update services and tried stopping and starting a variety of services to re-enable Windows Update. I'm not sure how to turn EMET off... thought about uninstalling but figure if it even blocks the big virus we call windows update, then it can't be all that bad. But, it would be nice to get that automated process working again.
Free Windows Admin Tool Kit Click here and download it now
February 27th, 2014 2:49pm

EMET 5.0, Google Chrome is prevented from running. You have to opt out from caller. Then everything seems to work fine.
March 1st, 2014 8:19pm

Tell me more...   I don't install Google Chrome.  But I am running IE... could there be the same overlap...What do you mean "opt out from the caller"?
Free Windows Admin Tool Kit Click here and download it now
March 1st, 2014 11:29pm

Hi everyone,

I have completed some initial testing of EMET 5.0 Technical Preview (TP) on Windows 7 64 bit and Windows 8.1 64 bit and wished to share my findings.

In general, EMET 5.0 TP with Windows 7 64 bit SP1 needed many changes to its configuration to prevent application crashes either on start up or on exit (mostly on exit). For Windows 8.1 only Google Chrome needed a settings change to prevent it crashing on launch. I have provided a full list of settings below with the config files downloadable from my OneDrive.

According to the following forum thread (and the link below) the many Windows Error Reporting dialogs that are encountered are due to a bug in this preview version of EMET:

http://social.technet.microsoft.com/Forums/security/en-US/8b0149ad-da1b-4de0-a824-b9672cc1fb8a/emet-detected-asr-mitigation-in-iexploreexe-component-adobe-flash-player-120-r0?forum=emet

http://0xdabbad00.com/2014/02/27/emet-5.0-review/

Many thanks to Susan Bradley for highlighting this issue and the multiple ASR prompts issue.

Only the necessary changes to the default configuration of all mitigations being enabled are mentioned below:

In all cases (Windows 7 and Windows 8.1), EAF+, Anti Detours, Banned Functions and Deep Hooks remained enabled.

In addition, only the minimum number of changes needed to have an application work correctly are shown.

The system wide settings for EMET for each version of Windows are provided in the following screenshot links:

System wide Settings Screenshots:

Windows 7:

http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_50_Settings_Win7.png

Windows 8.1:

http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_50_Settings_Win81.png

I hope that this information is helpful to you. Thank you.

========================

Windows 7 64 bit SP1

Adobe Reader XI (v11.0.06): No changes necessary (please see hypothesis post above if you are having issues)

Google Chrome Beta (v34.0.1847.11):  Caller Checks: Disabled

DosBox v0.74: Mandatory ASLR: Disabled

Auslogics Duplicate File Finder v3.5.1.0: Mandatory ASLR: Disabled

Mozilla Firefox v27.0.1:

Load Library Checks: Disabled

Memory Protection Checks: Disabled

Caller Checks: Disabled

Simulate Execution Flow: Disabled

Stack Pivot: Disabled

Internet Explorer 11 64 bit: Mandatory ASLR: Disabled

Notepad++ v6.54: Mandatory ASLR: Disabled

Apple iTunes v11.1.5 64 bit: Mandatory ASLR: Disabled

Skype v6.14.104: No changes necessary.

TrueCrypt 7.1a: Mandatory ASLR: Disabled

VLC v2.1.4 64 bit:  Mandatory ASLR and EAF: Disabled

YouTube Downloader v4.72:

Mandatory ASLR: Disabled

Load Library Checks: Disabled

Memory Protection Checks: Disabled

Caller Checks: Disabled

Simulate Execution Flow: Disabled

Stack Pivot: Disabled

========================

Windows 8.1 64 bit:

Adobe Reader XI (v11.0.06): No changes necessary.

Google Chrome Beta (v34.0.1847.11):  Caller Checks: Disabled

DosBox v0.74: No changes necessary.

Auslogics Duplicate File Finder v3.5.1.0: No changes necessary.

Mozilla Firefox v27.0.1: No changes necessary.

Internet Explorer 11 64 bit: No changes necessary.

Notepad++ 6.54: No changes necessary.

Apple iTunes v11.1.5 64 bit: No changes necessary.

Skype v6.14.104: No changes necessary.

TrueCrypt 7.1a: No changes necessary.

VLC 2.1.4 64 bit:  No changes necessary.

YouTube Downloader v4.72: No changes necessary.

  • Edited by JamesC_836 Wednesday, July 16, 2014 1:53 PM Removed EMET Config File Links
March 2nd, 2014 5:30pm

Hi everyone,

I have completed some initial testing of EMET 5.0 Technical Preview (TP) on Windows 7 64 bit and Windows 8.1 64 bit and wished to share my findings.

In general, EMET 5.0 TP with Windows 7 64 bit SP1 needed many changes to its configuration to prevent application crashes either on start up or on exit (mostly on exit). For Windows 8.1 only Google Chrome needed a settings change to prevent it crashing on launch. I have provided a full list of settings below with the config files downloadable from my OneDrive.

According to the following forum thread (and the link below) the many Windows Error Reporting dialogs that are encountered are due to a bug in this preview version of EMET:

http://social.technet.microsoft.com/Forums/security/en-US/8b0149ad-da1b-4de0-a824-b9672cc1fb8a/emet-detected-asr-mitigation-in-iexploreexe-component-adobe-flash-player-120-r0?forum=emet

http://0xdabbad00.com/2014/02/27/emet-5.0-review/

Many thanks to Susan Bradley for highlighting this issue and the multiple ASR prompts issue.

Only the necessary changes to the default configuration of all mitigations being enabled are mentioned below:

In all cases (Windows 7 and Windows 8.1), EAF+, Anti Detours, Banned Functions and Deep Hooks remained enabled.

In addition, only the minimum number of changes needed to have an application work correctly are shown.

The system wide settings for EMET for each version of Windows are provided in the following screenshot links:

System wide Settings Screenshots:

Windows 7:

http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_50_Settings_Win7.png

Windows 8.1:

http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_50_Settings_Win81.png

I hope that this information is helpful to you. Thank you.

========================

Windows 7 64 bit SP1

Adobe Reader XI (v11.0.06): No changes necessary (please see hypothesis post above if you are having issues)

Google Chrome Beta (v34.0.1847.11):  Caller Checks: Disabled

DosBox v0.74: Mandatory ASLR: Disabled

Auslogics Duplicate File Finder v3.5.1.0: Mandatory ASLR: Disabled

Mozilla Firefox v27.0.1:

Load Library Checks: Disabled

Memory Protection Checks: Disabled

Caller Checks: Disabled

Simulate Execution Flow: Disabled

Stack Pivot: Disabled

Internet Explorer 11 64 bit: Mandatory ASLR: Disabled

Notepad++ v6.54: Mandatory ASLR: Disabled

Apple iTunes v11.1.5 64 bit: Mandatory ASLR: Disabled

Skype v6.14.104: No changes necessary.

TrueCrypt 7.1a: Mandatory ASLR: Disabled

VLC v2.1.4 64 bit:  Mandatory ASLR and EAF: Disabled

YouTube Downloader v4.72:

Mandatory ASLR: Disabled

Load Library Checks: Disabled

Memory Protection Checks: Disabled

Caller Checks: Disabled

Simulate Execution Flow: Disabled

Stack Pivot: Disabled

========================

Windows 8.1 64 bit:

Adobe Reader XI (v11.0.06): No changes necessary.

Google Chrome Beta (v34.0.1847.11):  Caller Checks: Disabled

DosBox v0.74: No changes necessary.

Auslogics Duplicate File Finder v3.5.1.0: No changes necessary.

Mozilla Firefox v27.0.1: No changes necessary.

Internet Explorer 11 64 bit: No changes necessary.

Notepad++ 6.54: No changes necessary.

Apple iTunes v11.1.5 64 bit: No changes necessary.

Skype v6.14.104: No changes necessary.

TrueCrypt 7.1a: No changes necessary.

VLC 2.1.4 64 bit:  No changes necessary.

YouTube Downloader v4.72: No changes necessary.

  • Edited by JamesC_836 Wednesday, July 16, 2014 1:53 PM Removed EMET Config File Links
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2014 5:30pm

Hi everyone,

I have completed some initial testing of EMET 5.0 Technical Preview (TP) on Windows 7 64 bit and Windows 8.1 64 bit and wished to share my findings.

In general, EMET 5.0 TP with Windows 7 64 bit SP1 needed many changes to its configuration to prevent application crashes either on start up or on exit (mostly on exit). For Windows 8.1 only Google Chrome needed a settings change to prevent it crashing on launch. I have provided a full list of settings below with the config files downloadable from my OneDrive.

According to the following forum thread (and the link below) the many Windows Error Reporting dialogs that are encountered are due to a bug in this preview version of EMET:

http://social.technet.microsoft.com/Forums/security/en-US/8b0149ad-da1b-4de0-a824-b9672cc1fb8a/emet-detected-asr-mitigation-in-iexploreexe-component-adobe-flash-player-120-r0?forum=emet

http://0xdabbad00.com/2014/02/27/emet-5.0-review/

Many thanks to Susan Bradley for highlighting this issue and the multiple ASR prompts issue.

Only the necessary changes to the default configuration of all mitigations being enabled are mentioned below:

In all cases (Windows 7 and Windows 8.1), EAF+, Anti Detours, Banned Functions and Deep Hooks remained enabled.

In addition, only the minimum number of changes needed to have an application work correctly are shown.

The system wide settings for EMET for each version of Windows are provided in the following screenshot links:

System wide Settings Screenshots:

Windows 7:

http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_50_Settings_Win7.png

Windows 8.1:

http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_50_Settings_Win81.png

I hope that this information is helpful to you. Thank you.

========================

Windows 7 64 bit SP1

Adobe Reader XI (v11.0.06): No changes necessary (please see hypothesis post above if you are having issues)

Google Chrome Beta (v34.0.1847.11):  Caller Checks: Disabled

DosBox v0.74: Mandatory ASLR: Disabled

Auslogics Duplicate File Finder v3.5.1.0: Mandatory ASLR: Disabled

Mozilla Firefox v27.0.1:

Load Library Checks: Disabled

Memory Protection Checks: Disabled

Caller Checks: Disabled

Simulate Execution Flow: Disabled

Stack Pivot: Disabled

Internet Explorer 11 64 bit: Mandatory ASLR: Disabled

Notepad++ v6.54: Mandatory ASLR: Disabled

Apple iTunes v11.1.5 64 bit: Mandatory ASLR: Disabled

Skype v6.14.104: No changes necessary.

TrueCrypt 7.1a: Mandatory ASLR: Disabled

VLC v2.1.4 64 bit:  Mandatory ASLR and EAF: Disabled

YouTube Downloader v4.72:

Mandatory ASLR: Disabled

Load Library Checks: Disabled

Memory Protection Checks: Disabled

Caller Checks: Disabled

Simulate Execution Flow: Disabled

Stack Pivot: Disabled

========================

Windows 8.1 64 bit:

Adobe Reader XI (v11.0.06): No changes necessary.

Google Chrome Beta (v34.0.1847.11):  Caller Checks: Disabled

DosBox v0.74: No changes necessary.

Auslogics Duplicate File Finder v3.5.1.0: No changes necessary.

Mozilla Firefox v27.0.1: No changes necessary.

Internet Explorer 11 64 bit: No changes necessary.

Notepad++ 6.54: No changes necessary.

Apple iTunes v11.1.5 64 bit: No changes necessary.

Skype v6.14.104: No changes necessary.

TrueCrypt 7.1a: No changes necessary.

VLC 2.1.4 64 bit:  No changes necessary.

YouTube Downloader v4.72: No changes necessary.

  • Edited by JamesC_836 Wednesday, July 16, 2014 1:53 PM Removed EMET Config File Links
March 2nd, 2014 5:30pm

Hi Devid,

I experienced the same behaviour as you on both Windows 7 64 bit SP1 and Windows 8.1 64 bit with regard to Google Chrome. Thanks for pointing out.
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2014 8:27pm

Hi everyone,

Using Google Chrome Beta v34.0.1847.11 with EMET 4.1 when installed on Windows 8.1 64 bit resulted in the Caller Checks mitigation needing to be disabled for Chrome to continue to launch. This did not occur with previous versions of Chrome.

Disabling all extensions (using chrome://extensions) and plugins using (chrome://plugins) still resulted in the same change to EMET being necessary.

Thanks.

March 2nd, 2014 8:28pm

Hi everyone,

I have completed some initial testing of EMET 5.0 Technical Preview (TP) on Windows 7 64 bit and Windows 8.1 64 bit and wished to share my findings.

In general, EMET 5.0 TP with Windows 7 64 bit SP1 needed many changes to its configuration to prevent application crashes either on start up or on exit (mostly on exit). For Windows 8.1 only Google Chrome needed a settings change to prevent it crashing on launch. I have provided a full list of settings below with the config files downloadable from my OneDrive.

According to the following forum thread (and the link below) the many Windows Error Reporting dialogs that are encountered are due to a bug in this preview version of EMET:

http://social.technet.microsoft.com/Forums/security/en-US/8b0149ad-da1b-4de0-a824-b9672cc1fb8a/emet-detected-asr-mitigation-in-iexploreexe-component-adobe-flash-player-120-r0?forum=emet

http://0xdabbad00.com/2014/02/27/emet-5.0-review/

Many thanks to Susan Bradley for highlighting this issue and the multiple ASR prompts issue.

Only the necessary changes to the default configuration of all mitigations being enabled are mentioned below:

In all cases (Windows 7 and Windows 8.1), EAF+, Anti Detours, Banned Functions and Deep Hooks remained enabled.

In addition, only the minimum number of changes needed to have an application work correctly are shown.

The system wide settings for EMET for each version of Windows are provided in the following screenshot links:

System wide Settings Screenshots:

Windows 7:

http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_50_Settings_Win7.png

Windows 8.1:

http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_50_Settings_Win81.png

I hope that this information is helpful to you. Thank you.

========================

Windows 7 64 bit SP1

Adobe Reader XI (v11.0.06): No changes necessary (please see hypothesis post above if you are having issues)

Google Chrome Beta (v34.0.1847.11):  Caller Checks: Disabled

DosBox v0.74: Mandatory ASLR: Disabled

Auslogics Duplicate File Finder v3.5.1.0: Mandatory ASLR: Disabled

Mozilla Firefox v27.0.1:

Load Library Checks: Disabled

Memory Protection Checks: Disabled

Caller Checks: Disabled

Simulate Execution Flow: Disabled

Stack Pivot: Disabled

Internet Explorer 11 64 bit: Mandatory ASLR: Disabled

Notepad++ v6.54: Mandatory ASLR: Disabled

Apple iTunes v11.1.5 64 bit: Mandatory ASLR: Disabled

Skype v6.14.104: No changes necessary.

TrueCrypt 7.1a: Mandatory ASLR: Disabled

VLC v2.1.4 64 bit:  Mandatory ASLR and EAF: Disabled

YouTube Downloader v4.72:

Mandatory ASLR: Disabled

Load Library Checks: Disabled

Memory Protection Checks: Disabled

Caller Checks: Disabled

Simulate Execution Flow: Disabled

Stack Pivot: Disabled

========================

Windows 8.1 64 bit:

Adobe Reader XI (v11.0.06): No changes necessary.

Google Chrome Beta (v34.0.1847.11):  Caller Checks: Disabled

DosBox v0.74: No changes necessary.

Auslogics Duplicate File Finder v3.5.1.0: No changes necessary.

Mozilla Firefox v27.0.1: No changes necessary.

Internet Explorer 11 64 bit: No changes necessary.

Notepad++ 6.54: No changes necessary.

Apple iTunes v11.1.5 64 bit: No changes necessary.

Skype v6.14.104: No changes necessary.

TrueCrypt 7.1a: No changes necessary.

VLC 2.1.4 64 bit:  No changes necessary.

YouTube Downloader v4.72: No changes necessary.

  • Edited by JamesC_836 Wednesday, July 16, 2014 1:53 PM Removed EMET Config File Links
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2014 8:30pm

Hi everyone,

I have completed some initial testing of EMET 5.0 Technical Preview (TP) on Windows 7 64 bit and Windows 8.1 64 bit and wished to share my findings.

In general, EMET 5.0 TP with Windows 7 64 bit SP1 needed many changes to its configuration to prevent application crashes either on start up or on exit (mostly on exit). For Windows 8.1 only Google Chrome needed a settings change to prevent it crashing on launch. I have provided a full list of settings below with the config files downloadable from my OneDrive.

According to the following forum thread (and the link below) the many Windows Error Reporting dialogs that are encountered are due to a bug in this preview version of EMET:

http://social.technet.microsoft.com/Forums/security/en-US/8b0149ad-da1b-4de0-a824-b9672cc1fb8a/emet-detected-asr-mitigation-in-iexploreexe-component-adobe-flash-player-120-r0?forum=emet

http://0xdabbad00.com/2014/02/27/emet-5.0-review/

Many thanks to Susan Bradley for highlighting this issue and the multiple ASR prompts issue.

Only the necessary changes to the default configuration of all mitigations being enabled are mentioned below:

In all cases (Windows 7 and Windows 8.1), EAF+, Anti Detours, Banned Functions and Deep Hooks remained enabled.

In addition, only the minimum number of changes needed to have an application work correctly are shown.

The system wide settings for EMET for each version of Windows are provided in the following screenshot links:

System wide Settings Screenshots:

Windows 7:

http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_50_Settings_Win7.png

Windows 8.1:

http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_50_Settings_Win81.png

I hope that this information is helpful to you. Thank you.

========================

Windows 7 64 bit SP1

Adobe Reader XI (v11.0.06): No changes necessary (please see hypothesis post above if you are having issues)

Google Chrome Beta (v34.0.1847.11):  Caller Checks: Disabled

DosBox v0.74: Mandatory ASLR: Disabled

Auslogics Duplicate File Finder v3.5.1.0: Mandatory ASLR: Disabled

Mozilla Firefox v27.0.1:

Load Library Checks: Disabled

Memory Protection Checks: Disabled

Caller Checks: Disabled

Simulate Execution Flow: Disabled

Stack Pivot: Disabled

Internet Explorer 11 64 bit: Mandatory ASLR: Disabled

Notepad++ v6.54: Mandatory ASLR: Disabled

Apple iTunes v11.1.5 64 bit: Mandatory ASLR: Disabled

Skype v6.14.104: No changes necessary.

TrueCrypt 7.1a: Mandatory ASLR: Disabled

VLC v2.1.4 64 bit:  Mandatory ASLR and EAF: Disabled

YouTube Downloader v4.72:

Mandatory ASLR: Disabled

Load Library Checks: Disabled

Memory Protection Checks: Disabled

Caller Checks: Disabled

Simulate Execution Flow: Disabled

Stack Pivot: Disabled

========================

Windows 8.1 64 bit:

Adobe Reader XI (v11.0.06): No changes necessary.

