It will help, depending upon how the computer initially became infected with its first malware or malware downloader. Typically, malicious software infection on a clean user's workstation starts using one of two methods.
1. The user is tricked into installing or running the malware application
- for instance the user receives an email attachment with the malware in a .zip file pretending to be from a bank
- for instance a web ad popup falsely tells the user they have a virus and to download/run the malware to fix it
+ EMET doesn't block users from installing software, that is a job for antivirus/antimalware software along with user training, whitelisting, web/email filtering, etc.
2. A good but vulnerable application already installed on the user's workstation reads in bad data that corrupts the application's memory and runs malware
- for instance a user with an older version of Flash goes to a web page that sends the web browser's Flash player bad data, which corrupts the computer's memory and starts an exploit.
+EMET will typically block this. Of course it is still good to do the other protections above, as ways around EMET are occasionally discovered but not typically tried by malware.
-
Edited by
Chris Covington
Tuesday, June 30, 2015 3:04 PM