dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3350
share rss forum feed


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 recommendation

reply to StuartMW

Re: EMET saves the day

Awesome!! Thank you!! Please let us know how it runs when you get around to testing it out. I'll also get around to it shortly.

The new GUI is SEXY!! And you can choose skins!



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

Only had time to install it on Win7 box right now. I wasn't expecting the new GUI. Had to re-import my saved settings because the installer seemed to have ignored my selection to "keep current settings". If I'm lucky I'll get to install v4 on my WinXP box tonight.
--
Don't feed trolls--it only makes them grow!



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to StuartMW

Did you enjoy the webcast
»Re: EMET saves the day



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

Never watched it Maybe I will later.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

said by StuartMW:

Never watched it Maybe I will later.

RU Chillaxing ?


trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2
reply to StuartMW

Is anyone having issues with this new version of EMET? A lot of applications are completely broken with this new version and I'm having memory read error messages with several programs. The only way to fix it is to completely remove the program from EMET protection which is obviously not a good thing.
--
Tom
Tom's Tech Blog



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

Found an older version, version 3.0 and installed it. Works fine. I guess until they fix the bugs, I'll stay with 3.0.

Even the 4.0 Beta didn't have these issues, they definitely broke something with the release of 4.0.
--
Tom
Tom's Tech Blog



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

I'm still using version 3.0 myself.
I'll probably be updating on the weekend.
But I think you're not alone with the troubles you are having.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to trparky

Haven't seen any issues with 4.0 yet. Which apps break?
--
Don't feed trolls--it only makes them grow!



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

Firefox, Internet Explorer, Google Chrome. That's just a few apps that I had major issues with.
--
Tom
Tom's Tech Blog



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

I'm running FF 21.0 under EMET 4.0 and aren't having any issues. I have IE configured to run under EMET but rarely use it.
--
Don't feed trolls--it only makes them grow!



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

What - EMET or IE ? Tabarnaque



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

Geez, you're in league with antdude See Profile

I don't use IE often.
--
Don't feed trolls--it only makes them grow!



Exidor
Premium
join:2001-05-04
Brampton, ON
reply to trparky

EMET 4.0 settings

Firefox 21 and Windows Live Mail will not load on my Win7 system unless I disable SEHOP for each program.
This was not necessary in the previous version of EMET.
Internet Explorer works with all mitigations enabled.
(Recommended security settings were initially enabled in EMET.)

Log Name: Application
Source: Application Error
Date: 6/18/13 12:08:57 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: [N/A]
Description:
Faulting application name: firefox.exe, version: 21.0.0.4879, time stamp: 0x518ec3cc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x40010006
Fault offset: 0x0000c41f
Faulting process id: 0x844
Faulting application start time: 0x01ce6c3e201142c5
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll


Log Name: Application
Source: Application Error
Date: 6/18/13 6:03:10 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: [N/A]
Description:
Faulting application name: wlmail.exe, version: 16.4.3508.205, time stamp: 0x5111f9fe
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x40010006
Fault offset: 0x0000c41f
Faulting process id: 0x15c
Faulting application start time: 0x01ce6c6f9c022366
Faulting application path: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll


It can be noted that C:\Windows\syswow64\KERNELBASE.dll is the faulting module for both programs.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

Just checked my EMET 4.0 settings for Firefox 21.0 and All mitigations are enabled. Perhaps some plug-in or extension is causing the issue.
--
Don't feed trolls--it only makes them grow!



Exidor
Premium
join:2001-05-04
Brampton, ON

To retest, I went back and enabled SEHOP mitigation and, with a restart in between, no longer get the failed program loads.

Carry on, nothing more to see here.



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 edit
reply to StuartMW

Re: EMET saves the day

Click for full size
Working very smoothly now on Windows 7 Ultimate SP1 64-bit.
I just finished tweaking a few MS Office 2010 Applications that don't like heap spray address pre-allocation Export Address Table Access Filtering enabled as it causes them to freeze while launching. It appears to be caused by an Office add-on I use called "Classic Menu". Once heap spray EAF is disabled it loads "Classic Menu" under all Office 2010 apps just fine. Previously, I had to make this change under EMET 3.0 also, so I was expecting this with EMET 4.0.

EDIT: It was never heap spray address pre-allocation... I wasn't looking at right column.
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

I have all my Office 2007/2010 apps running using the EMET 4.0 default configs with no issues
--
Don't feed trolls--it only makes them grow!



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

2 edits

said by StuartMW:

I have all my Office 2007/2010 apps running using the EMET 4.0 default configs with no issues

I'll have to check out if Classic Menu has an update, but that add on is what causes the issue with heap spray. If that add on is removed, I can enable heap spray EAF.
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
reply to StuartMW

No dice! I also revised my last posting (»Re: EMET saves the day) due to wrong mitigation stated. The above picture shows what happens with EAF enabled. Same issue as with EMET 3.0. It freezes at stage 1 of 12. I upgraded to the latest version v5.50 of Classic Menu and there was no change with EAF enabled. It appears to be an issue either with this add on tool, or, with any enabled add ons with Office 2010. I only have one add on with Office 2010 so... I'm only speculating here. Either way, it's only EAF. All other mitigations are fully enabled.
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

Click for full size
As with EMET 3.0, the only other application I need to remove EAF with in EMET 4.0 is WinZip 64-bit. I CAN leave it enabled... however, there is the occasional crash which leads back to EAF each and every time.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by Dustyn:

...the only other application I need to remove EAF with in EMET 4.0 is WinZip 64-bit.

I had the odd WinZip-64 v16.5 crash under v4.0 Beta but I don't think it has under v4.0. Either way it's not a big deal.
--
Don't feed trolls--it only makes them grow!


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

And I thought I was having trouble with a famer in my Dell


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

I have three Dell's and no farmers in any of them The NSA probably is though
--
Don't feed trolls--it only makes them grow!