Google Chrome Beta (v34.0.1847.11):  Caller Checks: Disabled

DosBox v0.74: No changes necessary.

Auslogics Duplicate File Finder v3.5.1.0: No changes necessary.

Mozilla Firefox v27.0.1: No changes necessary.

Internet Explorer 11 64 bit: No changes necessary.

Notepad++ 6.54: No changes necessary.

Apple iTunes v11.1.5 64 bit: No changes necessary.

Skype v6.14.104: No changes necessary.

TrueCrypt 7.1a: No changes necessary.

VLC 2.1.4 64 bit:  No changes necessary.

YouTube Downloader v4.72: No changes necessary.

  • Edited by JamesC_836 Wednesday, July 16, 2014 1:53 PM Removed EMET Config File Links
March 2nd, 2014 8:30pm

Hi everyone,

I have completed some initial testing of EMET 5.0 Technical Preview (TP) on Windows 7 64 bit and Windows 8.1 64 bit and wished to share my findings.

In general, EMET 5.0 TP with Windows 7 64 bit SP1 needed many changes to its configuration to prevent application crashes either on start up or on exit (mostly on exit). For Windows 8.1 only Google Chrome needed a settings change to prevent it crashing on launch. I have provided a full list of settings below with the config files downloadable from my OneDrive.

According to the following forum thread (and the link below) the many Windows Error Reporting dialogs that are encountered are due to a bug in this preview version of EMET:

http://social.technet.microsoft.com/Forums/security/en-US/8b0149ad-da1b-4de0-a824-b9672cc1fb8a/emet-detected-asr-mitigation-in-iexploreexe-component-adobe-flash-player-120-r0?forum=emet

http://0xdabbad00.com/2014/02/27/emet-5.0-review/

Many thanks to Susan Bradley for highlighting this issue and the multiple ASR prompts issue.

Only the necessary changes to the default configuration of all mitigations being enabled are mentioned below:

In all cases (Windows 7 and Windows 8.1), EAF+, Anti Detours, Banned Functions and Deep Hooks remained enabled.

In addition, only the minimum number of changes needed to have an application work correctly are shown.

The system wide settings for EMET for each version of Windows are provided in the following screenshot links:

System wide Settings Screenshots:

Windows 7:

http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_50_Settings_Win7.png

Windows 8.1:

http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_50_Settings_Win81.png

I hope that this information is helpful to you. Thank you.

========================

Windows 7 64 bit SP1

Adobe Reader XI (v11.0.06): No changes necessary (please see hypothesis post above if you are having issues)

Google Chrome Beta (v34.0.1847.11):  Caller Checks: Disabled

DosBox v0.74: Mandatory ASLR: Disabled

Auslogics Duplicate File Finder v3.5.1.0: Mandatory ASLR: Disabled

Mozilla Firefox v27.0.1:

Load Library Checks: Disabled

Memory Protection Checks: Disabled

Caller Checks: Disabled

Simulate Execution Flow: Disabled

Stack Pivot: Disabled

Internet Explorer 11 64 bit: Mandatory ASLR: Disabled

Notepad++ v6.54: Mandatory ASLR: Disabled

Apple iTunes v11.1.5 64 bit: Mandatory ASLR: Disabled

Skype v6.14.104: No changes necessary.

TrueCrypt 7.1a: Mandatory ASLR: Disabled

VLC v2.1.4 64 bit:  Mandatory ASLR and EAF: Disabled

YouTube Downloader v4.72:

Mandatory ASLR: Disabled

Load Library Checks: Disabled

Memory Protection Checks: Disabled

Caller Checks: Disabled

Simulate Execution Flow: Disabled

Stack Pivot: Disabled

========================

Windows 8.1 64 bit:

Adobe Reader XI (v11.0.06): No changes necessary.

Google Chrome Beta (v34.0.1847.11):  Caller Checks: Disabled

DosBox v0.74: No changes necessary.

Auslogics Duplicate File Finder v3.5.1.0: No changes necessary.

Mozilla Firefox v27.0.1: No changes necessary.

Internet Explorer 11 64 bit: No changes necessary.

Notepad++ 6.54: No changes necessary.

Apple iTunes v11.1.5 64 bit: No changes necessary.

Skype v6.14.104: No changes necessary.

TrueCrypt 7.1a: No changes necessary.

VLC 2.1.4 64 bit:  No changes necessary.

YouTube Downloader v4.72: No changes necessary.

  • Edited by JamesC_836 Wednesday, July 16, 2014 1:53 PM Removed EMET Config File Links
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2014 8:30pm

I suppose an experienced user would understand about getting applications recognized within the interface but in general I find it hard to navigate.  After months of problems with Windows Update (first installed 3.5, upgraded to 4.0 then 4.1 and finally 5.0) I gave up and uninstalled EMET but after some thought, attempted a reinstall and now the Windows Updates are working.   That's curious.   I accepted default configurations on all builds.  The reinstall was build 4.1.    I see no one else with Windows Update problems so I can assume I am alone with the problem but it is clear that the interface is rather unfriendly as all here seem to have issues with ASR and ASLR.

On the KREB's site, there is talk about something in the lower right corner that only exists as a refresh button on the versions I've seen.   I suspect that website may be outdated and misleading.   I think it is open season on someone with a good website explaining how to configure the EMET and especially tricky for the EMET developers to find a way to make the interface more user friendly and the tool bar less cluttered with options.

My two cents.  But I like the product regardless of its awkward handling.

March 2nd, 2014 11:24pm

With EMET 4.1 installed, installing WinZip 17.5 causes Microsoft Outlook to not start due to the WinZip ZipSend Outlook add-in.  With EMET 5.0 TP installed, there is no issue.

[R, J: For GUI, the EMET User Guide says to send feedback and suggestions to emet_feedback@microsoft.com]

Free Windows Admin Tool Kit Click here and download it now
March 4th, 2014 6:53pm

He's using DAMN NFO viewer for warez distributions because it's pretty
March 29th, 2014 5:56am

Same Here. I have to disable StackPivot on both 'Outlook.exe' processes listed in the Configuration screen. Not sure why there are two.

Outlook 2010 fully patched

CRM 2011 latest UR15

Free Windows Admin Tool Kit Click here and download it now
April 24th, 2014 6:44pm

Thanks  , I know how to unregister a dll by regsvr32, but it disables Certsenty itself, but surely it's a solution I didn't noticed.

Sorry for quite late reply.

May 7th, 2014 5:50pm

IMHO, these are similar in functionality, but differ in the method of implementation technologies are incompatible, so the living can be only one.
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2014 6:03pm

If you apply any ROP mitigation to iexplorer.exe (I'm using IE11 on Win7x64), Quarri MyPOQ's protected browser will crash.

I'm now using EMET 5.0 RP2.

BTW, am I only one who experience occasional crash of flash player when I apply Heapspray mitigation to firefox.exe & plugincontainer.exe and watch Flash videos?

It happens from time to time, not always, and remove Heapspray from both resolve the problem.

Also when I set ASLR in AlwaysOn, Comodo Cleaning Essentials couldn't finish it's scan.

It always stops (not crash, just silently ends) at Program Files\Internet Explorer\en-US\eula.rtf.

Putting back ASLR to Opt-in resolve the matter.

However, last time I used CCE was several month ago. I'll confirm and maybe report to Comodo when I have a time.

May 7th, 2014 6:05pm

Java 7 Update 55 requires SEHOP to be disabled as well (Win 8.1 Pro, x64, IE11).
Free Windows Admin Tool Kit Click here and download it now
May 9th, 2014 8:09pm

Sorry again, I somehow missed your reply.

Well, similar but different.

AFAIK, so far CertSentry's function is gathering statistical info about certificate revocation checking system, so in the default setting it doesn't offer any additional protection.

But you can make it enforce revocation checking for all apps which uses Microsoft CryptAPI so it protects a user from being fooled by revoked certificate.

OTOH, EMET's pinning demands certain website to show certain certificate (exactly speaking, certificate which belongs to certain root CA), it works when a CA is compromised or made a serious mistake,  malicious people get completely legitimate certificate(s), and then abuse it e.g. launch malicious website with the certificate while trick people by DNS poisoning, or more likely uses the cert for MITM attack.

EMET can prevent such attacks proactively, but CertSentry (with enforced checking) can help only after the CA revoked those compromised certs.

BTW Chrome has same function as EMET pinning.



  • Edited by Yuki2718 Wednesday, May 14, 2014 9:24 AM
May 14th, 2014 9:22am

Sorry again, I somehow missed your reply.

Well, similar but different.

AFAIK, so far CertSentry's function is gathering statistical info about certificate revocation checking system, so in the default setting it doesn't offer any additional protection.

But you can make it enforce revocation checking for all apps which uses Microsoft CryptAPI so it protects a user from being fooled by revoked certificate.

OTOH, EMET's pinning demands certain website to show certain certificate (exactly speaking, certificate which belongs to certain root CA), it works when a CA is compromised or made a serious mistake,  malicious people get completely legitimate certificate(s), and then abuse it e.g. launch malicious website with the certificate while trick people by DNS poisoning, or more likely uses the cert for MITM attack.

EMET can prevent such attacks proactively, but CertSentry (with enforced checking) can help only after the CA revoked those compromised certs.

BTW Chrome has same function as EMET pinning.



  • Edited by Yuki2718 Wednesday, May 14, 2014 9:24 AM
Free Windows Admin Tool Kit Click here and download it now
May 14th, 2014 9:22am

Sorry again, I somehow missed your reply.

Well, similar but different.

AFAIK, so far CertSentry's function is gathering statistical info about certificate revocation checking system, so in the default setting it doesn't offer any additional protection.

But you can make it enforce revocation checking for all apps which uses Microsoft CryptAPI so it protects a user from being fooled by revoked certificate.

OTOH, EMET's pinning demands certain website to show certain certificate (exactly speaking, certificate which belongs to certain root CA), it works when a CA is compromised or made a serious mistake,  malicious people get completely legitimate certificate(s), and then abuse it e.g. launch malicious website with the certificate while trick people by DNS poisoning, or more likely uses the cert for MITM attack.

EMET can prevent such attacks proactively, but CertSentry (with enforced checking) can help only after the CA revoked those compromised certs.

BTW Chrome has same function as EMET pinning.



  • Edited by Yuki2718 Wednesday, May 14, 2014 9:24 AM
May 14th, 2014 9:22am

Sorry again, I somehow missed your reply.

Well, similar but different.

AFAIK, so far CertSentry's function is gathering statistical info about certificate revocation checking system, so in the default setting it doesn't offer any additional protection.

But you can make it enforce revocation checking for all apps which uses Microsoft CryptAPI so it protects a user from being fooled by revoked certificate.

OTOH, EMET's pinning demands certain website to show certain certificate (exactly speaking, certificate which belongs to certain root CA), it works when a CA is compromised or made a serious mistake,  malicious people get completely legitimate certificate(s), and then abuse it e.g. launch malicious website with the certificate while trick people by DNS poisoning, or more likely uses the cert for MITM attack.

EMET can prevent such attacks proactively, but CertSentry (with enforced checking) can help only after the CA revoked those compromised certs.

BTW Chrome has same function as EMET pinning.



  • Edited by Yuki2718 Wednesday, May 14, 2014 9:24 AM
Free Windows Admin Tool Kit Click here and download it now
May 14th, 2014 12:22pm

Sorry again, I somehow missed your reply.

Well, similar but different.

AFAIK, so far CertSentry's function is gathering statistical info about certificate revocation checking system, so in the default setting it doesn't offer any additional protection.

But you can make it enforce revocation checking for all apps which uses Microsoft CryptAPI so it protects a user from being fooled by revoked certificate.

OTOH, EMET's pinning demands certain website to show certain certificate (exactly speaking, certificate which belongs to certain root CA), it works when a CA is compromised or made a serious mistake,  malicious people get completely legitimate certificate(s), and then abuse it e.g. launch malicious website with the certificate while trick people by DNS poisoning, or more likely uses the cert for MITM attack.

EMET can prevent such attacks proactively, but CertSentry (with enforced checking) can help only after the CA revoked those compromised certs.

BTW Chrome has same function as EMET pinning.



  • Edited by Yuki2718 Wednesday, May 14, 2014 9:24 AM
May 14th, 2014 12:22pm

Sorry again, I somehow missed your reply.

Well, similar but different.

AFAIK, so far CertSentry's function is gathering statistical info about certificate revocation checking system, so in the default setting it doesn't offer any additional protection.

But you can make it enforce revocation checking for all apps which uses Microsoft CryptAPI so it protects a user from being fooled by revoked certificate.

OTOH, EMET's pinning demands certain website to show certain certificate (exactly speaking, certificate which belongs to certain root CA), it works when a CA is compromised or made a serious mistake,  malicious people get completely legitimate certificate(s), and then abuse it e.g. launch malicious website with the certificate while trick people by DNS poisoning, or more likely uses the cert for MITM attack.

EMET can prevent such attacks proactively, but CertSentry (with enforced checking) can help only after the CA revoked those compromised certs.

BTW Chrome has same function as EMET pinning.



  • Edited by Yuki2718 Wednesday, May 14, 2014 9:24 AM
Free Windows Admin Tool Kit Click here and download it now
May 14th, 2014 12:22pm

Hi, I'm using Windows Server 2008 Enterprise (Build 6002, SP2) 64-bit English running as the only productive domain controller, IIS and SQL-Server and I updated EMET from 4.1 to 5.0TP2 and after reboot the system didn't start anymore. First I had to circumvent a hardware problem (with a monitor connected, the harddrive doesn't start), then I couldn't log in due to missing cached credentials (I always log in remotely) and couldn't find the DomainAdmin password. Finally I could log in with SafeMode+Net, but uninstalling EMET is not possible in SafeMode. After I got that solved I could boot again. Trying to install EMET4.1U1 caused the same problems. It seems like the following applications are crashing, sometimes with error "DEP detected", sometimes they simply crash and EMET doesn't even detect the module. But finally, with some tweaking, I got it working. Here's the list of non-compatible programs, all of them don't work with EAF (Export Address Table Access Filtering) and run fine with EAF turned off (all are .exe):

  • EMET_GUI
  • EMET_Agent
  • Explorer
  • mmc
  • taskeng (Task Scheduler Engine)
  • Dwm (Desktop Window Manager)
  • lsass (*)
  • lsm (*)
  • services (*)
  • svchost (*)
  • w3wp
  • inetmgr
  • dns
  • ismserv
  • msdtc
  • spoolsv
  • dfssvc
  • inetinfo
  • DFSRs
  • NamecheapDDNSClient
  • sqlservr
  • sqlwriter
  • SQLAGENT
  • iexplore

The ones with the star (*) are responsible for not being able to boot. All generic options are enabled or at highest level.

Why is EAF for most applications not working? Is there some general incompatibility with Windows Server 2008? Would you recommend to turn off EAF for all applications, even for those that seem to work (like RegEdit)? Or is the machine pwned?

May 17th, 2014 3:11am

We have noticed that Google Chrome web browser has started to cause dozens of "EMET detected Caller Mitigation and will close the application: chrome.exe" errors when started since 5/21/2014, and have found a related article: http://www.chromium.org/Home/chromium-security/chromium-and-emet.

Update: Unfortunately, adding a number of variations of the path including just "chrome.exe -Caller" into the group policy "Application Configuration" section didn't work to override the setting for Chrome used in the "Default Protections for Popular Software" section of group policy.  To get it to work we had to manually change the chrome line in the group policy .admx file to "<string>*\Google\Chrome\Application\chrome.exe -SEHOP -Caller</string>" and then change the Popular Software section in group policy to Not Configured and then Enabled again.

Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2014 3:57pm

We have noticed that Google Chrome web browser has started to cause dozens of "EMET detected Caller Mitigation and will close the application: chrome.exe" errors when started since 5/21/2014, and have found a related article: http://www.chromium.org/Home/chromium-security/chromium-and-emet.

Update: Unfortunately, adding a number of variations of the path including just "chrome.exe -Caller" into the group policy "Application Configuration" section didn't work to override the setting for Chrome used in the "Default Protections for Popular Software" section of group policy.  To get it to work we had to manually change the chrome line in the group policy .admx file to "<string>*\Google\Chrome\Application\chrome.exe -SEHOP -Caller</string>" and then change the Popular Software section in group policy to Not Configured and then Enabled again.

May 22nd, 2014 3:57pm

We have noticed that Google Chrome web browser has started to cause dozens of "EMET detected Caller Mitigation and will close the application: chrome.exe" errors when started since 5/21/2014, and have found a related article: http://www.chromium.org/Home/chromium-security/chromium-and-emet.

Update: Unfortunately, adding a number of variations of the path including just "chrome.exe -Caller" into the group policy "Application Configuration" section didn't work to override the setting for Chrome used in the "Default Protections for Popular Software" section of group policy.  To get it to work we had to manually change the chrome line in the group policy .admx file to "<string>*\Google\Chrome\Application\chrome.exe -SEHOP -Caller</string>" and then change the Popular Software section in group policy to Not Configured and then Enabled again.

Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2014 3:57pm

We have noticed that Google Chrome web browser has started to cause dozens of "EMET detected Caller Mitigation and will close the application: chrome.exe" errors when started since 5/21/2014, and have found a related article: http://www.chromium.org/Home/chromium-security/chromium-and-emet.

Update: Unfortunately, adding a number of variations of the path including just "chrome.exe -Caller" into the group policy "Application Configuration" section didn't work to override the setting for Chrome used in the "Default Protections for Popular Software" section of group policy.  To get it to work we had to manually change the chrome line in the group policy .admx file to "<string>*\Google\Chrome\Application\chrome.exe -SEHOP -Caller</string>" and then change the Popular Software section in group policy to Not Configured and then Enabled again.

May 22nd, 2014 3:57pm

We have noticed that Google Chrome web browser has started to cause dozens of "EMET detected Caller Mitigation and will close the application: chrome.exe" errors when started since 5/21/2014, and have found a related article: http://www.chromium.org/Home/chromium-security/chromium-and-emet.

Update: Unfortunately, adding a number of variations of the path including just "chrome.exe -Caller" into the group policy "Application Configuration" section didn't work to override the setting for Chrome used in the "Default Protections for Popular Software" section of group policy.  To get it to work we had to manually change the chrome line in the group policy .admx file to "<string>*\Google\Chrome\Application\chrome.exe -SEHOP -Caller</string>" and then change the Popular Software section in group policy to Not Configured and then Enabled again.

Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2014 6:57pm

We have noticed that Google Chrome web browser has started to cause dozens of "EMET detected Caller Mitigation and will close the application: chrome.exe" errors when started since 5/21/2014, and have found a related article: http://www.chromium.org/Home/chromium-security/chromium-and-emet.

Update: Unfortunately, adding a number of variations of the path including just "chrome.exe -Caller" into the group policy "Application Configuration" section didn't work to override the setting for Chrome used in the "Default Protections for Popular Software" section of group policy.  To get it to work we had to manually change the chrome line in the group policy .admx file to "<string>*\Google\Chrome\Application\chrome.exe -SEHOP -Caller</string>" and then change the Popular Software section in group policy to Not Configured and then Enabled again.

May 22nd, 2014 6:57pm

We have noticed that Google Chrome web browser has started to cause dozens of "EMET detected Caller Mitigation and will close the application: chrome.exe" errors when started since 5/21/2014, and have found a related article: http://www.chromium.org/Home/chromium-security/chromium-and-emet.

Update: Unfortunately, adding a number of variations of the path including just "chrome.exe -Caller" into the group policy "Application Configuration" section didn't work to override the setting for Chrome used in the "Default Protections for Popular Software" section of group policy.  To get it to work we had to manually change the chrome line in the group policy .admx file to "<string>*\Google\Chrome\Application\chrome.exe -SEHOP -Caller</string>" and then change the Popular Software section in group policy to Not Configured and then Enabled again.

Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2014 6:57pm

EMET 4.1 U1 and Windows 7 SP1 x86.

Personal Software Inspector (PSI) - after scanning for vulnerable applications and closing PSI, crashes psia.exe code C0000005. For normal operation of PSI must disable DEP for psia.exe.

Screamer Radio - To run the application, you must disable all the values in the ROP - LoadLib, MemProt, Caller, SimExecFlow, StackPivot.

KeePass 1.27 released - often, but not always, a message appears, when you drag and drop your password - "EMET detected DEP mitigation and will close the application: C:\Program Files\KeePass Password Safe\KeePass.exe"

  • Edited by Friday, June 06, 2014 2:29 PM
May 26th, 2014 12:20pm

EMET 4.1 U1 and Windows 7 SP1 x86.

Personal Software Inspector (PSI) - after scanning for vulnerable applications and closing PSI, crashes psia.exe code C0000005. For normal operation of PSI must disable DEP for psia.exe.

Screamer Radio - To run the application, you must disable all the values in the ROP - LoadLib, MemProt, Caller, SimExecFlow, StackPivot.

KeePass 1.27 released - often, but not always, a message appears, when you drag and drop your password - "EMET detected DEP mitigation and will close the application: C:\Program Files\KeePass Password Safe\KeePass.exe"

  • Edited by Friday, June 06, 2014 2:29 PM
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2014 12:20pm

EMET 4.1 U1 and Windows 7 SP1 x86.

Personal Software Inspector (PSI) - after scanning for vulnerable applications and closing PSI, crashes psia.exe code C0000005. For normal operation of PSI must disable DEP for psia.exe.

Screamer Radio - To run the application, you must disable all the values in the ROP - LoadLib, MemProt, Caller, SimExecFlow, StackPivot.

KeePass 1.27 released - often, but not always, a message appears, when you drag and drop your password - "EMET detected DEP mitigation and will close the application: C:\Program Files\KeePass Password Safe\KeePass.exe"

  • Edited by Friday, June 06, 2014 2:29 PM
May 26th, 2014 12:20pm

EMET 4.1 U1 and Windows 7 SP1 x86.

Personal Software Inspector (PSI) - after scanning for vulnerable applications and closing PSI, crashes psia.exe code C0000005. For normal operation of PSI must disable DEP for psia.exe.

Screamer Radio - To run the application, you must disable all the values in the ROP - LoadLib, MemProt, Caller, SimExecFlow, StackPivot.

KeePass 1.27 released - often, but not always, a message appears, when you drag and drop your password - "EMET detected DEP mitigation and will close the application: C:\Program Files\KeePass Password Safe\KeePass.exe"

  • Edited by Friday, June 06, 2014 2:29 PM
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2014 3:20pm

EMET 4.1 U1 and Windows 7 SP1 x86.

Personal Software Inspector (PSI) - after scanning for vulnerable applications and closing PSI, crashes psia.exe code C0000005. For normal operation of PSI must disable DEP for psia.exe.

Screamer Radio - To run the application, you must disable all the values in the ROP - LoadLib, MemProt, Caller, SimExecFlow, StackPivot.

KeePass 1.27 released - often, but not always, a message appears, when you drag and drop your password - "EMET detected DEP mitigation and will close the application: C:\Program Files\KeePass Password Safe\KeePass.exe"

  • Edited by Friday, June 06, 2014 2:29 PM
May 26th, 2014 3:20pm

EMET 4.1 U1 and Windows 7 SP1 x86.

Personal Software Inspector (PSI) - after scanning for vulnerable applications and closing PSI, crashes psia.exe code C0000005. For normal operation of PSI must disable DEP for psia.exe.

Screamer Radio - To run the application, you must disable all the values in the ROP - LoadLib, MemProt, Caller, SimExecFlow, StackPivot.

KeePass 1.27 released - often, but not always, a message appears, when you drag and drop your password - "EMET detected DEP mitigation and will close the application: C:\Program Files\KeePass Password Safe\KeePass.exe"

  • Edited by Friday, June 06, 2014 2:29 PM
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2014 3:20pm

After I installed this, my user account control access was changed and I now no longer have administrative rights and don't know how to fix this.  Very very frustrating. Sorry I ever downloaded it.
June 3rd, 2014 5:59am

EMET 4.1 U1 and Windows 7 SP1 x86.

ImgBurn v2.5.8.0 - SimExecFlow

Recuva 1.51.0.1063 -  Caller.

Free Windows Admin Tool Kit Click here and download it now
June 6th, 2014 5:28pm

Chrome.exe issue is fixed after installing EMET 4.1 Update 1

http://www.microsoft.com/en-us/download/details.aspx?id=41138

June 6th, 2014 10:55pm

Chrome Caller Mitigation fixed by installing EMET 4.1 Update 1

http://itcalls.blogspot.com/2014/06/emet-detected-caller-mitigation-and.html

Free Windows Admin Tool Kit Click here and download it now
June 8th, 2014 10:43am

I'm running EMET 4.1 Update 1.  We have some users that have to connect to another network from time to time.  When they switch networks, they get a Telco Systems' EdgeGenie error.  "Could not create the Java Virtual Machine."  Disabling mitigations didn't help.  The only way I could get the virtual machines to create is uninstalling EMET.

--UPDATE--

I was able to get EMET 4.1 Update 1 to work by turning off every mitigation except DEP, SEHOP, NullPage and BottomUpASLR.  I had to use a config file.  If I use group policy to enforce mitigation, the java virtual machines crash.

  • Edited by ShoMeNick Wednesday, June 11, 2014 1:35 PM Update Post
June 9th, 2014 4:40pm

I'm running EMET 4.1 Update 1.  We have some users that have to connect to another network from time to time.  When they switch networks, they get a Telco Systems' EdgeGenie error.  "Could not create the Java Virtual Machine."  Disabling mitigations didn't help.  The only way I could get the virtual machines to create is uninstalling EMET.

--UPDATE--

I was able to get EMET 4.1 Update 1 to work by turning off every mitigation except DEP, SEHOP, NullPage and BottomUpASLR.  I had to use a config file.  If I use group policy to enforce mitigation, the java virtual machines crash.

  • Edited by ShoMeNick Wednesday, June 11, 2014 1:35 PM Update Post
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2014 4:40pm

I'm running EMET 4.1 Update 1.  We have some users that have to connect to another network from time to time.  When they switch networks, they get a Telco Systems' EdgeGenie error.  "Could not create the Java Virtual Machine."  Disabling mitigations didn't help.  The only way I could get the virtual machines to create is uninstalling EMET.

--UPDATE--

I was able to get EMET 4.1 Update 1 to work by turning off every mitigation except DEP, SEHOP, NullPage and BottomUpASLR.  I had to use a config file.  If I use group policy to enforce mitigation, the java virtual machines crash.

  • Edited by ShoMeNick Wednesday, June 11, 2014 1:35 PM Update Post
June 9th, 2014 4:40pm

I'm running EMET 4.1 Update 1.  We have some users that have to connect to another network from time to time.  When they switch networks, they get a Telco Systems' EdgeGenie error.  "Could not create the Java Virtual Machine."  Disabling mitigations didn't help.  The only way I could get the virtual machines to create is uninstalling EMET.

--UPDATE--

I was able to get EMET 4.1 Update 1 to work by turning off every mitigation except DEP, SEHOP, NullPage and BottomUpASLR.  I had to use a config file.  If I use group policy to enforce mitigation, the java virtual machines crash.

  • Edited by ShoMeNick Wednesday, June 11, 2014 1:35 PM Update Post
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2014 7:40pm

I'm running EMET 4.1 Update 1.  We have some users that have to connect to another network from time to time.  When they switch networks, they get a Telco Systems' EdgeGenie error.  "Could not create the Java Virtual Machine."  Disabling mitigations didn't help.  The only way I could get the virtual machines to create is uninstalling EMET.

--UPDATE--

I was able to get EMET 4.1 Update 1 to work by turning off every mitigation except DEP, SEHOP, NullPage and BottomUpASLR.  I had to use a config file.  If I use group policy to enforce mitigation, the java virtual machines crash.

  • Edited by ShoMeNick Wednesday, June 11, 2014 1:35 PM Update Post
June 9th, 2014 7:40pm

I'm running EMET 4.1 Update 1.  We have some users that have to connect to another network from time to time.  When they switch networks, they get a Telco Systems' EdgeGenie error.  "Could not create the Java Virtual Machine."  Disabling mitigations didn't help.  The only way I could get the virtual machines to create is uninstalling EMET.

--UPDATE--

I was able to get EMET 4.1 Update 1 to work by turning off every mitigation except DEP, SEHOP, NullPage and BottomUpASLR.  I had to use a config file.  If I use group policy to enforce mitigation, the java virtual machines crash.

  • Edited by ShoMeNick Wednesday, June 11, 2014 1:35 PM Update Post
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2014 7:40pm

Latest Adobe Flash ActiveX control installer crashes on Win7 SP1 x64 running EMET 4.1 Update 1. Figured out that I have to disable ASLR under System Status and reboot, install Flash, then enable ASLR and reboot again.

Faulting application name: install_flashplayer14x32ax_gtbd_awe_aih.exe, version: 3.5.4.25, time stamp: 0x537d2fbd
Faulting module name: install_flashplayer14x32ax_gtbd_awe_aih.exe, version: 3.5.4.25, time stamp: 0x537d2fbd
Exception code: 0xc0000005
Fault offset: 0x00065ea4
Faulting process id: 0xfbc
Faulting application start time: 0x01cf8b15d91bfdd0
Faulting application path: C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFH7ATP7\install_flashplayer14x32ax_gtbd_awe_aih.exe
Faulting module path: C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFH7ATP7\install_flashplayer14x32ax_gtbd_awe_aih.exe
Report Id: 17cffa14-f709-11e3-bbb7-005056c00001


  • Edited by Lucas Z. _ Wednesday, July 16, 2014 5:50 PM
June 18th, 2014 5:48pm

Latest Adobe Flash ActiveX control installer crashes on Win7 SP1 x64 running EMET 4.1 Update 1. Figured out that I have to disable ASLR under System Status and reboot, install Flash, then enable ASLR and reboot again.

Faulting application name: install_flashplayer14x32ax_gtbd_awe_aih.exe, version: 3.5.4.25, time stamp: 0x537d2fbd
Faulting module name: install_flashplayer14x32ax_gtbd_awe_aih.exe, version: 3.5.4.25, time stamp: 0x537d2fbd
Exception code: 0xc0000005
Fault offset: 0x00065ea4
Faulting process id: 0xfbc
Faulting application start time: 0x01cf8b15d91bfdd0
Faulting application path: C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFH7ATP7\install_flashplayer14x32ax_gtbd_awe_aih.exe
Faulting module path: C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFH7ATP7\install_flashplayer14x32ax_gtbd_awe_aih.exe
Report Id: 17cffa14-f709-11e3-bbb7-005056c00001


  • Edited by Lucas Z. _ Wednesday, July 16, 2014 5:50 PM
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2014 5:48pm

Latest Adobe Flash ActiveX control installer crashes on Win7 SP1 x64 running EMET 4.1 Update 1. Figured out that I have to disable ASLR under System Status and reboot, install Flash, then enable ASLR and reboot again.

Faulting application name: install_flashplayer14x32ax_gtbd_awe_aih.exe, version: 3.5.4.25, time stamp: 0x537d2fbd
Faulting module name: install_flashplayer14x32ax_gtbd_awe_aih.exe, version: 3.5.4.25, time stamp: 0x537d2fbd
Exception code: 0xc0000005
Fault offset: 0x00065ea4
Faulting process id: 0xfbc
Faulting application start time: 0x01cf8b15d91bfdd0
Faulting application path: C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFH7ATP7\install_flashplayer14x32ax_gtbd_awe_aih.exe
Faulting module path: C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFH7ATP7\install_flashplayer14x32ax_gtbd_awe_aih.exe
Report Id: 17cffa14-f709-11e3-bbb7-005056c00001


  • Edited by Lucas Z. _ Wednesday, July 16, 2014 5:50 PM
June 18th, 2014 5:48pm

Latest Adobe Flash ActiveX control installer crashes on Win7 SP1 x64 running EMET 4.1 Update 1. Figured out that I have to disable ASLR under System Status and reboot, install Flash, then enable ASLR and reboot again.

Faulting application name: install_flashplayer14x32ax_gtbd_awe_aih.exe, version: 3.5.4.25, time stamp: 0x537d2fbd
Faulting module name: install_flashplayer14x32ax_gtbd_awe_aih.exe, version: 3.5.4.25, time stamp: 0x537d2fbd
Exception code: 0xc0000005
Fault offset: 0x00065ea4
Faulting process id: 0xfbc
Faulting application start time: 0x01cf8b15d91bfdd0
Faulting application path: C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFH7ATP7\install_flashplayer14x32ax_gtbd_awe_aih.exe
Faulting module path: C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFH7ATP7\install_flashplayer14x32ax_gtbd_awe_aih.exe
Report Id: 17cffa14-f709-11e3-bbb7-005056c00001


  • Edited by Lucas Z. _ Wednesday, July 16, 2014 5:50 PM
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2014 8:48pm

Latest Adobe Flash ActiveX control installer crashes on Win7 SP1 x64 running EMET 4.1 Update 1. Figured out that I have to disable ASLR under System Status and reboot, install Flash, then enable ASLR and reboot again.

Faulting application name: install_flashplayer14x32ax_gtbd_awe_aih.exe, version: 3.5.4.25, time stamp: 0x537d2fbd
Faulting module name: install_flashplayer14x32ax_gtbd_awe_aih.exe, version: 3.5.4.25, time stamp: 0x537d2fbd
Exception code: 0xc0000005
Fault offset: 0x00065ea4
Faulting process id: 0xfbc
Faulting application start time: 0x01cf8b15d91bfdd0
Faulting application path: C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFH7ATP7\install_flashplayer14x32ax_gtbd_awe_aih.exe
Faulting module path: C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFH7ATP7\install_flashplayer14x32ax_gtbd_awe_aih.exe
Report Id: 17cffa14-f709-11e3-bbb7-005056c00001


  • Edited by Lucas Z. _ Wednesday, July 16, 2014 5:50 PM
June 18th, 2014 8:48pm

Latest Adobe Flash ActiveX control installer crashes on Win7 SP1 x64 running EMET 4.1 Update 1. Figured out that I have to disable ASLR under System Status and reboot, install Flash, then enable ASLR and reboot again.

Faulting application name: install_flashplayer14x32ax_gtbd_awe_aih.exe, version: 3.5.4.25, time stamp: 0x537d2fbd
Faulting module name: install_flashplayer14x32ax_gtbd_awe_aih.exe, version: 3.5.4.25, time stamp: 0x537d2fbd
Exception code: 0xc0000005
Fault offset: 0x00065ea4
Faulting process id: 0xfbc
Faulting application start time: 0x01cf8b15d91bfdd0
Faulting application path: C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFH7ATP7\install_flashplayer14x32ax_gtbd_awe_aih.exe
Faulting module path: C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFH7ATP7\install_flashplayer14x32ax_gtbd_awe_aih.exe
Report Id: 17cffa14-f709-11e3-bbb7-005056c00001


  • Edited by Lucas Z. _ Wednesday, July 16, 2014 5:50 PM
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2014 8:48pm

Running EMET 5.0 TP3 on Windows 8.1 x64


EMET detected ASR mitigation in IEXPLORE.EXE

ASR check failed:
  Application  : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  Module  : scrrun.dll
  Web address  : http://catalog.update.microsoft.com/v7/site/Search.aspx?q=root%20certificate%20update
  Url zone  : Internet

scrrun.dll

Name:                   Scripting.Dictionary
Publisher:              Microsoft Corporation
Type:                   ActiveX Control
Architecture:           32-bit and 64-bit
Version:                5.8.9600.16384
Class ID:               {EE09B103-97E0-11CF-978F-00A02463E06F}
File:                   scrrun.dll
Folder:                 C:\Windows\System32

Thanks,

Tero

June 25th, 2014 4:02pm

Interesting, I have been having multiple crashes with Opera and Internet Explorer, and I am examining logs now and testing to see if this is Emet's fault.

Please post if you have any crashes with these browsers.

thanks

Free Windows Admin Tool Kit Click here and download it now
June 25th, 2014 9:04pm

Install McAFEE HIPS 8 Patch 4

Problem
When the Microsoft Enhanced Mitigation Experience Toolkit (EMET) software is installed on a system running the Host IPS software and the EMET "Deep Hooks" feature is enabled, any application that is hooked by both EMET and Host IPS will become unresponsive on start up.

Cause
When Host IPS functionality is enabled, along with Microsoft EMET "Deep Hooks" functionality, both products attempt to protect an application with similar hooking functionality. 

Solution
This issue is resolved for Host IPS 8.0 in Host IPS 8.0 Patch 4, released in February 2014. For known issues, see KB78494. For Release Notes, see PD25043.

June 26th, 2014 3:36am

It seems as though there are a lot of issues with this, is it really worth it?  I am sure it is not for me as I don't understand most of what you folks are talking about.  I was really hoping that I could use this on my XP System but I don't know it I want the headache.

Also interested in why the members here don't have there configuration posted so that others will be able to utilize this information properly?

