nod4ever 0 Posted April 18, 2017 Posted April 18, 2017 I posted another tread that died without answers. Since I didn't find any documentation/Details on ESET's exploit mitigation I'd rather turn it off and rely on EMET 5.52 How do I switch OFF NOD32 Exploit Mitigation features to prevent conflicts with EMET? The only workaround I found so far is reverting to NOD32 v9.
Administrators Marcos 5,461 Posted April 18, 2017 Administrators Posted April 18, 2017 Not sure if turning off Exploit blocker would suffice, perhaps @itman would be able to tell. If that doesn't help, I'd suggest not using EMET as disabling HIPS completely would also disable Advanced memory scanner as well as Ransomware protection.
itman 1,806 Posted April 18, 2017 Posted April 18, 2017 (edited) I already mentioned in the "other" thread that Eset's exploit protection is excellent. In addition to test reports I mentioned previously, NSS Labs did a comparative for consumer based AV products in 2015. Eset ver. 8 scored 100% on that test. The report used to be free of charge but NSS labs now charges $750 for the report; hence, I will not post a link to the report. As far as EMET goes please read this: https://blog.ropchain.com/2017/04/03/disarming-emet-5-52/ . It highlights the latest EMET bypass as well as a long history of previous bypasses. As far as disabling Eset's ver. 10 exploit protection, it will not help with your IE11 issue; certain mitigations in EMET have to be disabled in ver. 5.52 for IE11 to work properly. Also as previously stated, EMET's global "deep hooks" option has to be disabled for Eset's Online Payment Protection to function properly. I am sure there additional application software conflicts with EMET 5.52 but the two noted are the ones I personally encountered. Eset ver. 10 added a number of new protections such as ransomware, use of ELAM driver and AMSI interface in Win 10, etc.. Any or all of these new features could also conflict with EMET. Edited April 18, 2017 by itman
Administrators Marcos 5,461 Posted April 18, 2017 Administrators Posted April 18, 2017 Allegedly disabling "Advanced scanning of browser scripts" could help as ESET would not inject its dll into browsers for advanced script scanning. Of course, we don't recommend doing so. I'd better drop EMET in favor of ESET's advanced protection.
itman 1,806 Posted April 18, 2017 Posted April 18, 2017 Also, IE11 uses SmartScreen. SmartScreen a while back was enhanced to provide exploit protection. So the combination of SmartScreen, Eset, and EMET anti-exploit processing most likely is causing an EAF protection conflict in EMET for IE11.
itman 1,806 Posted April 18, 2017 Posted April 18, 2017 A heads up in that with the latest Win 10 Creators Update, EMET is being replace with a PowerShell interface called Process Mitigation Management Tool. There is a thread on it over at wilderssecurity.com where you can get further details: https://www.wilderssecurity.com/threads/process-mitigation-management-tool.393096/
Recommended Posts