[EMET]endpoint protection
Overview
Microsoft Enhanced Mitigation Experience Toolkit (EMET) is a piece of software installed on the operating system. It makes it very difficult to exploit the vulnerability on a design or software. It provides the capability of preventing different exploitation techniques on the operating system or software level when a security patch for the faulty software is not released. The benefits of using EMET are as follows:
- It is straightforward to use and does not include any complicated processes.
- To prevent an operating system or software from exploitation, there is no need for the software’s source code, and all it takes is to install and configure EMET before or after the faulty software is installed.
- EMET can be configured for all the operating system components, processes, drivers, and individual applications and software installed on the operating system.
- It can also work with legacy software and applications in an organization’s infrastructure and cannot be quickly phased out.
Microsoft created the EMET tool to protect from zero-day attacks, which adds obstacles to exploitation by looking for standard attack methods and techniques. There are two types of settings on EMET, which can be configured to provide mitigation. They are as follows:
- System Settings: These settings will apply to the whole operating system and its components and drivers.
- Application Settings: These settings will apply only to specific applications installed on the operating system.
Reference
EC-Council (2018). Certified Application Security Engineer (CASE) .net. International Council of E-Commerce Consultants (EC Council). https://online.vitalsource.com/books/9781635672282Links to an external site.
All of the protections are configured by default within EMET. For instance, the iexplorer.exe application has all 14 exploitation methods being monitored