Oh, I am sorry It appears this is just for reporting issues? I will look around to see if I can post questions somewhere.
  • Edited by pcpunk Wednesday, July 09, 2014 2:16 AM
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2014 2:09am

It seems as though there are a lot of issues with this, is it really worth it?  I am sure it is not for me as I don't understand most of what you folks are talking about.  I was really hoping that I could use this on my XP System but I don't know it I want the headache.

Also interested in why the members here don't have there configuration posted so that others will be able to utilize this information properly?

Oh, I am sorry It appears this is just for reporting issues? I will look around to see if I can post questions somewhere.
  • Edited by pcpunk Wednesday, July 09, 2014 2:16 AM
July 9th, 2014 2:09am

It seems as though there are a lot of issues with this, is it really worth it?  I am sure it is not for me as I don't understand most of what you folks are talking about.  I was really hoping that I could use this on my XP System but I don't know it I want the headache.

Also interested in why the members here don't have there configuration posted so that others will be able to utilize this information properly?

Oh, I am sorry It appears this is just for reporting issues? I will look around to see if I can post questions somewhere.
  • Edited by pcpunk Wednesday, July 09, 2014 2:16 AM
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2014 2:09am

It seems as though there are a lot of issues with this, is it really worth it?  I am sure it is not for me as I don't understand most of what you folks are talking about.  I was really hoping that I could use this on my XP System but I don't know it I want the headache.

Also interested in why the members here don't have there configuration posted so that others will be able to utilize this information properly?

Oh, I am sorry It appears this is just for reporting issues? I will look around to see if I can post questions somewhere.
  • Edited by pcpunk Wednesday, July 09, 2014 2:16 AM
July 9th, 2014 5:09am

It seems as though there are a lot of issues with this, is it really worth it?  I am sure it is not for me as I don't understand most of what you folks are talking about.  I was really hoping that I could use this on my XP System but I don't know it I want the headache.

Also interested in why the members here don't have there configuration posted so that others will be able to utilize this information properly?

Oh, I am sorry It appears this is just for reporting issues? I will look around to see if I can post questions somewhere.
  • Edited by pcpunk Wednesday, July 09, 2014 2:16 AM
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2014 5:09am

It seems as though there are a lot of issues with this, is it really worth it?  I am sure it is not for me as I don't understand most of what you folks are talking about.  I was really hoping that I could use this on my XP System but I don't know it I want the headache.

Also interested in why the members here don't have there configuration posted so that others will be able to utilize this information properly?

Oh, I am sorry It appears this is just for reporting issues? I will look around to see if I can post questions somewhere.
  • Edited by pcpunk Wednesday, July 09, 2014 2:16 AM
July 9th, 2014 5:09am

I haven't experienced PSI issue.

I made DEP setting AlwaysOn and even added psi.exe, psia.exe and psi_tray.exe into app config, disabled EAF+, LoadLib, caller, and SimExecFlow (not because specific problem, but just to avoid unexpected problem as those mitigation often cause problem), then no problem found.

EMET5.0 TP3; Win7 SP1 x64

Free Windows Admin Tool Kit Click here and download it now
July 11th, 2014 4:04pm

It's not an issue, but it is how ASR mitigation work.

If you don't want it, you can configure ASR mitigation in iexplore.exe.

In app config screen, select iexplorer.exe and click "Show All Settings".

Then remove scrrun.dll from ASR tab.

BTW, I admit it's annoying every time we have to see ASR warning when it comes into play.

I made custom rules for Adobe Reader which disable scripts, 3D contents, and flash.

Then every time the reader try to use those function, warning come.

I want to DISABLE ONLY ASR WARNING while keep all other warnings active. 

July 11th, 2014 4:12pm

EMET 4.1 U1 and Windows 7 SP1 x86.

After the July update of the Windows 7 there are many positives Emet, then appear in the journal describing the error with frequent mention msvcrt.dll.

Download Master - dmaster.exe - SimExecFlow (in the journal referred to msvcrt.dll)

C:\Windows\system32\mrt.exe - Caller  (in the journal referred to msvcrt.dll)

C:\Windows\system32\Wat\WatAdminSvc.exe - Caller +  SimExecFlow (in the journal referred to msvcrt.dll)  

Firefox.exe 24.6.0.5273  -  0xc0000005 - DEP (Memory).

  • Edited by Saturday, July 19, 2014 3:56 PM
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2014 3:25pm

EMET 4.1 U1 and Windows 7 SP1 x86.

After the July update of the Windows 7 there are many positives Emet, then appear in the journal describing the error with frequent mention msvcrt.dll.

Download Master - dmaster.exe - SimExecFlow (in the journal referred to msvcrt.dll)

C:\Windows\system32\mrt.exe - Caller  (in the journal referred to msvcrt.dll)

C:\Windows\system32\Wat\WatAdminSvc.exe - Caller +  SimExecFlow (in the journal referred to msvcrt.dll)  

Firefox.exe 24.6.0.5273  -  0xc0000005 - DEP (Memory).

  • Edited by Saturday, July 19, 2014 3:56 PM
July 19th, 2014 3:25pm

EMET 4.1 U1 and Windows 7 SP1 x86.

After the July update of the Windows 7 there are many positives Emet, then appear in the journal describing the error with frequent mention msvcrt.dll.

Download Master - dmaster.exe - SimExecFlow (in the journal referred to msvcrt.dll)

C:\Windows\system32\mrt.exe - Caller  (in the journal referred to msvcrt.dll)

C:\Windows\system32\Wat\WatAdminSvc.exe - Caller +  SimExecFlow (in the journal referred to msvcrt.dll)  

Firefox.exe 24.6.0.5273  -  0xc0000005 - DEP (Memory).

  • Edited by Saturday, July 19, 2014 3:56 PM
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2014 3:25pm

EMET 4.1 U1 and Windows 7 SP1 x86.

After the July update of the Windows 7 there are many positives Emet, then appear in the journal describing the error with frequent mention msvcrt.dll.

Download Master - dmaster.exe - SimExecFlow (in the journal referred to msvcrt.dll)

C:\Windows\system32\mrt.exe - Caller  (in the journal referred to msvcrt.dll)

C:\Windows\system32\Wat\WatAdminSvc.exe - Caller +  SimExecFlow (in the journal referred to msvcrt.dll)  

Firefox.exe 24.6.0.5273  -  0xc0000005 - DEP (Memory).

  • Edited by Saturday, July 19, 2014 3:56 PM
July 19th, 2014 6:25pm

EMET 4.1 U1 and Windows 7 SP1 x86.

After the July update of the Windows 7 there are many positives Emet, then appear in the journal describing the error with frequent mention msvcrt.dll.

Download Master - dmaster.exe - SimExecFlow (in the journal referred to msvcrt.dll)

C:\Windows\system32\mrt.exe - Caller  (in the journal referred to msvcrt.dll)

C:\Windows\system32\Wat\WatAdminSvc.exe - Caller +  SimExecFlow (in the journal referred to msvcrt.dll)  

Firefox.exe 24.6.0.5273  -  0xc0000005 - DEP (Memory).

  • Edited by Saturday, July 19, 2014 3:56 PM
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2014 6:25pm

EMET 4.1 U1 and Windows 7 SP1 x86.

After the July update of the Windows 7 there are many positives Emet, then appear in the journal describing the error with frequent mention msvcrt.dll.

Download Master - dmaster.exe - SimExecFlow (in the journal referred to msvcrt.dll)

C:\Windows\system32\mrt.exe - Caller  (in the journal referred to msvcrt.dll)

C:\Windows\system32\Wat\WatAdminSvc.exe - Caller +  SimExecFlow (in the journal referred to msvcrt.dll)  

Firefox.exe 24.6.0.5273  -  0xc0000005 - DEP (Memory).

  • Edited by Saturday, July 19, 2014 3:56 PM
July 19th, 2014 6:25pm

Since upgrading to 5.0 on Windows 7 x64 SP1 I experience crashes with a number of different programs. Often (but not always) when using the Windows save file or Windows open file dialog the given program would crash. EMET would not detect any attack or similar but disabling EMET for the given program completely gets rid of the crashes.
Free Windows Admin Tool Kit Click here and download it now
August 3rd, 2014 4:28pm

Same problem here.

Since 5.0 I can for example still run wmplayer.exe without problems, but if I try to start it opening a video file, wmplayer.exe will crash in EMET.DLL. This is the case on several machines running Windows 8.1 or Windows 7.

August 4th, 2014 10:59am

EMET 5.0.5324.31804
Windows 8.1 Pro (Up-to-date)

I had to disable the "Stack Pivot" mitigation to make Skype (6.18.0.105, Desktop version) work. Otherwise the process would just crash after a few seconds without any GUI appearing. "EAF", "EAF+" and "ASR" were already disabled by default.

Event Log entry (in german):
Name der fehlerhaften Anwendung: Skype.exe, Version: 6.18.0.105, Zeitstempel: 0x53b3f36a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x000006a6
Fehleroffset: 0x00011d4d
ID des fehlerhaften Prozesses: 0x1034
Startzeit der fehlerhaften Anwendung: 0x01cfb00706ddde85
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll
Berichtskennung: 45191bab-1bfa-11e4-8283-74d435819821

Free Windows Admin Tool Kit Click here and download it now
August 4th, 2014 8:28pm

The following crash in EMET 5.0 that didn't in EMET 4.1.1:

Adobe Premiere CS4 - *\Adobe Premiere Pro.exe
Crashes when opening a new project.  Stores a 'EMET detected DEP mitigation and will close the application' error in Event Viewer, however it's EAF and StackPiviot that need disabling, not DEP.

Adobe Bridge CS4 - *\Bridge.exe
Crashes when right-clicking on an image and going to 'File Info'.  Stores a 'EMET detected DEP mitigation and will close the application' error in Event Viewer, however it's EAF and StackPiviot that need disabling, not DEP.


  • Edited by AnaBna Monday, August 11, 2014 2:02 AM
August 11th, 2014 2:02am

The following crash in EMET 5.0 that didn't in EMET 4.1.1:

Adobe Premiere CS4 - *\Adobe Premiere Pro.exe
Crashes when opening a new project.  Stores a 'EMET detected DEP mitigation and will close the application' error in Event Viewer, however it's EAF and StackPiviot that need disabling, not DEP.

Adobe Bridge CS4 - *\Bridge.exe
Crashes when right-clicking on an image and going to 'File Info'.  Stores a 'EMET detected DEP mitigation and will close the application' error in Event Viewer, however it's EAF and StackPiviot that need disabling, not DEP.


  • Edited by AnaBna Monday, August 11, 2014 2:02 AM
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2014 2:02am

The following crash in EMET 5.0 that didn't in EMET 4.1.1:

Adobe Premiere CS4 - *\Adobe Premiere Pro.exe
Crashes when opening a new project.  Stores a 'EMET detected DEP mitigation and will close the application' error in Event Viewer, however it's EAF and StackPiviot that need disabling, not DEP.

Adobe Bridge CS4 - *\Bridge.exe
Crashes when right-clicking on an image and going to 'File Info'.  Stores a 'EMET detected DEP mitigation and will close the application' error in Event Viewer, however it's EAF and StackPiviot that need disabling, not DEP.


  • Edited by AnaBna Monday, August 11, 2014 2:02 AM
August 11th, 2014 2:02am

The following crash in EMET 5.0 that didn't in EMET 4.1.1:

Adobe Premiere CS4 - *\Adobe Premiere Pro.exe
Crashes when opening a new project.  Stores a 'EMET detected DEP mitigation and will close the application' error in Event Viewer, however it's EAF and StackPiviot that need disabling, not DEP.

Adobe Bridge CS4 - *\Bridge.exe
Crashes when right-clicking on an image and going to 'File Info'.  Stores a 'EMET detected DEP mitigation and will close the application' error in Event Viewer, however it's EAF and StackPiviot that need disabling, not DEP.


  • Edited by AnaBna Monday, August 11, 2014 2:02 AM
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2014 5:02am

The following crash in EMET 5.0 that didn't in EMET 4.1.1:

Adobe Premiere CS4 - *\Adobe Premiere Pro.exe
Crashes when opening a new project.  Stores a 'EMET detected DEP mitigation and will close the application' error in Event Viewer, however it's EAF and StackPiviot that need disabling, not DEP.

Adobe Bridge CS4 - *\Bridge.exe
Crashes when right-clicking on an image and going to 'File Info'.  Stores a 'EMET detected DEP mitigation and will close the application' error in Event Viewer, however it's EAF and StackPiviot that need disabling, not DEP.


  • Edited by AnaBna Monday, August 11, 2014 2:02 AM
August 11th, 2014 5:02am

The following crash in EMET 5.0 that didn't in EMET 4.1.1:

Adobe Premiere CS4 - *\Adobe Premiere Pro.exe
Crashes when opening a new project.  Stores a 'EMET detected DEP mitigation and will close the application' error in Event Viewer, however it's EAF and StackPiviot that need disabling, not DEP.

Adobe Bridge CS4 - *\Bridge.exe
Crashes when right-clicking on an image and going to 'File Info'.  Stores a 'EMET detected DEP mitigation and will close the application' error in Event Viewer, however it's EAF and StackPiviot that need disabling, not DEP.


  • Edited by AnaBna Monday, August 11, 2014 2:02 AM
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2014 5:02am

I added custom entry for ASR, and exported it to a XML file.

Then deleted all app config through emet_conf.exe and when I imported the settings, those custom ASR entry were not recoverd.

However, there was correct description about that ASR entry in the XML file.

August 13th, 2014 5:26pm

There is a similar problem reported for IE 11, in a separate thread:

http://social.technet.microsoft.com/Forums/security/en-US/8453f63f-7b60-46ac-99e5-558eef9a90a2/emet-causes-ie-crash?forum=emet

IE 10 crashes while viewing web page (http://www.phonearena.com/phones/size). There are no corresponding entries in the event log.

It's not reproducible 100% of the time. It took many attempts to reproduce it with ProcMon running, but I do have a couple ProcMon logs - if it would help.

------------

Here are the details:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    IEXPLORE.EXE
  Application Version:    10.0.9200.17054
  Application Timestamp:    53d0b9f0
  Fault Module Name:    EMET.DLL
  Fault Module Version:    5.0.0.0
  Fault Module Timestamp:    53d99ebe
  Exception Code:    c0000005
  Exception Offset:    000012ee
  OS Version:    6.1.7601.2.1.0.256.4
  Locale ID:    1033
  Additional Information 1:    d460
  Additional Information 2:    d460871d13a9e4a764be2b9055549e1a
  Additional Information 3:    60f8
  Additional Information 4:    60f89cbcea4f357f65086eac6a24b3fa

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt




  • Edited by mmiikkeeuu Sunday, August 17, 2014 5:52 PM Added details
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2014 4:11pm

There is a similar problem reported for IE 11, in a separate thread:

http://social.technet.microsoft.com/Forums/security/en-US/8453f63f-7b60-46ac-99e5-558eef9a90a2/emet-causes-ie-crash?forum=emet

IE 10 crashes while viewing web page (http://www.phonearena.com/phones/size). There are no corresponding entries in the event log.

It's not reproducible 100% of the time. It took many attempts to reproduce it with ProcMon running, but I do have a couple ProcMon logs - if it would help.

------------

Here are the details:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    IEXPLORE.EXE
  Application Version:    10.0.9200.17054
  Application Timestamp:    53d0b9f0
  Fault Module Name:    EMET.DLL
  Fault Module Version:    5.0.0.0
  Fault Module Timestamp:    53d99ebe
  Exception Code:    c0000005
  Exception Offset:    000012ee
  OS Version:    6.1.7601.2.1.0.256.4
  Locale ID:    1033
  Additional Information 1:    d460
  Additional Information 2:    d460871d13a9e4a764be2b9055549e1a
  Additional Information 3:    60f8
  Additional Information 4:    60f89cbcea4f357f65086eac6a24b3fa

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt




  • Edited by mmiikkeeuu Sunday, August 17, 2014 5:52 PM Added details
August 17th, 2014 4:11pm

There is a similar problem reported for IE 11, in a separate thread:

http://social.technet.microsoft.com/Forums/security/en-US/8453f63f-7b60-46ac-99e5-558eef9a90a2/emet-causes-ie-crash?forum=emet

IE 10 crashes while viewing web page (http://www.phonearena.com/phones/size). There are no corresponding entries in the event log.

It's not reproducible 100% of the time. It took many attempts to reproduce it with ProcMon running, but I do have a couple ProcMon logs - if it would help.

------------

Here are the details:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    IEXPLORE.EXE
  Application Version:    10.0.9200.17054
  Application Timestamp:    53d0b9f0
  Fault Module Name:    EMET.DLL
  Fault Module Version:    5.0.0.0
  Fault Module Timestamp:    53d99ebe
  Exception Code:    c0000005
  Exception Offset:    000012ee
  OS Version:    6.1.7601.2.1.0.256.4
  Locale ID:    1033
  Additional Information 1:    d460
  Additional Information 2:    d460871d13a9e4a764be2b9055549e1a
  Additional Information 3:    60f8
  Additional Information 4:    60f89cbcea4f357f65086eac6a24b3fa

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt




  • Edited by mmiikkeeuu Sunday, August 17, 2014 5:52 PM Added details
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2014 4:11pm

There is a similar problem reported for IE 11, in a separate thread:

http://social.technet.microsoft.com/Forums/security/en-US/8453f63f-7b60-46ac-99e5-558eef9a90a2/emet-causes-ie-crash?forum=emet

IE 10 crashes while viewing web page (http://www.phonearena.com/phones/size). There are no corresponding entries in the event log.

It's not reproducible 100% of the time. It took many attempts to reproduce it with ProcMon running, but I do have a couple ProcMon logs - if it would help.

------------

Here are the details:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    IEXPLORE.EXE
  Application Version:    10.0.9200.17054
  Application Timestamp:    53d0b9f0
  Fault Module Name:    EMET.DLL
  Fault Module Version:    5.0.0.0
  Fault Module Timestamp:    53d99ebe
  Exception Code:    c0000005
  Exception Offset:    000012ee
  OS Version:    6.1.7601.2.1.0.256.4
  Locale ID:    1033
  Additional Information 1:    d460
  Additional Information 2:    d460871d13a9e4a764be2b9055549e1a
  Additional Information 3:    60f8
  Additional Information 4:    60f89cbcea4f357f65086eac6a24b3fa

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt




  • Edited by mmiikkeeuu Sunday, August 17, 2014 5:52 PM Added details
August 17th, 2014 7:11pm

There is a similar problem reported for IE 11, in a separate thread:

http://social.technet.microsoft.com/Forums/security/en-US/8453f63f-7b60-46ac-99e5-558eef9a90a2/emet-causes-ie-crash?forum=emet

IE 10 crashes while viewing web page (http://www.phonearena.com/phones/size). There are no corresponding entries in the event log.

