I have Win7, 64 bit and have installed EMET 4.1 update 1.  I keep getting different errors with the following applications:

IE11 - SimExecFlow error.  Had to disable the SimExecFlow mitigation to get it to work.

Adobe Reader - SimExecFlow error.  Had to disable the SimExecFlow mitigation to get it to work.

MS Word and other MS Office applications - SimExecFlow error.  Had to disable the SimExecFlow mitigation to get it to work.

Firefox - DEP Execution Flow error.  Had to disable the last 5 mitigations to get it to work.

Thunderbird - Very slow operation.  Had to disable SimExecFlow mitigation to get it to work.

To be safe, I disabled the SimExecFlow mitigation on all other applications since I was getting some strange runtime errors. 

Will this be fixed?

We're on Win7 Pro, 32 bit.  EMET 4.1 worked fine.  Upgraded to 4.1U1 and now users are getting Caller mitigation in IE when it launches.  Also getting SimExecFlow mitigation in Outlook 2010 when opening a calendar.  We've had to revert back to 4.1 release version.

It's because they turned 'Deep Hooks' on by default in EMET 4.1 update 1.  Not sure what they were thinking, as deep hooks causes problems with a lot of programs, as you've found out.

You can turn deep hooks off to return it to the same state as EMET 4.1 to stop the SimExecFlow errors, but I too would be interested in an official response, as having 'Deep Hooks' on is just impractical for the majority of users.

• Marked as answer by gracegracegrace Sunday, May 04, 2014 1:20 AM

It's because they turned 'Deep Hooks' on by default in EMET 4.1 update 1.  Not sure what they were thinking, as deep hooks causes problems with a lot of programs, as you've found out.

You can turn deep hooks off to return it to the same state as EMET 4.1 to stop the SimExecFlow errors, but I too would be interested in an official response, as having 'Deep Hooks' on is just impractical for the majority of users.

• Marked as answer by gracegracegrace Sunday, May 04, 2014 1:20 AM

It's because they turned 'Deep Hooks' on by default in EMET 4.1 update 1.  Not sure what they were thinking, as deep hooks causes problems with a lot of programs, as you've found out.

You can turn deep hooks off to return it to the same state as EMET 4.1 to stop the SimExecFlow errors, but I too would be interested in an official response, as having 'Deep Hooks' on is just impractical for the majority of users.

• Marked as answer by gracegracegrace Sunday, May 04, 2014 1:20 AM

It's because they turned 'Deep Hooks' on by default in EMET 4.1 update 1.  Not sure what they were thinking, as deep hooks causes problems with a lot of programs, as you've found out.

You can turn deep hooks off to return it to the same state as EMET 4.1 to stop the SimExecFlow errors, but I too would be interested in an official response, as having 'Deep Hooks' on is just impractical for the majority of users.

• Marked as answer by gracegracegrace Sunday, May 04, 2014 1:20 AM

It's because they turned 'Deep Hooks' on by default in EMET 4.1 update 1.  Not sure what they were thinking, as deep hooks causes problems with a lot of programs, as you've found out.

You can turn deep hooks off to return it to the same state as EMET 4.1 to stop the SimExecFlow errors, but I too would be interested in an official response, as having 'Deep Hooks' on is just impractical for the majority of users.

• Marked as answer by gracegracegrace Sunday, May 04, 2014 1:20 AM

It's because they turned 'Deep Hooks' on by default in EMET 4.1 update 1.  Not sure what they were thinking, as deep hooks causes problems with a lot of programs, as you've found out.

You can turn deep hooks off to return it to the same state as EMET 4.1 to stop the SimExecFlow errors, but I too would be interested in an official response, as having 'Deep Hooks' on is just impractical for the majority of users.

• Marked as answer by gracegracegrace Sunday, May 04, 2014 1:20 AM

It's because they turned 'Deep Hooks' on by default in EMET 4.1 update 1.  Not sure what they were thinking, as deep hooks causes problems with a lot of programs, as you've found out.

You can turn deep hooks off to return it to the same state as EMET 4.1 to stop the SimExecFlow errors, but I too would be interested in an official response, as having 'Deep Hooks' on is just impractical for the majority of users.

• Marked as answer by gracegracegrace Sunday, May 04, 2014 1:20 AM

It's because they turned 'Deep Hooks' on by default in EMET 4.1 update 1.  Not sure what they were thinking, as deep hooks causes problems with a lot of programs, as you've found out.

You can turn deep hooks off to return it to the same state as EMET 4.1 to stop the SimExecFlow errors, but I too would be interested in an official response, as having 'Deep Hooks' on is just impractical for the majority of users.

• Marked as answer by gracegracegrace Sunday, May 04, 2014 1:20 AM

It's because they turned 'Deep Hooks' on by default in EMET 4.1 update 1.  Not sure what they were thinking, as deep hooks causes problems with a lot of programs, as you've found out.

You can turn deep hooks off to return it to the same state as EMET 4.1 to stop the SimExecFlow errors, but I too would be interested in an official response, as having 'Deep Hooks' on is just impractical for the majority of users.

