Hi Good afternoon

Since last round of MS Win 8.1 PRO x64 Updates as of 16/11/2014, JAVA version 1.8 build 25 cant start inside Internet Explorer v11.0.14 Update KB: 3003057.

Even After Updating to EMET v5.1.5426

For example Cisco NetAcademy Environment Checker:

EMET detected ASR mitigation in IEXPLORE.EXE

ASR check failed:

  Application : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

  User Name : XXX\abc

  Session ID : 1

  PID : 0xEBC (3772)

  TID : 0x1AB4 (6836)

  Module : jp2iexp.dll

  Web address : http://skills.netacad.net/check/check.html

  Url zone : Internet

If ASR is disabled in Internet Explorer everything runs flawlessly.

Please review EMET policies

• Edited by UltraHKR Sunday, November 16, 2014 8:18 PM

Add the site http://skills.netacad.net to the trusted sites zone! The ASR (Attack Surface Reduction) prevents Java from starting from a url which doesn't belong the trusted or intranet sites

Is this seriously the answer?

Add every site that uses Java to trusted sites?

Way to go...

You can also remove the Java dll('s) from the list of modules or add the internet zone to the list of Internet Zone Exceptions or disable ASR all together. If you don't want to use (Java in combinations with) ASR you can also make a deployment ruleset to specify which sites may use Java. I think uninstalling JRE is the best option but this is not always possible.

I believe Java 7 was working fine. Just updated to Java 8 and ran into the issue.

Uninstalling Java is not an option if you want to use a website that uses Java.

Probably removing the modules 'npjpi*.dll' and 'jp2iexp.dll' from the list should enable Java again and keep the other ASR mitigations for Internet Expl

stefancpt wrote:

I am not able to run Java 1.7u71 in IE 11 on any 32 bit Windows 7 PC. I also have EMET 5.1 installed. I have added the website to the Trusted Sites list but it does not work unless I disable ASR. It only seems to work on 64 bit Windows 7 PCs. Is anyone else experiencing this?

This is what was logged in the event log:

EMET detected ASR mitigation in iexplore.exe

ASR check failed:
  Application     : C:\Program Files\Internet Explorer\iexplore.exe
  User Name     : xxx
  Session ID     : 2
  PID         : 0xFE0 (4064)
  TID         : 0x1014 (4116)
  Module     : jp2iexp.dll

When I browse to http://javatester.org/version.html (a site which uses Java but doesn't belong to my trusted sites) I get this message:

I don't get a EMET mitigation warning from the EMET 5.1 icon in the system tray (anymore) which I used to get with EMET 5.0. I also don't get a event in the application event log! When I add the site to the trusted sites Java starts and asks for permission to start the applet because it isn't signed.

The message that the page requires Java is confusing because a user might think that Java isn't installed and may try to install Java again (and maybe not from the official install page but from a page with malware)....




Can you check some settings? Open the GUI of EMET 5.1, goto Apps, select IExplore.exe and click on 'Show All Setting'. You should see something like the image below.

Is the 'Trusted sites' zone selected?

...continue to the next po

...continue to the next post...

Go to the webpage with the Java applet you are trying to run and select the option 'Properties'.

Check if the Zone states that the page belongs to the Trusted sites.

If the two checks are correct it could be possible that a Java applet is loaded from a other site which is not in your trusted sites. You could enable tracing and logging and show the Java console by selecting the options on the Advanced tab of the Java Control Panel

When Java is started on the page and it loads a Java applet from a site that's not trusted you should see it in the log.

If Java isn't loaded at all because, the site isn't in your trusted sites, you should not see the Java console window but the window that the page requires Java or the EMET notification of a ASR mitigation.

I'm curious if someone else gets a EMET notification of a ASR mitigation on a page with Java which doesn't belong to the trusted sites.

I found out that I was not able to run Java on the previously mentioned website while being logged in as an admin. When I logged in as a normal domain user it suddenly worked. I was able to reproduce this on several 32 bit Windows 7 PCs. I dont have this problem on my 32 bit Windows 7 VM or on my Windows 8.1 VM. Here I am able to open the website, regardless of the logged in user account, as long as the site is added to trusted sites. Java and IE are on the latest version.

Regarding the EMET mitigation warning, here are my experiences.

Windows 8.1 VM:
Normal user: no mitigation warning, nothing in the event logs, no Java popup
Admin: mitigation warning appears, event log including visited URL is logged, no Java popup

Windows 7 VM:
Normal user: no mitigation warning, nothing in the event logs, Java popup appears
Admin: no mitigation warning, nothing in the event logs, Java popup appears

Windows 7 PC:
Normal user: no mitigation warning, nothing in the event logs, no Java popup
Admin: no mitigation warning, event log available but visited URL is not logged, no Java popup

I agree, the Java popup is confusing and all these inconsistencies as well.

@Stefancpt:

Thank you for the update. I started IE with administrator rights on my 32-bit Windows 7 computer and got the window that Java is required for the page AND i got the EMET notification and a event in the application eventlog:

Log Name:       Application
Source:            EMET
Date:               8-12-2014 13:00:00
Event ID:         1
Task Category: None
Level:              Warning
Keywords:       Classic
User:               N/A
Computer:       computer.domain.??
Description:
EMET detected ASR mitigation in iexplore.exe

ASR check failed:
  Application  : C:\Program Files\Internet Explorer\iexplore.exe
  User Name  : domain\user
  Session ID  : 1
  PID   : 0x24C (588)
  TID   : 0x1548 (5448)
  Module  : jp2iexp.dll
  Web address  : http://javatester.org/version.html
  Url zone  : Internet

When I add the web address to the trusted site list Java was started and the Java applet was started but blocked by the security settings.

I would advise you to post your findings a feedback on the EMET Connect Portal or by sending an email to emet_feedback@microsoft.com.