It's not reproducible 100% of the time. It took many attempts to reproduce it with ProcMon running, but I do have a couple ProcMon logs - if it would help.

------------

Here are the details:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    IEXPLORE.EXE
  Application Version:    10.0.9200.17054
  Application Timestamp:    53d0b9f0
  Fault Module Name:    EMET.DLL
  Fault Module Version:    5.0.0.0
  Fault Module Timestamp:    53d99ebe
  Exception Code:    c0000005
  Exception Offset:    000012ee
  OS Version:    6.1.7601.2.1.0.256.4
  Locale ID:    1033
  Additional Information 1:    d460
  Additional Information 2:    d460871d13a9e4a764be2b9055549e1a
  Additional Information 3:    60f8
  Additional Information 4:    60f89cbcea4f357f65086eac6a24b3fa

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt




  • Edited by mmiikkeeuu Sunday, August 17, 2014 5:52 PM Added details
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2014 7:11pm

There is a similar problem reported for IE 11, in a separate thread:

http://social.technet.microsoft.com/Forums/security/en-US/8453f63f-7b60-46ac-99e5-558eef9a90a2/emet-causes-ie-crash?forum=emet

IE 10 crashes while viewing web page (http://www.phonearena.com/phones/size). There are no corresponding entries in the event log.

It's not reproducible 100% of the time. It took many attempts to reproduce it with ProcMon running, but I do have a couple ProcMon logs - if it would help.

------------

Here are the details:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    IEXPLORE.EXE
  Application Version:    10.0.9200.17054
  Application Timestamp:    53d0b9f0
  Fault Module Name:    EMET.DLL
  Fault Module Version:    5.0.0.0
  Fault Module Timestamp:    53d99ebe
  Exception Code:    c0000005
  Exception Offset:    000012ee
  OS Version:    6.1.7601.2.1.0.256.4
  Locale ID:    1033
  Additional Information 1:    d460
  Additional Information 2:    d460871d13a9e4a764be2b9055549e1a
  Additional Information 3:    60f8
  Additional Information 4:    60f89cbcea4f357f65086eac6a24b3fa

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt




  • Edited by mmiikkeeuu Sunday, August 17, 2014 5:52 PM Added details
August 17th, 2014 7:11pm

EMET 5.0.5324.31804
Windows 8.1 Pro (Up-to-date)

I had to disable the "Stack Pivot" mitigation to make Skype (6.18.0.105, Desktop version) work. Otherwise the process would just crash after a few seconds without any GUI appearing. "EAF", "EAF+" and "ASR" were already disabled by default.

Event Log entry (in german):
Name der fehlerhaften Anwendung: Skype.exe, Version: 6.18.0.105, Zeitstempel: 0x53b3f36a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x000006a6
Fehleroffset: 0x00011d4d
ID des fehlerhaften Prozesses: 0x1034
Startzeit der fehlerhaften Anwendung: 0x01cfb00706ddde85
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll
Berichtskennung: 45191bab-1bfa-11e4-8283-74d435819821

I just wanted to say I've run into the same issue on Windows 8.1 Pro x64 with 6.18.106. I believe it only occurred following my upgrade from EMET 4 to EMET 5. I'm running the English version of Skype 

  • Edited by Quitch Wednesday, August 20, 2014 7:40 AM
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2014 7:38am

EMET 5.0.5324.31804
Windows 8.1 Pro (Up-to-date)

I had to disable the "Stack Pivot" mitigation to make Skype (6.18.0.105, Desktop version) work. Otherwise the process would just crash after a few seconds without any GUI appearing. "EAF", "EAF+" and "ASR" were already disabled by default.

Event Log entry (in german):
Name der fehlerhaften Anwendung: Skype.exe, Version: 6.18.0.105, Zeitstempel: 0x53b3f36a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x000006a6
Fehleroffset: 0x00011d4d
ID des fehlerhaften Prozesses: 0x1034
Startzeit der fehlerhaften Anwendung: 0x01cfb00706ddde85
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll
Berichtskennung: 45191bab-1bfa-11e4-8283-74d435819821

I just wanted to say I've run into the same issue on Windows 8.1 Pro x64 with 6.18.106. I believe it only occurred following my upgrade from EMET 4 to EMET 5. I'm running the English version of Skype 

  • Edited by Quitch Wednesday, August 20, 2014 7:40 AM
August 20th, 2014 7:38am

EMET 5.0.5324.31804
Windows 8.1 Pro (Up-to-date)

I had to disable the "Stack Pivot" mitigation to make Skype (6.18.0.105, Desktop version) work. Otherwise the process would just crash after a few seconds without any GUI appearing. "EAF", "EAF+" and "ASR" were already disabled by default.

Event Log entry (in german):
Name der fehlerhaften Anwendung: Skype.exe, Version: 6.18.0.105, Zeitstempel: 0x53b3f36a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x000006a6
Fehleroffset: 0x00011d4d
ID des fehlerhaften Prozesses: 0x1034
Startzeit der fehlerhaften Anwendung: 0x01cfb00706ddde85
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll
Berichtskennung: 45191bab-1bfa-11e4-8283-74d435819821

I just wanted to say I've run into the same issue on Windows 8.1 Pro x64 with 6.18.106. I believe it only occurred following my upgrade from EMET 4 to EMET 5. I'm running the English version of Skype 

  • Edited by Quitch Wednesday, August 20, 2014 7:40 AM
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2014 7:38am

EMET 5.0.5324.31804
Windows 8.1 Pro (Up-to-date)

I had to disable the "Stack Pivot" mitigation to make Skype (6.18.0.105, Desktop version) work. Otherwise the process would just crash after a few seconds without any GUI appearing. "EAF", "EAF+" and "ASR" were already disabled by default.

Event Log entry (in german):
Name der fehlerhaften Anwendung: Skype.exe, Version: 6.18.0.105, Zeitstempel: 0x53b3f36a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x000006a6
Fehleroffset: 0x00011d4d
ID des fehlerhaften Prozesses: 0x1034
Startzeit der fehlerhaften Anwendung: 0x01cfb00706ddde85
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll
Berichtskennung: 45191bab-1bfa-11e4-8283-74d435819821

I just wanted to say I've run into the same issue on Windows 8.1 Pro x64 with 6.18.106. I believe it only occurred following my upgrade from EMET 4 to EMET 5. I'm running the English version of Skype 

  • Edited by Quitch Wednesday, August 20, 2014 7:40 AM
August 20th, 2014 10:38am

EMET 5.0.5324.31804
Windows 8.1 Pro (Up-to-date)

I had to disable the "Stack Pivot" mitigation to make Skype (6.18.0.105, Desktop version) work. Otherwise the process would just crash after a few seconds without any GUI appearing. "EAF", "EAF+" and "ASR" were already disabled by default.

Event Log entry (in german):
Name der fehlerhaften Anwendung: Skype.exe, Version: 6.18.0.105, Zeitstempel: 0x53b3f36a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x000006a6
Fehleroffset: 0x00011d4d
ID des fehlerhaften Prozesses: 0x1034
Startzeit der fehlerhaften Anwendung: 0x01cfb00706ddde85
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll
Berichtskennung: 45191bab-1bfa-11e4-8283-74d435819821

I just wanted to say I've run into the same issue on Windows 8.1 Pro x64 with 6.18.106. I believe it only occurred following my upgrade from EMET 4 to EMET 5. I'm running the English version of Skype 

  • Edited by Quitch Wednesday, August 20, 2014 7:40 AM
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2014 10:38am

EMET 5.0.5324.31804
Windows 8.1 Pro (Up-to-date)

I had to disable the "Stack Pivot" mitigation to make Skype (6.18.0.105, Desktop version) work. Otherwise the process would just crash after a few seconds without any GUI appearing. "EAF", "EAF+" and "ASR" were already disabled by default.

Event Log entry (in german):
Name der fehlerhaften Anwendung: Skype.exe, Version: 6.18.0.105, Zeitstempel: 0x53b3f36a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x000006a6
Fehleroffset: 0x00011d4d
ID des fehlerhaften Prozesses: 0x1034
Startzeit der fehlerhaften Anwendung: 0x01cfb00706ddde85
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll
Berichtskennung: 45191bab-1bfa-11e4-8283-74d435819821

I just wanted to say I've run into the same issue on Windows 8.1 Pro x64 with 6.18.106. I believe it only occurred following my upgrade from EMET 4 to EMET 5. I'm running the English version of Skype 

  • Edited by Quitch Wednesday, August 20, 2014 7:40 AM
August 20th, 2014 10:38am

It should be noted that ATI resolved their ASLR driver issues in release 12.6.
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2014 10:42am

System Explorer 5.9.2.5250 crashes when SimExecFlow is applied to.

Win7HPx64, EMET5.0 with DH. AD, BF enabled.

BTW this site took quite long time to be displayed on IE, even worse when I clicked 'reply' on Chrome, I logged out automatically so cannot reply at all.

Finally I used Firefox but it temporarily goes unresponsive.

Also popup about MS data collection is quite annoying.

August 20th, 2014 5:39pm

Zemana Antilogger (Antilogger.exe) and SecuniaPSI (psia.exe) can't start if StackPivot is applied to.
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2014 7:15pm

EMET 5.0 with the Popular Software Protection Profile applied definitely breaks Windows Media Player unless you turn off the StackPivot mitigation for wmplayer.exe. This was not the case in 4.x. This is the case on Win7 and Win8.1. Come on Microsoft. At least make your own apps play nicely with EMET.
  • Edited by axeshr3dder Wednesday, August 27, 2014 7:06 PM wrong
August 27th, 2014 6:40pm

EMET 5.0 with the Popular Software Protection Profile applied definitely breaks Windows Media Player unless you turn off the StackPivot mitigation for wmplayer.exe. This was not the case in 4.x. This is the case on Win7 and Win8.1. Come on Microsoft. At least make your own apps play nicely with EMET.
  • Edited by axeshr3dder Wednesday, August 27, 2014 7:06 PM wrong
Free Windows Admin Tool Kit Click here and download it now
August 27th, 2014 6:40pm

EMET 5.0 with the Popular Software Protection Profile applied definitely breaks Windows Media Player unless you turn off the StackPivot mitigation for wmplayer.exe. This was not the case in 4.x. This is the case on Win7 and Win8.1. Come on Microsoft. At least make your own apps play nicely with EMET.
  • Edited by axeshr3dder Wednesday, August 27, 2014 7:06 PM wrong
August 27th, 2014 6:40pm

EMET 5.0 with the Popular Software Protection Profile applied definitely breaks Windows Media Player unless you turn off the StackPivot mitigation for wmplayer.exe. This was not the case in 4.x. This is the case on Win7 and Win8.1. Come on Microsoft. At least make your own apps play nicely with EMET.
  • Edited by axeshr3dder Wednesday, August 27, 2014 7:06 PM wrong
Free Windows Admin Tool Kit Click here and download it now
August 27th, 2014 9:40pm

EMET 5.0 with the Popular Software Protection Profile applied definitely breaks Windows Media Player unless you turn off the StackPivot mitigation for wmplayer.exe. This was not the case in 4.x. This is the case on Win7 and Win8.1. Come on Microsoft. At least make your own apps play nicely with EMET.
  • Edited by axeshr3dder Wednesday, August 27, 2014 7:06 PM wrong
August 27th, 2014 9:40pm

EMET 5.0 with the Popular Software Protection Profile applied definitely breaks Windows Media Player unless you turn off the StackPivot mitigation for wmplayer.exe. This was not the case in 4.x. This is the case on Win7 and Win8.1. Come on Microsoft. At least make your own apps play nicely with EMET.
  • Edited by axeshr3dder Wednesday, August 27, 2014 7:06 PM wrong
Free Windows Admin Tool Kit Click here and download it now
August 27th, 2014 9:40pm

Please add iexplorer.exe (IE11 on Win8.1 update) to the list. It fails to run with an EAF mitigation error.
September 11th, 2014 6:05pm

Windows 8.1 Pro
EMET 5.0.5324.31804
Dropbox 2.10.30

Dropbox crashes if the "StackPivot"-mitigation is activated for it.

Name der fehlerhaften Anwendung: Dropbox.exe, Version: 2.10.30.0, Zeitstempel: 0x538fa625
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0x40010006
Fehleroffset: 0x0009a792
ID des fehlerhaften Prozesses: 0xf80
Startzeit der fehlerhaften Anwendung: 0x01cfd605a44fe51f
Pfad der fehlerhaften Anwendung: C:\Users\X\AppData\Roaming\Dropbox\bin\Dropbox.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll

Free Windows Admin Tool Kit Click here and download it now
September 22nd, 2014 5:05am

Getting this on a Windows 8.1 box with EMET 5.0. I'll be waiting for the first update to 5 before deploying to my enterprise. This could have been very bad.


Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17278, time stamp: 0x53eea0c3
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x53d99ebe
Exception code: 0xc0000005
Fault offset: 0x000012ee
Faulting process id: 0x14f8
Faulting application start time: 0x01cfd1e69be71a55
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\AppPatch\EMET.DLL
Report Id: dc2df11f-3dd9-11e4-bea0-0023ae752176
Faulting package full name: 
Faulting package-relative application ID: 



September 22nd, 2014 7:37pm

1. I'm experiencing Word 2010 crashes after installing EMET 5 (with 4.1 there were no problems), usually when a user try to "Save as..." a file opened from a network fileshare.

Application error, EventID 1000, Task category 100

Faulting application name: WINWORD.EXE, version: 14.0.7125.5000, time stamp: 0x53745315
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x53d99ebe
Exception code: 0xc0000005
Fault offset: 0x0004331a
Faulting process id: 0x14b0
Faulting application start time: 0x01cfd705594d0667
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: C:\Windows\AppPatch\EMET.DLL
Report Id: beb0267a-42f8-11e4-b859-001cc0f9a919

This is happening on several of our organization's PCs, all with Windows 7 Enterprise x64 and Office Pro Plus 2010 x86, both with latest SPs and patches.

2. I also found that the Brother MFC-8860DN driver installer for W7 x64 is incompatible with EMET (even if you disable all the mitigations): to install it you have to uninstall EMET and restore the DEP settings with command: bcdedit.exe /set {current} nx OptIn

This just for the installer, because once it is installed the driver and the control utility works well with EMET.

3. Generally speaking, I complain about the fact that EMET often doesn't alert with a popup that a program is being closed and for which reason. Also, often disabling all mitigations for a program is not enough to make a program works (maybe because the problem is in a loaded DLL and not in the program itself?).


  • Edited by f.delbene Tuesday, September 23, 2014 8:43 AM
Free Windows Admin Tool Kit Click here and download it now
September 23rd, 2014 8:42am

1. I'm experiencing Word 2010 crashes after installing EMET 5 (with 4.1 there were no problems), usually when a user try to "Save as..." a file opened from a network fileshare.

Application error, EventID 1000, Task category 100

Faulting application name: WINWORD.EXE, version: 14.0.7125.5000, time stamp: 0x53745315
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x53d99ebe
Exception code: 0xc0000005
Fault offset: 0x0004331a
Faulting process id: 0x14b0
Faulting application start time: 0x01cfd705594d0667
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: C:\Windows\AppPatch\EMET.DLL
Report Id: beb0267a-42f8-11e4-b859-001cc0f9a919

This is happening on several of our organization's PCs, all with Windows 7 Enterprise x64 and Office Pro Plus 2010 x86, both with latest SPs and patches.

2. I also found that the Brother MFC-8860DN driver installer for W7 x64 is incompatible with EMET (even if you disable all the mitigations): to install it you have to uninstall EMET and restore the DEP settings with command: bcdedit.exe /set {current} nx OptIn

This just for the installer, because once it is installed the driver and the control utility works well with EMET.

3. Generally speaking, I complain about the fact that EMET often doesn't alert with a popup that a program is being closed and for which reason. Also, often disabling all mitigations for a program is not enough to make a program works (maybe because the problem is in a loaded DLL and not in the program itself?).


  • Edited by f.delbene Tuesday, September 23, 2014 8:43 AM
September 23rd, 2014 8:42am

1. I'm experiencing Word 2010 crashes after installing EMET 5 (with 4.1 there were no problems), usually when a user try to "Save as..." a file opened from a network fileshare.

Application error, EventID 1000, Task category 100

Faulting application name: WINWORD.EXE, version: 14.0.7125.5000, time stamp: 0x53745315
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x53d99ebe
Exception code: 0xc0000005
Fault offset: 0x0004331a
Faulting process id: 0x14b0
Faulting application start time: 0x01cfd705594d0667
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: C:\Windows\AppPatch\EMET.DLL
Report Id: beb0267a-42f8-11e4-b859-001cc0f9a919

This is happening on several of our organization's PCs, all with Windows 7 Enterprise x64 and Office Pro Plus 2010 x86, both with latest SPs and patches.

2. I also found that the Brother MFC-8860DN driver installer for W7 x64 is incompatible with EMET (even if you disable all the mitigations): to install it you have to uninstall EMET and restore the DEP settings with command: bcdedit.exe /set {current} nx OptIn

This just for the installer, because once it is installed the driver and the control utility works well with EMET.

3. Generally speaking, I complain about the fact that EMET often doesn't alert with a popup that a program is being closed and for which reason. Also, often disabling all mitigations for a program is not enough to make a program works (maybe because the problem is in a loaded DLL and not in the program itself?).


  • Edited by f.delbene Tuesday, September 23, 2014 8:43 AM
Free Windows Admin Tool Kit Click here and download it now
September 23rd, 2014 8:42am

1. I'm experiencing Word 2010 crashes after installing EMET 5 (with 4.1 there were no problems), usually when a user try to "Save as..." a file opened from a network fileshare.

Application error, EventID 1000, Task category 100

Faulting application name: WINWORD.EXE, version: 14.0.7125.5000, time stamp: 0x53745315
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x53d99ebe
Exception code: 0xc0000005
Fault offset: 0x0004331a
Faulting process id: 0x14b0
Faulting application start time: 0x01cfd705594d0667
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: C:\Windows\AppPatch\EMET.DLL
Report Id: beb0267a-42f8-11e4-b859-001cc0f9a919

This is happening on several of our organization's PCs, all with Windows 7 Enterprise x64 and Office Pro Plus 2010 x86, both with latest SPs and patches.

2. I also found that the Brother MFC-8860DN driver installer for W7 x64 is incompatible with EMET (even if you disable all the mitigations): to install it you have to uninstall EMET and restore the DEP settings with command: bcdedit.exe /set {current} nx OptIn

This just for the installer, because once it is installed the driver and the control utility works well with EMET.