• Marked as answer by gracegracegrace Sunday, May 04, 2014 1:20 AM

Thanks! That was the problem.  I turned 'Deep Hooks' off and everything worked like it did before in EMET 4.1.  Seems like they would warn us about potential issues with having 'Deep Hooks' enabled in EMET.  Their User Manual should include something about it.

Latest Adobe Reader 11.0.06.70 "not responding" if EAF is enabled (by default).

Hi,

I just want to say I am so lucky I found this discussion on the internet!

Is it the tick box in the upper right part of the window you mean?

I presume it should be "unticked"?

Sorry I cannot post a screenshot, or a link to a screenshot. Somehow I'm still not considered as trusted user of the forum, even though I've been active on the Swedish Microsoft forum for more than a year.

I have had particular problems with Thunderbird.

/Lars

• Edited by Lars Abrahamsson Thursday, July 17, 2014 8:52 PM i spelled wrong by mistake

Hi,

I just want to say I am so lucky I found this discussion on the internet!

Is it the tick box in the upper right part of the window you mean?

I presume it should be "unticked"?

Sorry I cannot post a screenshot, or a link to a screenshot. Somehow I'm still not considered as trusted user of the forum, even though I've been active on the Swedish Microsoft forum for more than a year.

I have had particular problems with Thunderbird.

/Lars

• Edited by Lars Abrahamsson Thursday, July 17, 2014 8:52 PM i spelled wrong by mistake

Hi,

I just want to say I am so lucky I found this discussion on the internet!

Is it the tick box in the upper right part of the window you mean?

I presume it should be "unticked"?

Sorry I cannot post a screenshot, or a link to a screenshot. Somehow I'm still not considered as trusted user of the forum, even though I've been active on the Swedish Microsoft forum for more than a year.

I have had particular problems with Thunderbird.

/Lars

• Edited by Lars Abrahamsson Thursday, July 17, 2014 8:52 PM i spelled wrong by mistake

Hi,

I just want to say I am so lucky I found this discussion on the internet!

Is it the tick box in the upper right part of the window you mean?

I presume it should be "unticked"?

Sorry I cannot post a screenshot, or a link to a screenshot. Somehow I'm still not considered as trusted user of the forum, even though I've been active on the Swedish Microsoft forum for more than a year.

I have had particular problems with Thunderbird.

/Lars

• Edited by Lars Abrahamsson Thursday, July 17, 2014 8:52 PM i spelled wrong by mistake

Hi,

I just want to say I am so lucky I found this discussion on the internet!

Is it the tick box in the upper right part of the window you mean?

I presume it should be "unticked"?

Sorry I cannot post a screenshot, or a link to a screenshot. Somehow I'm still not considered as trusted user of the forum, even though I've been active on the Swedish Microsoft forum for more than a year.

I have had particular problems with Thunderbird.

/Lars

• Edited by Lars Abrahamsson Thursday, July 17, 2014 8:52 PM i spelled wrong by mistake

Hi,

I just want to say I am so lucky I found this discussion on the internet!

Is it the tick box in the upper right part of the window you mean?

I presume it should be "unticked"?

Sorry I cannot post a screenshot, or a link to a screenshot. Somehow I'm still not considered as trusted user of the forum, even though I've been active on the Swedish Microsoft forum for more than a year.

I have had particular problems with Thunderbird.

/Lars

• Edited by Lars Abrahamsson Thursday, July 17, 2014 8:52 PM i spelled wrong by mistake

Hi,

I just want to say I am so lucky I found this discussion on the internet!

Is it the tick box in the upper right part of the window you mean?

I presume it should be "unticked"?

Sorry I cannot post a screenshot, or a link to a screenshot. Somehow I'm still not considered as trusted user of the forum, even though I've been active on the Swedish Microsoft forum for more than a year.

I have had particular problems with Thunderbird.

/Lars

• Edited by Lars Abrahamsson Thursday, July 17, 2014 8:52 PM i spelled wrong by mistake

Hi,

I just want to say I am so lucky I found this discussion on the internet!

Is it the tick box in the upper right part of the window you mean?

I presume it should be "unticked"?

Sorry I cannot post a screenshot, or a link to a screenshot. Somehow I'm still not considered as trusted user of the forum, even though I've been active on the Swedish Microsoft forum for more than a year.

I have had particular problems with Thunderbird.

/Lars

• Edited by Lars Abrahamsson Thursday, July 17, 2014 8:52 PM i spelled wrong by mistake

Hi,

I just want to say I am so lucky I found this discussion on the internet!

Is it the tick box in the upper right part of the window you mean?

I presume it should be "unticked"?

Sorry I cannot post a screenshot, or a link to a screenshot. Somehow I'm still not considered as trusted user of the forum, even though I've been active on the Swedish Microsoft forum for more than a year.

I have had particular problems with Thunderbird.

/Lars

• Edited by Lars Abrahamsson Thursday, July 17, 2014 8:52 PM i spelled wrong by mistake

If you open EMET and click on the APPS icon on the upper part of the window, the Application Configuration window opens.  Un-check the Deep Hooks box in the upper part of the Application Configuration window.  See screenshot below. 