3. Generally speaking, I complain about the fact that EMET often doesn't alert with a popup that a program is being closed and for which reason. Also, often disabling all mitigations for a program is not enough to make a program works (maybe because the problem is in a loaded DLL and not in the program itself?).


  • Edited by f.delbene Tuesday, September 23, 2014 8:43 AM
September 23rd, 2014 11:42am

1. I'm experiencing Word 2010 crashes after installing EMET 5 (with 4.1 there were no problems), usually when a user try to "Save as..." a file opened from a network fileshare.

Application error, EventID 1000, Task category 100

Faulting application name: WINWORD.EXE, version: 14.0.7125.5000, time stamp: 0x53745315
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x53d99ebe
Exception code: 0xc0000005
Fault offset: 0x0004331a
Faulting process id: 0x14b0
Faulting application start time: 0x01cfd705594d0667
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: C:\Windows\AppPatch\EMET.DLL
Report Id: beb0267a-42f8-11e4-b859-001cc0f9a919

This is happening on several of our organization's PCs, all with Windows 7 Enterprise x64 and Office Pro Plus 2010 x86, both with latest SPs and patches.

2. I also found that the Brother MFC-8860DN driver installer for W7 x64 is incompatible with EMET (even if you disable all the mitigations): to install it you have to uninstall EMET and restore the DEP settings with command: bcdedit.exe /set {current} nx OptIn

This just for the installer, because once it is installed the driver and the control utility works well with EMET.

3. Generally speaking, I complain about the fact that EMET often doesn't alert with a popup that a program is being closed and for which reason. Also, often disabling all mitigations for a program is not enough to make a program works (maybe because the problem is in a loaded DLL and not in the program itself?).


  • Edited by f.delbene Tuesday, September 23, 2014 8:43 AM
Free Windows Admin Tool Kit Click here and download it now
September 23rd, 2014 11:42am

1. I'm experiencing Word 2010 crashes after installing EMET 5 (with 4.1 there were no problems), usually when a user try to "Save as..." a file opened from a network fileshare.

Application error, EventID 1000, Task category 100

Faulting application name: WINWORD.EXE, version: 14.0.7125.5000, time stamp: 0x53745315
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x53d99ebe
Exception code: 0xc0000005
Fault offset: 0x0004331a
Faulting process id: 0x14b0
Faulting application start time: 0x01cfd705594d0667
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: C:\Windows\AppPatch\EMET.DLL
Report Id: beb0267a-42f8-11e4-b859-001cc0f9a919

This is happening on several of our organization's PCs, all with Windows 7 Enterprise x64 and Office Pro Plus 2010 x86, both with latest SPs and patches.

2. I also found that the Brother MFC-8860DN driver installer for W7 x64 is incompatible with EMET (even if you disable all the mitigations): to install it you have to uninstall EMET and restore the DEP settings with command: bcdedit.exe /set {current} nx OptIn

This just for the installer, because once it is installed the driver and the control utility works well with EMET.

3. Generally speaking, I complain about the fact that EMET often doesn't alert with a popup that a program is being closed and for which reason. Also, often disabling all mitigations for a program is not enough to make a program works (maybe because the problem is in a loaded DLL and not in the program itself?).


  • Edited by f.delbene Tuesday, September 23, 2014 8:43 AM
September 23rd, 2014 11:42am

EMET 5 closed MS Access 2010, citing detection of "caller mitigation", when a VBA procedure in an accdb file attempted to use the Application.FileDialog(3) object to get the user to browse to an external file.

I solved the problem by opting out of Caller mitigation on the MSAccess.exe line in EMET.

Note: (1) I did not previously have any version of EMET installed. EMET 5 is my first use of it.

(2) I was using late binding with the FileDialog object. I have not experimented to see if early binding would have passed EMET's scrutiny.

Free Windows Admin Tool Kit Click here and download it now
September 25th, 2014 6:40am

I am experiencing exactly the same issue (Exception code: 0xc0000005) with Word and Excel 2010. I disabled SEHOP and Caller (EAF+ is disabled by default) and so far so good. Does this work in your case as well?

This paragraph in the manual made me think that SEHOP might be the culprit:
"On Windows 7 and later versions, SEHOP (both system wide and per application) is implemented by the operating system. For this reason, when this mitigation is enabled and is detected, EMET will not be able to catch and notify that SEHOP was detected. Instead, the OS will terminate the process and write an event in the Applications event log."

What I find interesting about most crashes with EMET 5.0 is that there is hardly ever an event log from EMET itself, only from the application which crashed. This makes it difficult to identify the mitigation technique responsible for the crash.

September 25th, 2014 5:00pm

I only needed to disable Caller, not SEHOP. Meantime, I have just encountered a similar problem with Outlook.exe, so will post about that shortly.
Free Windows Admin Tool Kit Click here and download it now
September 26th, 2014 5:26am

Using Outlook 2010 on my Win 7 machine, I attempted to save an email attachment via Right-click > Save As.

As soon as the FileDialog browser window appeared, EMET 5 closed OUTLOOK.EXE, citing Caller Mitigation.

Before changing any EMET option, I checked that I could extract the attachment by drag-and-drop. No problem.

I opted out of Caller mitigation in the OUTLOOK.EXE line in EMET and restarted Outlook. This time I could successfully Right-click > Save As.

This is similar to the issue I reported yesterday in Access 2010, where EMET also closed the application when a FileDialog object was opened. That time, too, I solved the problem by opting out of Caller mitigation. Yesterday, it was my own VBA code that attempted to open the FileDialog object, but today in Outlook it is Microsoft's  code; I do not have any of my own VBA running in Outlook. Therefore, it seems clear that there is some conflict between EMET and the FileDialog object itself that MS should investigate. You would not expect EMET to disable "Save As" capability!

September 26th, 2014 5:56am

Hi, Stefan. See my new post. I also tried disabling SEHOP instead of Caller, but the problem recurred.
Free Windows Admin Tool Kit Click here and download it now
September 26th, 2014 6:00am

Following my previous postings about encountering unjustified Caller mitigation shutdowns in Access 2010 and Outlook 2010, I can now report that the same problem arises in Word 2010. There, I encountered it under two different situations. The first was when I attempted to paste into a document a pageful of text that I had copied to the Clipboard from a web page. The text had some hyperlinks in it, so I wonder if it was they that precipitated the Caller mitigation shutdown.

Word automatically restarted and presented a recovered document on screen, containing the text I had entered before I attempted to paste in the web page text. I therefore attempted to save the document, but as soon as the "Save" dialog opened, EMET again triggered a shutdown, citing Caller mitigation.

I therefore opted out of Caller mitigation in the WinWord.exe line in EMET, and that solved the problem just as it had done in Outlook and Access.

September 27th, 2014 10:17am

Hi!  Ever since installing EMET 5.0 =all= Adobe products give me a EMET message.  I can't even open an existing .pdf.  How do you =un=install this damn thing?

Bruce

Free Windows Admin Tool Kit Click here and download it now
September 27th, 2014 11:58pm

Hi TrevDev

Unfortunately this issue is still not fixed in my case. Sometimes when one of our users saves a document in any of the Office 2010 applications it leads to a crash, usually just after the Save As dialog appears. I have disabled both Caller and SEHOP but this does not seem to work in my case, even though it looked promising in the beginning.

EMET does not log any event logs, only the Office 2010 application itself. I therefore dont know which mitigation techniques is causing the problem. And I am not able to reproduce this issue either since it does not happen every time a user saves a document. It only happens sporadically, usually 2-3 times a day per user.


  • Edited by stefancpt Monday, September 29, 2014 2:12 PM
September 29th, 2014 9:58am

Hi TrevDev

Unfortunately this issue is still not fixed in my case. Sometimes when one of our users saves a document in any of the Office 2010 applications it leads to a crash, usually just after the Save As dialog appears. I have disabled both Caller and SEHOP but this does not seem to work in my case, even though it looked promising in the beginning.

EMET does not log any event logs, only the Office 2010 application itself. I therefore dont know which mitigation techniques is causing the problem. And I am not able to reproduce this issue either since it does not happen every time a user saves a document. It only happens sporadically, usually 2-3 times a day per user.


  • Edited by stefancpt Monday, September 29, 2014 2:12 PM
Free Windows Admin Tool Kit Click here and download it now
September 29th, 2014 9:58am

Hi TrevDev

Unfortunately this issue is still not fixed in my case. Sometimes when one of our users saves a document in any of the Office 2010 applications it leads to a crash, usually just after the Save As dialog appears. I have disabled both Caller and SEHOP but this does not seem to work in my case, even though it looked promising in the beginning.

EMET does not log any event logs, only the Office 2010 application itself. I therefore dont know which mitigation techniques is causing the problem. And I am not able to reproduce this issue either since it does not happen every time a user saves a document. It only happens sporadically, usually 2-3 times a day per user.


  • Edited by stefancpt Monday, September 29, 2014 2:12 PM
September 29th, 2014 9:58am

Hi TrevDev

Unfortunately this issue is still not fixed in my case. Sometimes when one of our users saves a document in any of the Office 2010 applications it leads to a crash, usually just after the Save As dialog appears. I have disabled both Caller and SEHOP but this does not seem to work in my case, even though it looked promising in the beginning.

EMET does not log any event logs, only the Office 2010 application itself. I therefore dont know which mitigation techniques is causing the problem. And I am not able to reproduce this issue either since it does not happen every time a user saves a document. It only happens sporadically, usually 2-3 times a day per user.


  • Edited by stefancpt Monday, September 29, 2014 2:12 PM
Free Windows Admin Tool Kit Click here and download it now
September 29th, 2014 12:58pm

Hi TrevDev

Unfortunately this issue is still not fixed in my case. Sometimes when one of our users saves a document in any of the Office 2010 applications it leads to a crash, usually just after the Save As dialog appears. I have disabled both Caller and SEHOP but this does not seem to work in my case, even though it looked promising in the beginning.

EMET does not log any event logs, only the Office 2010 application itself. I therefore dont know which mitigation techniques is causing the problem. And I am not able to reproduce this issue either since it does not happen every time a user saves a document. It only happens sporadically, usually 2-3 times a day per user.


  • Edited by stefancpt Monday, September 29, 2014 2:12 PM
September 29th, 2014 12:58pm

Hi TrevDev

Unfortunately this issue is still not fixed in my case. Sometimes when one of our users saves a document in any of the Office 2010 applications it leads to a crash, usually just after the Save As dialog appears. I have disabled both Caller and SEHOP but this does not seem to work in my case, even though it looked promising in the beginning.

EMET does not log any event logs, only the Office 2010 application itself. I therefore dont know which mitigation techniques is causing the problem. And I am not able to reproduce this issue either since it does not happen every time a user saves a document. It only happens sporadically, usually 2-3 times a day per user.


  • Edited by stefancpt Monday, September 29, 2014 2:12 PM
Free Windows Admin Tool Kit Click here and download it now
September 29th, 2014 12:58pm

In my case, disabling Mandatory ASLR finally fixed the Office 2010 issue. I have monitored this for one week and I have not seen a single application crash on PCs with MASLR disabled.

This is far from ideal as the MASLR mitigation has proven to be successful in blocking recent 0day threats. What's the point of using EMET 5 if key mitigation techniques have to be disabled due to application crashes? I am tempted to uninstall EMET 5 and reinstall EMET 4.1u1 as it was more stable.

Any news as to when an update for EMET 5 will be released? I hope this will happen soon, considering all the problems users are reporting and the fact that it has already been bypassed.

October 6th, 2014 11:57am

I am an EMET devotee, and have convinced many friends to enhance their systems with this exceptional program. That is version 4.1. I was just getting curious about upgrading when I came upon this thread. I wouldn't touch 5.0 with a barge pole, now. Just when the open-source option is becoming downright dangerous to use, with two documented critical weaknesses coming to light recently, and Bash being exposed only within the last 30 days, Microsoft gets lax with code. I have had some real problems with caller mitigation in 4.1. Rather than opening a thread, I experimented, using a couple of basic assumptions.

1. The alert is real and appropriate.

2.  The mitigation is also appropriate, taking into mind that I have maximum security settings selected in EMET 4.1.

I recently had an alert about an Outlook extension in Chrome, and Outlook was shut down (Office University 365) (psst..., my laptop is a server! And I am not telling how!) Okay, I insured that Chrome no longer had the miscreant extension. Outlook works fine now. I had horrible issues with the Java 8.1 intro, and found out that the same mitigation's that are ignored for previous versions should be ignored with the new versions. So, problems with 5.0 may, and I say may reluctantly, be along the same lines. And furthermore, if you have a standalone, or a hybrid system like mine, the ordinary upgrade process works fine. Otherwise, and this means 65-75% of users, you should install and configure EMET from the command line. Go ahead, sharpen your skills a little bit. And save yourself the headaches. I write this knowing that MS may have messed up badly with the 5.0 intro. I'll see what 5.1 brings

Free Windows Admin Tool Kit Click here and download it now
October 8th, 2014 12:31am

I had the same issue with the Caller Mitigation and Excel 2013. The application would crash upon closing, but only with documents off a file share not with documents opened in SharePoint.

Note that this occurred with both EMET 4.1U1 and EMET 5.0

  • Edited by Thomas_Br Friday, October 10, 2014 7:30 PM update for version info.
October 10th, 2014 7:23pm

I had the same issue with the Caller Mitigation and Excel 2013. The application would crash upon closing, but only with documents off a file share not with documents opened in SharePoint.

Note that this occurred with both EMET 4.1U1 and EMET 5.0

  • Edited by Thomas_Br Friday, October 10, 2014 7:30 PM update for version info.
Free Windows Admin Tool Kit Click here and download it now
October 10th, 2014 7:23pm

I had the same issue with the Caller Mitigation and Excel 2013. The application would crash upon closing, but only with documents off a file share not with documents opened in SharePoint.

Note that this occurred with both EMET 4.1U1 and EMET 5.0

  • Edited by Thomas_Br Friday, October 10, 2014 7:30 PM update for version info.
October 10th, 2014 7:23pm

I had the same issue with the Caller Mitigation and Excel 2013. The application would crash upon closing, but only with documents off a file share not with documents opened in SharePoint.

Note that this occurred with both EMET 4.1U1 and EMET 5.0

  • Edited by Thomas_Br Friday, October 10, 2014 7:30 PM update for version info.
Free Windows Admin Tool Kit Click here and download it now
October 10th, 2014 10:23pm

I had the same issue with the Caller Mitigation and Excel 2013. The application would crash upon closing, but only with documents off a file share not with documents opened in SharePoint.

Note that this occurred with both EMET 4.1U1 and EMET 5.0

  • Edited by Thomas_Br Friday, October 10, 2014 7:30 PM update for version info.
October 10th, 2014 10:23pm

I had the same issue with the Caller Mitigation and Excel 2013. The application would crash upon closing, but only with documents off a file share not with documents opened in SharePoint.

Note that this occurred with both EMET 4.1U1 and EMET 5.0

  • Edited by Thomas_Br Friday, October 10, 2014 7:30 PM update for version info.
Free Windows Admin Tool Kit Click here and download it now
October 10th, 2014 10:23pm

1- I have SSL/trust EMET alerts/pop up using IE 11, even when I logged in to this page.

2- Have EMET 5.0 (clean install). But was getting alerts from EMET 4.1 before.

3- OS Windows 8.1 / always updated. Also use Bitdefender total security 2015. Bitdefender confirmed that there is no compatibility issues with EMET 5.0.

4- After opening couple of web pages, IE stops working and re-lunch, this is a most recent problem and happens frequently.

5- The funny thing is I get these EMET alerts when going to bing.com, but not with google.com using IE. Captures below when I was on bing.com.

6- Tried to write to Microsoft EMET connect portal using the link provided above( and got Page Not Found

Hope we get a fix for this from MS, hope they will pay attention more to the quality of their products.

Thanks

October 16th, 2014 5:59am

Chrome 38.0.2125.101 64-bit crashes when you choose to browse for a user certificate while setting up a virtual machine in Microsoft Azure.

Disabling mandatory ASLR for the application resolves the issue.

Free Windows Admin Tool Kit Click here and download it now
October 17th, 2014 5:23pm

One of my users has installed Wuala.  After the Wuala installation EMET 4.1 has detected Caller Mitigation and closes iexplorer.exe and other Office 2010 Products inc Word and Outlook

This behavior happens when the user does a "save as"  or "save target as"  

User is running Win7 Enterprise SP1 32 bit

Office 2010 

Updated to EMET 4.1 update 1 and same behavior shown

October 24th, 2014 10:05pm

On a brand new Alienware system with Windows 8.1, I can't seem to run Java even if it has nothing to do with browser-related applications.   Just now EMET 5 blocked me using it with Intel's update software that requires it, as well as prevented the installation of the most-recent build of Java Runtime.  I haven't installed Office yet, however...

It would appear the use of EMET causes more problems than it solves if it's having issues with even the most mainstream of applications, let alone plugins that help certain, other software run more smoothly.




  • Edited by Hyncharas Wednesday, October 29, 2014 4:38 PM
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2014 4:36pm

On a brand new Alienware system with Windows 8.1, I can't seem to run Java even if it has nothing to do with browser-related applications.   Just now EMET 5 blocked me using it with Intel's update software that requires it, as well as prevented the installation of the most-recent build of Java Runtime.  I haven't installed Office yet, however...

It would appear the use of EMET causes more problems than it solves if it's having issues with even the most mainstream of applications, let alone plugins that help certain, other software run more smoothly.




  • Edited by Hyncharas Wednesday, October 29, 2014 4:38 PM
October 29th, 2014 4:36pm

On a brand new Alienware system with Windows 8.1, I can't seem to run Java even if it has nothing to do with browser-related applications.   Just now EMET 5 blocked me using it with Intel's update software that requires it, as well as prevented the installation of the most-recent build of Java Runtime.  I haven't installed Office yet, however...

It would appear the use of EMET causes more problems than it solves if it's having issues with even the most mainstream of applications, let alone plugins that help certain, other software run more smoothly.




  • Edited by Hyncharas Wednesday, October 29, 2014 4:38 PM
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2014 4:36pm

On a brand new Alienware system with Windows 8.1, I can't seem to run Java even if it has nothing to do with browser-related applications.   Just now EMET 5 blocked me using it with Intel's update software that requires it, as well as prevented the installation of the most-recent build of Java Runtime.  I haven't installed Office yet, however...

It would appear the use of EMET causes more problems than it solves if it's having issues with even the most mainstream of applications, let alone plugins that help certain, other software run more smoothly.




  • Edited by Hyncharas Wednesday, October 29, 2014 4:38 PM
October 29th, 2014 7:36pm

On a brand new Alienware system with Windows 8.1, I can't seem to run Java even if it has nothing to do with browser-related applications.   Just now EMET 5 blocked me using it with Intel's update software that requires it, as well as prevented the installation of the most-recent build of Java Runtime.  I haven't installed Office yet, however...

It would appear the use of EMET causes more problems than it solves if it's having issues with even the most mainstream of applications, let alone plugins that help certain, other software run more smoothly.




  • Edited by Hyncharas Wednesday, October 29, 2014 4:38 PM
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2014 7:36pm

On a brand new Alienware system with Windows 8.1, I can't seem to run Java even if it has nothing to do with browser-related applications.   Just now EMET 5 blocked me using it with Intel's update software that requires it, as well as prevented the installation of the most-recent build of Java Runtime.  I haven't installed Office yet, however...

It would appear the use of EMET causes more problems than it solves if it's having issues with even the most mainstream of applications, let alone plugins that help certain, other software run more smoothly.




  • Edited by Hyncharas Wednesday, October 29, 2014 4:38 PM
October 29th, 2014 7:36pm

EMET 5.0 - Excel 2013 64bit

EAF causes Excel to stop when doing  "File - Open - Computer - Browse" to open "Open Dialog".

All other options work.

Free Windows Admin Tool Kit Click here and download it now
November 5th, 2014 7:51pm

Since upgrading from EMET 4.1 to EMET 5 we've had tons of problems with Outlook, Word, and Firefox.

We ended up outright removing the entry for Outlook because we were unable to determine which combination of protections was causing it to crash.  Users are reporting that Word is crashing too, but this has been less frequent, so we can't even begin to test.  If another user reports and issue with Word crashing, we'll likely remove the entire entry for Word.

We may just have to roll back to EMET 4.1 at this point.

November 6th, 2014 2:13am

1- I have SSL/trust EMET alerts/pop up using IE 11, even when I logged in to this page.

2- Have EMET 5.0 (clean install). But was getting alerts from EMET 4.1 before.

3- OS Windows 8.1 / always updated. Also use Bitdefender total security 2015. Bitdefender confirmed that there is no compatibility issues with EMET 5.0.

4- After opening couple of web pages, IE stops working and re-lunch, this is a most recent problem and happens frequently.

5- The funny thing is I get these EMET alerts when going to bing.com, but not with google.com using IE. Captures below when I was on bing.com.

6- Tried to write to Microsoft EMET connect portal using the link provided above( and got Page Not Found

Hope we get a fix for this from MS, hope they will pay attention more to the quality of their products.

Thanks

Hi

A possible scenario : This issue might relate to the "SSL Scanning" feature of Bitdefender Product which interposed it's own Bitdefender Certificate into your IE browser in order to scan SSL connections.

Re : http://forum.bitdefender.com/index.php?showtopic=48668

       http://forum.bitdefender.com/index.php?showtopic=47457&st=0&p=196771&#entry196771

If your IE browser then visits those websites that are protected within your EMET's Certificate Trust Configuration, they may trigger EMET's blocking rules.

Possible Solution: Disable the "SSL Scanning" feature of Bitdefender or perhaps import "Bitdefender Personal CA.Net-Defender" into your EMET's pinning rules.

Hope this info helps.

Free Windows Admin Tool Kit Click here and download it now
November 12th, 2014 1:27pm

I run Windows 7 Enterprise (Sp1) 64-bit, Internet explorer 11 and Adobe Reader 11.0.09.

Upgraded today from EMET 4 to EMET 5.1.

Didnt work to well. I cant start Internet Explorer before it crashes, IE without Add-Ons did not work either. This was before installing this months patches. The patches didnt do any difference.

Log Name:      Application
Source:        Application Error
Date:          2014-11-12 20:11:00
Event ID:      1000
Task Category: (100)

Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17420, time stamp: 0x545ad233
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x000006ba
Fault offset: 0x0000c42d
Faulting process id: 0xe84
Faulting application start time: 0x01cffeac57e814b3
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: a2cf6867-6a9f-11e4-ab96-005056c00008

Another program not working is Adobe Reader which also crashes when I try to use it (open a pdf file).

I first used the recommended settings, and then tried to keep the existing settings. This didnt seem to make any difference. Maybe the existing settings disappeard when I first choose Recommended Settings (however I dont think I did any tweaking on EMET 4)?

Any standard solutions for this, other than go back to EMET 4 or 4.1?

Best Regards

November 12th, 2014 10:32pm

I confirm that after the latest updates released Tuesday, IE11 on Windows 7 SP1 x64 crashes due to EMET 5.0.

This, joint with the problem with the Open/Save File dialog in Office 2010, made me to revert all our PCs to EMET 4.1 U1.

What strikes me the most is the incompatibility of EMET not with some obscure third party driver or utility, but with flagship software from the very same Microsoft: Office and Internet Explorer. I really cannot imagine how this could have passed unnoticed in the tests... because I'm sure EMET was thoroughly tested....

I'm not daring to install anymore EMET 5/5.X until they have EMET 6 out!

Free Windows Admin Tool Kit Click here and download it now
November 13th, 2014 12:03pm

I confirm that after the latest updates released Tuesday, IE11 on Windows 7 SP1 x64 crashes due to EMET 5.0.

Yes - that's exactly why Microsoft published EMET 5.1 before the November patch day and instructed people to upgrade to 5.1 because there were known issues between November IE patches and EMET 5.0.

November 13th, 2014 12:17pm

Yes - that's exactly why Microsoft published EMET 5.1 before the November patch day and instructed people to upgrade to 5.1 because there were known issues between November IE patches and EMET 5.0.

Yes, before as in one day before.

Free Windows Admin Tool Kit Click here and download it now
November 13th, 2014 12:33pm

It seems like unselecting/disabling the SEHOP and NullPage protection (in EMET) on Acrobat and Internet Explorer solved the issue for me.
November 13th, 2014 8:52pm

Windows 7 x64 with EMET v5.1

WinZip v16.5 b10096 refuses to open (no visible error) unless I untick EAF.

Thanks.

Free Windows Admin Tool Kit Click here and download it now
November 14th, 2014 9:07pm

Java 8 Update 25 on IE11 64-bit + EMET 5.1 (ASR Mitigation error). Java plugin wouldn't run.
November 23rd, 2014 7:12pm

Not sure if this is the right place as it's not really an application: When running EMET 5.1, default settings on a Server 2012 R2 Remote Desktop Server (Terminal Server), IE11 and Office 2014 are terribly slow. Remove EMET and it's all fast again...

Free Windows Admin Tool Kit Click here and download it now
December 4th, 2014 4:06pm

EMET 4.1 Update 1, Windows 7 SP1 x86. VoipBuster 4.14 build 745 runs with an error if it is enabled for EAF.

December 10th, 2014 12:07am

@PowerToTheUsers: Are you running Remote Desktop Services in virtual machines?

At least the EMET EAF features have compatibility issues Hyper-V:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/d050b3f5-382b-4cdb-8222-0c5604c2d4bd/hyperv-performance-with-microsoft-emet-eaf-feature-in-vdi-and-recobs?forum=winserverhyperv

https://social.technet.microsoft.com/Forums/security/en-US/e95141f6-b1d8-4869-9a29-cc8dd321d804/emet-in-a-virtual-environment?forum=emet

Free Windows Admin Tool Kit Click here and download it now
December 10th, 2014 11:17am

@PowerToTheUsers: Are you running Remote Desktop Services in virtual machines?

At least the EMET EAF features have compatibility issues Hyper-V:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/d050b3f5-382b-4cdb-8222-0c5604c2d4bd/hyperv-performance-with-microsoft-emet-eaf-feature-in-vdi-and-recobs?forum=winserverhyperv

https://social.technet.microsoft.com/Forums/security/en-US/e95141f6-b1d8-4869-9a29-cc8dd321d804/emet-in-a-virtual-environment?forum=emet


Yes, it's running in a Hyper-V VM. Those threads refer to EMET 3.*, we are running 5.1 and it's still a problem? Is this something that will be solved in a next version, or is it by design because of the debug-registers and is EMET thereby incompatible with Hyper-V VMs?
December 10th, 2014 12:20pm

Debug-registers seem to be necessary for EAF.

In abstract this is also written in the EMET Manual but to my mind Microsoft doesn't communicate this clearly and aggressively enough - especially given the relevant RDS / Hyper-V use case.

Unfortunately this still seems to be true for EMET 5.1 and there is still no "Hyper-V compatibility switch".

You can disable EAF with Hyper-V manually to have better performance, but this would obviously impact security as EAF is an important feature.

Free Windows Admin Tool Kit Click here and download it now
December 10th, 2014 1:15pm

.NFO files are text files which often include ASCII art decorations. DAMN NFO Viewer renders these faithfully (supports UTF-8 encoding), while Notepad's default font (consolas, on my system) makes unhelpful substitutions for these extended ASCII characters. This is a cosmetic issue, an annoyance more than a problem. I set the default program for .NFO files to Notepad++, another program I already use, rather than using DAMN NFO Viewer for this one file type.
December 17th, 2014 5:22pm

Experienced problems with EMET 5.1 (or any other version for that matter) when Malwarebytes Anti-Exploit is installed. I have Windows 7, 64 bit OS. I had to disable several mitigations and deep hooks to get EMET to work. EMET works fine when Malwarebytes Anti-Exploit is uninstalled.

Free Windows Admin Tool Kit Click here and download it now
December 27th, 2014 7:15pm

Experienced problems with EMET 5.1 (or any other version for that matter) when Malwarebytes Anti-Exploit is installed. I have Windows 7, 64 bit OS. I had to disable several mitigations and deep hooks to get EMET to work. EMET works fine when Malwarebytes Anti-Exploit is uninstalled.

It is surprising that you do something that works, because you use in your operating system 2 applications simultaneously perform the same task.
December 27th, 2014 10:31pm

Experiencing problems in IE 11 with VS 2013 breakpoints after upgrading from EMET 4.1u1 to EMET 5.1 on Windows 7 SP1 Pro.  In Visual Studio Premium debugging Silverlight in IE using F5 with breakpoints causes IE to crash with EMET DEP message (even when EAF excluded from IE in EMET).  This worked fine in IE 4.1u1 (after excluding EAF from IE in EMET).  The system is fully patched using Microsoft Update which checks for updates directly from Microsoft.

Here are the potentially relevant versions of installed software:
Microsoft Visual Studio Premium 2013 12.0.21005.13
Microsoft Silverlight 5.1.31211.0
Microsoft Silverlight 5 SDK 5.0.61118.0
Microsoft Silverlight 5 Toolkit December 2011 5.0.51209.1124
Windows Internet Explorer 11 11.0.9600.17501

Free Windows Admin Tool Kit Click here and download it now
January 2nd, 2015 5:26pm

Experiencing problems in IE 11 with VS 2013 breakpoints after upgrading from EMET 4.1u1 to EMET 5.1 on Windows 7 SP1 Pro.  In Visual Studio Premium debugging Silverlight in IE using F5 with breakpoints causes IE to crash with EMET DEP message (even when EAF excluded from IE in EMET).  This worked fine in IE 4.1u1 (after excluding EAF from IE in EMET).  The system is fully patched using Microsoft Update which checks for updates directly from Microsoft.

Here are the potentially relevant versions of installed software:
Microsoft Visual Studio Premium 2013 12.0.21005.13
Microsoft Silverlight 5.1.31211.0
Microsoft Silverlight 5 SDK 5.0.61118.0
Microsoft Silverlight 5 Toolkit December 2011 5.0.51209.1124
Windows Internet Explorer 11 11.0.9600.17501

January 2nd, 2015 5:26pm

Experiencing problems in IE 11 with VS 2013 breakpoints after upgrading from EMET 4.1u1 to EMET 5.1 on Windows 7 SP1 Pro.  In Visual Studio Premium debugging Silverlight in IE using F5 with breakpoints causes IE to crash with EMET DEP message (even when EAF excluded from IE in EMET).  This worked fine in IE 4.1u1 (after excluding EAF from IE in EMET).  The system is fully patched using Microsoft Update which checks for updates directly from Microsoft.

Here are the potentially relevant versions of installed software:
Microsoft Visual Studio Premium 2013 12.0.21005.13
Microsoft Silverlight 5.1.31211.0
Microsoft Silverlight 5 SDK 5.0.61118.0
Microsoft Silverlight 5 Toolkit December 2011 5.0.51209.1124
Windows Internet Explorer 11 11.0.9600.17501


[Update: The software appears to be working fine as of a few weeks ago with EMET 5.1 and EAF enabled, and are no longer able to reproduce the issue as we previously were.  We are not aware of any changes other than the normal monthly OS / application updates.]
Free Windows Admin Tool Kit Click here and download it now
January 2nd, 2015 5:26pm

Experiencing problems in IE 11 with VS 2013 breakpoints after upgrading from EMET 4.1u1 to EMET 5.1 on Windows 7 SP1 Pro.  In Visual Studio Premium debugging Silverlight in IE using F5 with breakpoints causes IE to crash with EMET DEP message (even when EAF excluded from IE in EMET).  This worked fine in IE 4.1u1 (after excluding EAF from IE in EMET).  The system is fully patched using Microsoft Update which checks for updates directly from Microsoft.

Here are the potentially relevant versions of installed software:
Microsoft Visual Studio Premium 2013 12.0.21005.13
Microsoft Silverlight 5.1.31211.0
Microsoft Silverlight 5 SDK 5.0.61118.0
Microsoft Silverlight 5 Toolkit December 2011 5.0.51209.1124
Windows Internet Explorer 11 11.0.9600.17501


[Update: The software appears to be working fine as of a few weeks ago with EMET 5.1 and EAF enabled, and are no longer able to reproduce the issue as we previously were.  We are not aware of any changes other than the normal monthly OS / application updates.]
January 2nd, 2015 5:26pm

Experiencing problems in IE 11 with VS 2013 breakpoints after upgrading from EMET 4.1u1 to EMET 5.1 on Windows 7 SP1 Pro.  In Visual Studio Premium debugging Silverlight in IE using F5 with breakpoints causes IE to crash with EMET DEP message (even when EAF excluded from IE in EMET).  This worked fine in IE 4.1u1 (after excluding EAF from IE in EMET).  The system is fully patched using Microsoft Update which checks for updates directly from Microsoft.

Here are the potentially relevant versions of installed software:
Microsoft Visual Studio Premium 2013 12.0.21005.13
Microsoft Silverlight 5.1.31211.0
Microsoft Silverlight 5 SDK 5.0.61118.0
Microsoft Silverlight 5 Toolkit December 2011 5.0.51209.1124
Windows Internet Explorer 11 11.0.9600.17501


[Update: The software appears to be working fine as of a few weeks ago with EMET 5.1 and EAF enabled, and are no longer able to reproduce the issue as we previously were.  We are not aware of any changes other than the normal monthly OS / application updates.]
Free Windows Admin Tool Kit Click here and download it now
January 2nd, 2015 5:26pm

Experiencing problems in IE 11 with VS 2013 breakpoints after upgrading from EMET 4.1u1 to EMET 5.1 on Windows 7 SP1 Pro.  In Visual Studio Premium debugging Silverlight in IE using F5 with breakpoints causes IE to crash with EMET DEP message (even when EAF excluded from IE in EMET).  This worked fine in IE 4.1u1 (after excluding EAF from IE in EMET).  The system is fully patched using Microsoft Update which checks for updates directly from Microsoft.

Here are the potentially relevant versions of installed software:
Microsoft Visual Studio Premium 2013 12.0.21005.13
Microsoft Silverlight 5.1.31211.0
Microsoft Silverlight 5 SDK 5.0.61118.0
Microsoft Silverlight 5 Toolkit December 2011 5.0.51209.1124
Windows Internet Explorer 11 11.0.9600.17501


[Update: The software appears to be working fine as of a few weeks ago with EMET 5.1 and EAF enabled, and are no longer able to reproduce the issue as we previously were.  We are not aware of any changes other than the normal monthly OS / application updates.]
January 2nd, 2015 5:26pm

Experiencing problems in IE 11 with VS 2013 breakpoints after upgrading from EMET 4.1u1 to EMET 5.1 on Windows 7 SP1 Pro.  In Visual Studio Premium debugging Silverlight in IE using F5 with breakpoints causes IE to crash with EMET DEP message (even when EAF excluded from IE in EMET).  This worked fine in IE 4.1u1 (after excluding EAF from IE in EMET).  The system is fully patched using Microsoft Update which checks for updates directly from Microsoft.

Here are the potentially relevant versions of installed software:
Microsoft Visual Studio Premium 2013 12.0.21005.13
Microsoft Silverlight 5.1.31211.0
Microsoft Silverlight 5 SDK 5.0.61118.0
Microsoft Silverlight 5 Toolkit December 2011 5.0.51209.1124
Windows Internet Explorer 11 11.0.9600.17501


[Update: The software appears to be working fine as of a few weeks ago with EMET 5.1 and EAF enabled, and are no longer able to reproduce the issue as we previously were.  We are not aware of any changes other than the normal monthly OS / application updates.]
Free Windows Admin Tool Kit Click here and download it now
January 2nd, 2015 5:26pm

Experiencing problems in IE 11 with VS 2013 breakpoints after upgrading from EMET 4.1u1 to EMET 5.1 on Windows 7 SP1 Pro.  In Visual Studio Premium debugging Silverlight in IE using F5 with breakpoints causes IE to crash with EMET DEP message (even when EAF excluded from IE in EMET).  This worked fine in IE 4.1u1 (after excluding EAF from IE in EMET).  The system is fully patched using Microsoft Update which checks for updates directly from Microsoft.

Here are the potentially relevant versions of installed software:
Microsoft Visual Studio Premium 2013 12.0.21005.13
Microsoft Silverlight 5.1.31211.0
Microsoft Silverlight 5 SDK 5.0.61118.0
Microsoft Silverlight 5 Toolkit December 2011 5.0.51209.1124
Windows Internet Explorer 11 11.0.9600.17501

January 2nd, 2015 8:26pm

Experiencing problems in IE 11 with VS 2013 breakpoints after upgrading from EMET 4.1u1 to EMET 5.1 on Windows 7 SP1 Pro.  In Visual Studio Premium debugging Silverlight in IE using F5 with breakpoints causes IE to crash with EMET DEP message (even when EAF excluded from IE in EMET).  This worked fine in IE 4.1u1 (after excluding EAF from IE in EMET).  The system is fully patched using Microsoft Update which checks for updates directly from Microsoft.