Are you using Internet Explorer to post to this thread?  I can post screenshots with IE.  If I use Firefox, I can't post screenshots either.  I haven't tried posting screenshots with another browser besides IE and Firefox.

We've used a GPO to manage EMET for some time now and have had Deep Hooks turned on.  It did not present any issues until we upgraded to Update 1.  Under 4.0 and 4.1 everything ran as expected.  Under 4.1 U1 most machines continued to run with Deep Hooks enabled, including all machines used by our 150+ testers.  Disabling Deep Hooks has corrected the issue for the minority of machines that exhibit this behavior but I believe the true cause is "Deeper" then just Deep Hooks being enabled.

I have done further investigating and have found an application compatibility issue.  I had Malwarebytes Anti-Exploit Free installed which I did not realize applies some of the same system protections as EMET.  I removed Malwarebytes Anti-Exploit Free and EMET works fine now including deep hooks.  I did not have to disable any EMET mitigations to make it work either.  I have EMET 5.1 installed now instead of EMET 4.1.

• Marked as answer by gracegracegrace Thursday, December 25, 2014 4:46 PM

I have done further investigating and have found an application compatibility issue.  I had Malwarebytes Anti-Exploit Free installed which I did not realize applies some of the same system protections as EMET.  I removed Malwarebytes Anti-Exploit Free and EMET works fine now including deep hooks.  I did not have to disable any EMET mitigations to make it work either.  I have EMET 5.1 installed now instead of EMET 4.1.

• Marked as answer by gracegracegrace Thursday, December 25, 2014 4:46 PM

I have done further investigating and have found an application compatibility issue.  I had Malwarebytes Anti-Exploit Free installed which I did not realize applies some of the same system protections as EMET.  I removed Malwarebytes Anti-Exploit Free and EMET works fine now including deep hooks.  I did not have to disable any EMET mitigations to make it work either.  I have EMET 5.1 installed now instead of EMET 4.1.

• Marked as answer by gracegracegrace Thursday, December 25, 2014 4:46 PM

I have done further investigating and have found an application compatibility issue.  I had Malwarebytes Anti-Exploit Free installed which I did not realize applies some of the same system protections as EMET.  I removed Malwarebytes Anti-Exploit Free and EMET works fine now including deep hooks.  I did not have to disable any EMET mitigations to make it work either.  I have EMET 5.1 installed now instead of EMET 4.1.

• Marked as answer by gracegracegrace Thursday, December 25, 2014 4:46 PM

I have done further investigating and have found an application compatibility issue.  I had Malwarebytes Anti-Exploit Free installed which I did not realize applies some of the same system protections as EMET.  I removed Malwarebytes Anti-Exploit Free and EMET works fine now including deep hooks.  I did not have to disable any EMET mitigations to make it work either.  I have EMET 5.1 installed now instead of EMET 4.1.

• Marked as answer by gracegracegrace Thursday, December 25, 2014 4:46 PM

I have done further investigating and have found an application compatibility issue.  I had Malwarebytes Anti-Exploit Free installed which I did not realize applies some of the same system protections as EMET.  I removed Malwarebytes Anti-Exploit Free and EMET works fine now including deep hooks.  I did not have to disable any EMET mitigations to make it work either.  I have EMET 5.1 installed now instead of EMET 4.1.

• Marked as answer by gracegracegrace Thursday, December 25, 2014 4:46 PM

I have done further investigating and have found an application compatibility issue.  I had Malwarebytes Anti-Exploit Free installed which I did not realize applies some of the same system protections as EMET.  I removed Malwarebytes Anti-Exploit Free and EMET works fine now including deep hooks.  I did not have to disable any EMET mitigations to make it work either.  I have EMET 5.1 installed now instead of EMET 4.1.

• Marked as answer by gracegracegrace Thursday, December 25, 2014 4:46 PM

I have done further investigating and have found an application compatibility issue.  I had Malwarebytes Anti-Exploit Free installed which I did not realize applies some of the same system protections as EMET.  I removed Malwarebytes Anti-Exploit Free and EMET works fine now including deep hooks.  I did not have to disable any EMET mitigations to make it work either.  I have EMET 5.1 installed now instead of EMET 4.1.

• Marked as answer by gracegracegrace Thursday, December 25, 2014 4:46 PM

I have done further investigating and have found an application compatibility issue.  I had Malwarebytes Anti-Exploit Free installed which I did not realize applies some of the same system protections as EMET.  I removed Malwarebytes Anti-Exploit Free and EMET works fine now including deep hooks.  I did not have to disable any EMET mitigations to make it work either.  I have EMET 5.1 installed now instead of EMET 4.1.

• Marked as answer by gracegracegrace Thursday, December 25, 2014 4:46 PM

CHECK.... had the same problem and removing Malwarebytes Anti-Exploit Free solved the problem on windows 8.1

What I finally ended up doing was this (and it worked for me):

I deployed Malwarebytes Anti-Exploit Free with the default settings.

I deployed EMET (now at version 5.2) and disabled all the mitigations in EMET that were already being protected by Malwarebytes Anti-Exploit Free.  That solved the problem on Windows 7 that I was experiencing and allowed me to use the anti-malware features of both products.