Here are the potentially relevant versions of installed software:
Microsoft Visual Studio Premium 2013 12.0.21005.13
Microsoft Silverlight 5.1.31211.0
Microsoft Silverlight 5 SDK 5.0.61118.0
Microsoft Silverlight 5 Toolkit December 2011 5.0.51209.1124
Windows Internet Explorer 11 11.0.9600.17501

Free Windows Admin Tool Kit Click here and download it now
January 2nd, 2015 8:26pm

Experiencing problems in IE 11 with VS 2013 breakpoints after upgrading from EMET 4.1u1 to EMET 5.1 on Windows 7 SP1 Pro.  In Visual Studio Premium debugging Silverlight in IE using F5 with breakpoints causes IE to crash with EMET DEP message (even when EAF excluded from IE in EMET).  This worked fine in IE 4.1u1 (after excluding EAF from IE in EMET).  The system is fully patched using Microsoft Update which checks for updates directly from Microsoft.

Here are the potentially relevant versions of installed software:
Microsoft Visual Studio Premium 2013 12.0.21005.13
Microsoft Silverlight 5.1.31211.0
Microsoft Silverlight 5 SDK 5.0.61118.0
Microsoft Silverlight 5 Toolkit December 2011 5.0.51209.1124
Windows Internet Explorer 11 11.0.9600.17501

January 2nd, 2015 8:26pm

EMET 5.1 DOES NOT work together with Java software!

I had NO PROBLEMS with that using EMET 4.1...

Using latest version of Java (8.25)

Running on Windows 7 Ultima

Free Windows Admin Tool Kit Click here and download it now
January 6th, 2015 1:29pm

I've upgraded two Windows 7 64 bit PCs to EMET 5.1 today, and both have had the same problem with IE11

Following the EMET upgrade, IE is slower than normal to start up. I have the start page set to about:blank. Once IE has opened, visiting any site causes IE to crash and pop up the standard Internet Explorer has stopped working box. It tried to recover but just kept failing. By a process of elimination I found that unticking the SEHOP box for iexplore.exe in EMET fixes the problem. I've seen other people mention this on here with reference to version of Java 7 & 8, and I have 7 on both machines (though as of yesterday they'll want to upgrade to 8 update 31 fairly soon). I should point out that I was not trying to visit a website that uses Java. I first tried Yahoo mail, and then google.co.uk. Neither use Java to my knowledge, though I do have the Java plug in helpers enabled.


Edit: I tried disabling all IE addons (not that I have loads) but it still crashed if SEHOP was ticked.
  • Edited by robincm2 Wednesday, January 21, 2015 6:28 PM extra info
January 21st, 2015 6:23pm

I've upgraded two Windows 7 64 bit PCs to EMET 5.1 today, and both have had the same problem with IE11

Following the EMET upgrade, IE is slower than normal to start up. I have the start page set to about:blank. Once IE has opened, visiting any site causes IE to crash and pop up the standard Internet Explorer has stopped working box. It tried to recover but just kept failing. By a process of elimination I found that unticking the SEHOP box for iexplore.exe in EMET fixes the problem. I've seen other people mention this on here with reference to version of Java 7 & 8, and I have 7 on both machines (though as of yesterday they'll want to upgrade to 8 update 31 fairly soon). I should point out that I was not trying to visit a website that uses Java. I first tried Yahoo mail, and then google.co.uk. Neither use Java to my knowledge, though I do have the Java plug in helpers enabled.


Edit: I tried disabling all IE addons (not that I have loads) but it still crashed if SEHOP was ticked.
  • Edited by robincm2 Wednesday, January 21, 2015 6:28 PM extra info
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2015 6:23pm

I've upgraded two Windows 7 64 bit PCs to EMET 5.1 today, and both have had the same problem with IE11

Following the EMET upgrade, IE is slower than normal to start up. I have the start page set to about:blank. Once IE has opened, visiting any site causes IE to crash and pop up the standard Internet Explorer has stopped working box. It tried to recover but just kept failing. By a process of elimination I found that unticking the SEHOP box for iexplore.exe in EMET fixes the problem. I've seen other people mention this on here with reference to version of Java 7 & 8, and I have 7 on both machines (though as of yesterday they'll want to upgrade to 8 update 31 fairly soon). I should point out that I was not trying to visit a website that uses Java. I first tried Yahoo mail, and then google.co.uk. Neither use Java to my knowledge, though I do have the Java plug in helpers enabled.


Edit: I tried disabling all IE addons (not that I have loads) but it still crashed if SEHOP was ticked.
  • Edited by robincm2 Wednesday, January 21, 2015 6:28 PM extra info
January 21st, 2015 6:23pm

I've upgraded two Windows 7 64 bit PCs to EMET 5.1 today, and both have had the same problem with IE11

Following the EMET upgrade, IE is slower than normal to start up. I have the start page set to about:blank. Once IE has opened, visiting any site causes IE to crash and pop up the standard Internet Explorer has stopped working box. It tried to recover but just kept failing. By a process of elimination I found that unticking the SEHOP box for iexplore.exe in EMET fixes the problem. I've seen other people mention this on here with reference to version of Java 7 & 8, and I have 7 on both machines (though as of yesterday they'll want to upgrade to 8 update 31 fairly soon). I should point out that I was not trying to visit a website that uses Java. I first tried Yahoo mail, and then google.co.uk. Neither use Java to my knowledge, though I do have the Java plug in helpers enabled.


Edit: I tried disabling all IE addons (not that I have loads) but it still crashed if SEHOP was ticked.
  • Edited by robincm2 Wednesday, January 21, 2015 6:28 PM extra info
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2015 9:23pm

I've upgraded two Windows 7 64 bit PCs to EMET 5.1 today, and both have had the same problem with IE11

Following the EMET upgrade, IE is slower than normal to start up. I have the start page set to about:blank. Once IE has opened, visiting any site causes IE to crash and pop up the standard Internet Explorer has stopped working box. It tried to recover but just kept failing. By a process of elimination I found that unticking the SEHOP box for iexplore.exe in EMET fixes the problem. I've seen other people mention this on here with reference to version of Java 7 & 8, and I have 7 on both machines (though as of yesterday they'll want to upgrade to 8 update 31 fairly soon). I should point out that I was not trying to visit a website that uses Java. I first tried Yahoo mail, and then google.co.uk. Neither use Java to my knowledge, though I do have the Java plug in helpers enabled.


Edit: I tried disabling all IE addons (not that I have loads) but it still crashed if SEHOP was ticked.
  • Edited by robincm2 Wednesday, January 21, 2015 6:28 PM extra info
January 21st, 2015 9:23pm

I've upgraded two Windows 7 64 bit PCs to EMET 5.1 today, and both have had the same problem with IE11

Following the EMET upgrade, IE is slower than normal to start up. I have the start page set to about:blank. Once IE has opened, visiting any site causes IE to crash and pop up the standard Internet Explorer has stopped working box. It tried to recover but just kept failing. By a process of elimination I found that unticking the SEHOP box for iexplore.exe in EMET fixes the problem. I've seen other people mention this on here with reference to version of Java 7 & 8, and I have 7 on both machines (though as of yesterday they'll want to upgrade to 8 update 31 fairly soon). I should point out that I was not trying to visit a website that uses Java. I first tried Yahoo mail, and then google.co.uk. Neither use Java to my knowledge, though I do have the Java plug in helpers enabled.


Edit: I tried disabling all IE addons (not that I have loads) but it still crashed if SEHOP was ticked.
  • Edited by robincm2 Wednesday, January 21, 2015 6:28 PM extra info
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2015 9:23pm

PowerPivot add-in (Excel2013) kills Excel when "EAF" is checked in EMET, (win 8.1).
January 28th, 2015 7:12am

Java 8 Update 25 on IE11 64-bit + EMET 5.1 (ASR Mitigation error). Java plugin wouldn't run.
Same problem for me on Win7 and Win8 x64. Disabling ASR on iexplore.exe fixes the problem. It started happening with the latest Java update. Slight possibility it was also present in the prior version. Don't recall exactly.
Free Windows Admin Tool Kit Click here and download it now
February 3rd, 2015 11:40am

Update: I have also noticed that new IE tabs are slow to be functional once opened. The tab opens, but the address bar does not show typing, and the main page does not show any content for a good few seconds.

This is on a PC with an 8-core AMD FX 8350 CPU, SSD, and plenty of RAM.

The EMET setting that seems to be behind this is EAF+. Turn this off and tabs open and become functional at a sensible speed (i.e. instant).I should mention that all the PCs where EMET 5.1 has been giving me problems were running older version of EMET (a mix of 3.5 and 4) with zero issues for quite some time (from shortly after whenever those versions were released).

February 5th, 2015 11:27am

Have just loaded EMET 5.1 and found that IE11, Chrome and Firefox need EAF disabled as does Java, JavaAW and JavaAWS. IE11, Chrome and Firefox also seem to need SimExeFlow disabled. On Office 2010 programmes, all seem to need EAF disabling.

Running Win 8.1 Pro x64 on Dell Studio XPS 1640, 8Gb RAM.

Free Windows Admin Tool Kit Click here and download it now
February 12th, 2015 9:13am

Dell Latitude E7440

Internet Explorer 11.

Recommended software XML loaded.

DEP - Application opt in, SEHOP - Application opt in.

Whenever I browse www.bing.com images section or videos section and close the browser IE crashes. I get the EMET DEP mitigation detected message in the task bar, and Event 1000 in event viewer. Screenshot will be attached once my account is verified.

Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x545ffd74
Exception code: 0xc0000005
Fault offset: 0x00064f77
Faulting process id: 0x1f80
Faulting application start time: 0x01d044c9fb8e7818
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\AppPatch\EMET.DLL
Report Id: 41b7a16f-b0bd-11e4-b8bf-8086f2119143


February 20th, 2015 7:41pm

Dell Latitude E7440

Internet Explorer 11.

Recommended software XML loaded.

DEP - Application opt in, SEHOP - Application opt in.

Whenever I browse www.bing.com images section or videos section and close the browser IE crashes. I get the EMET DEP mitigation detected message in the task bar, and Event 1000 in event viewer. Screenshot will be attached once my account is verified.

Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x545ffd74
Exception code: 0xc0000005
Fault offset: 0x00064f77
Faulting process id: 0x1f80
Faulting application start time: 0x01d044c9fb8e7818
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\AppPatch\EMET.DLL
Report Id: 41b7a16f-b0bd-11e4-b8bf-8086f2119143


Free Windows Admin Tool Kit Click here and download it now
February 21st, 2015 12:38am

Dell Latitude E7440

Internet Explorer 11.

Recommended software XML loaded.

DEP - Application opt in, SEHOP - Application opt in.

Whenever I browse www.bing.com images section or videos section and close the browser IE crashes. I get the EMET DEP mitigation detected message in the task bar, and Event 1000 in event viewer. Screenshot will be attached once my account is verified.

Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x545ffd74
Exception code: 0xc0000005
Fault offset: 0x00064f77
Faulting process id: 0x1f80
Faulting application start time: 0x01d044c9fb8e7818
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\AppPatch\EMET.DLL
Report Id: 41b7a16f-b0bd-11e4-b8bf-8086f2119143


February 21st, 2015 12:38am

Dell Latitude E7440

Internet Explorer 11.

Recommended software XML loaded.

DEP - Application opt in, SEHOP - Application opt in.

Whenever I browse www.bing.com images section or videos section and close the browser IE crashes. I get the EMET DEP mitigation detected message in the task bar, and Event 1000 in event viewer. Screenshot will be attached once my account is verified.

Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x545ffd74
Exception code: 0xc0000005
Fault offset: 0x00064f77
Faulting process id: 0x1f80
Faulting application start time: 0x01d044c9fb8e7818
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\AppPatch\EMET.DLL
Report Id: 41b7a16f-b0bd-11e4-b8bf-8086f2119143


Free Windows Admin Tool Kit Click here and download it now
February 21st, 2015 12:38am

Dell Latitude E7440

Internet Explorer 11.

Recommended software XML loaded.

DEP - Application opt in, SEHOP - Application opt in.

Whenever I browse www.bing.com images section or videos section and close the browser IE crashes. I get the EMET DEP mitigation detected message in the task bar, and Event 1000 in event viewer. Screenshot will be attached once my account is verified.

Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x545ffd74
Exception code: 0xc0000005
Fault offset: 0x00064f77
Faulting process id: 0x1f80
Faulting application start time: 0x01d044c9fb8e7818
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\AppPatch\EMET.DLL
Report Id: 41b7a16f-b0bd-11e4-b8bf-8086f2119143


February 21st, 2015 12:38am

Dell Latitude E7440

Internet Explorer 11.

Recommended software XML loaded.

DEP - Application opt in, SEHOP - Application opt in.

Whenever I browse www.bing.com images section or videos section and close the browser IE crashes. I get the EMET DEP mitigation detected message in the task bar, and Event 1000 in event viewer. Screenshot will be attached once my account is verified.

Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x545ffd74
Exception code: 0xc0000005
Fault offset: 0x00064f77
Faulting process id: 0x1f80
Faulting application start time: 0x01d044c9fb8e7818
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\AppPatch\EMET.DLL
Report Id: 41b7a16f-b0bd-11e4-b8bf-8086f2119143


Free Windows Admin Tool Kit Click here and download it now
February 21st, 2015 3:38am

Dell Latitude E7440

Internet Explorer 11.

Recommended software XML loaded.

DEP - Application opt in, SEHOP - Application opt in.

Whenever I browse www.bing.com images section or videos section and close the browser IE crashes. I get the EMET DEP mitigation detected message in the task bar, and Event 1000 in event viewer. Screenshot will be attached once my account is verified.

Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x545ffd74
Exception code: 0xc0000005
Fault offset: 0x00064f77
Faulting process id: 0x1f80
Faulting application start time: 0x01d044c9fb8e7818
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\AppPatch\EMET.DLL
Report Id: 41b7a16f-b0bd-11e4-b8bf-8086f2119143


February 21st, 2015 3:38am

EMET 5.1 and MS Word 2013.  For one user, Word was crashing on exit, pretty consistently.

Faulting application name: WINWORD.EXE, version: 15.0.4691.1000, time stamp: 0x54ab9a21
Faulting module name: EMET64.dll, version: 5.0.0.0, time stamp: 0x545ffdbb
Exception code: 0xc0000005

Unchecking Stack Pivot for WINWORD.EXE seems to have solved the pr

Free Windows Admin Tool Kit Click here and download it now
February 25th, 2015 5:42pm

foobar2000 1.3.7, EMET 5.1.5426.28434, Windows 8.1 x64

Conflict with Caller check at start of pr

February 25th, 2015 6:33pm

EMET 5.1 and MS Word 2013.  For one user, Word was crashing on exit, pretty consistently.

Faulting application name: WINWORD.EXE, version: 15.0.4691.1000, time stamp: 0x54ab9a21
Faulting module name: EMET64.dll, version: 5.0.0.0, time stamp: 0x545ffdbb
Exception code: 0xc0000005

Unchecking Stack Pivot for WINWORD.EXE seems to have solved the problem.

EDIT: Further testing found the same problem with Powerpoint and Excel on that workstation.  Again, unchecking Stack Pivot for EXCEL.EXE and POWERPNT.EXE solved the issue.  Only 1 of 5 workstations with Office 2013 installed shows this issue.

Free Windows Admin Tool Kit Click here and download it now
February 26th, 2015 1:42am

Hello-

On a Windows 7 SP1 machine I can consistently duplicate an issue with Adobe Photoshop CS6 and EMET 5.1.

There is a GPO in effect which has the "Default Protections for Popular Software" setting enabled, and therefore any version of Photoshop is covered given the "*\Adobe\Adobe Photoshop CS*\Photoshop.exe" entry in the Registry.

Each time I launch Photoshop CS6 it opens, but then the following message appears:

Adobe Photoshop CS6 has stopped working

The following is logged in the event viewer:

Faulting application name: Photoshop.exe, version 13.0.0.0
(lots of text removed)
Faulting module path: C:\Windows\AppPatch\EMET.DLL

If I edit the Registry entry for Photoshop to be:

"*\Adobe\Adobe Photoshop CS1\Photoshop.exe"

It successfully launches. 

To further support this being an EMET 5.1 and Photoshop CS6 issue, I uninstalled 5.1, installed 3.0, and left the GPO in effect.  Photoshop launches without issue and I confirmed the EMET 3.0 GUI has the green checkmark next to Photoshop.

I know the EMET team does extensive testing of popular software before releasing new versions of EMET, so it seems like it's something on my end, but I am not doing anything out of the norm, so that's why I'm posting to this forum for any potential help.

Thanks in Advance,

Steve

March 6th, 2015 11:53am

I realise this thread is probably not monitored by EMET Support any longer, but in the hopes that it will help raise awareness with the tiny amount of end-users of this particular application:

Preton PretonSaver is incompatible with EMET.  It attaches itself to any newly launched processes in a way that causes EMET to terminate those processes.  I've found it affects just about anything, including Internet Explorer, Office, Adobe Reader and more.

The workaround is to uninstall PretonSaver, or to set the PretonSaver service to disabled.

No events are logged that indicates the failure is related to EMET or PretonSaver.  It can be confirmed by disabling either EMET or PretonSaver, or by reviewing a Process Monitor trace.

Free Windows Admin Tool Kit Click here and download it now
March 23rd, 2015 10:59pm

EMET 5.1 and MS Word 2013.  For one user, Word was crashing on exit, pretty consistently.

Faulting application name: WINWORD.EXE, version: 15.0.4691.1000, time stamp: 0x54ab9a21
Faulting module name: EMET64.dll, version: 5.0.0.0, time stamp: 0x545ffdbb
Exception code: 0xc0000005

Unchecking Stack Pivot for WINWORD.EXE seems to have solved the problem.

EDIT: Further testing found the same problem with Powerpoint and Excel on that workstation.  Again, unchecking Stack Pivot for EXCEL.EXE and POWERPNT.EXE solved the issue.  Only 1 of 5 workstations with Office 2013 installed shows this issue.

April 27th, 2015 10:59am

How do you uncheck the "stack pivot" option for Power Point? 

Open EMET and click the Apps (Configure Applications) button.  A list of all the settings for all currently monitored applications will appear.  Find the checkbox where the column for Stack Pivot (second from right in EMET 5.1) and the line for POWERPNT.EXE meet, and uncheck that box.  (If you don't have a line that says POWERPNT.EXE, then Powerpoint isn't being monitored.)
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2015 3:09pm

I am a 4.1 user, with a Win 7SP1 platform, and no problems. I am real comfortable with EMET's GUI functions, so I guess I should ask if I should install 5.1 in advance of my Win 10 upgrade?
June 8th, 2015 11:26am

Don't install EMET on Windows 10 until Microsoft states it is supported on Windows 10.  They have not said anything about that, and the current version of EMET, 5.2, has been observed to be incompatible with Internet Explorer 11 on the latest released builds of Windows 10. 
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2015 8:05pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics