Jump to content

NOD32 V10 Conflicting with EMET


nod4ever

Recommended Posts

I posted another tread that died without answers.

Since I didn't find any documentation/Details on ESET's exploit mitigation I'd rather turn it off and rely on EMET 5.52

How do I switch OFF NOD32 Exploit Mitigation features to prevent conflicts with EMET?

The only workaround I found so far is reverting to NOD32 v9.

 

Link to comment
Share on other sites

  • Administrators

Not sure if turning off Exploit blocker would suffice, perhaps @itman would be able to tell. If that doesn't help, I'd suggest not using EMET as disabling HIPS completely would also disable Advanced memory scanner as well as Ransomware protection.

Link to comment
Share on other sites

I already mentioned in the "other" thread that Eset's exploit protection is excellent. In addition to test reports I mentioned previously, NSS Labs did a comparative for consumer based AV products in 2015. Eset ver. 8 scored 100% on that test. The report used to be free of charge but NSS labs now charges $750 for the report; hence, I will not post a link to the report.

As far as EMET goes please read this: https://blog.ropchain.com/2017/04/03/disarming-emet-5-52/ . It highlights the latest EMET bypass as well as a long history of previous bypasses.

As far as disabling Eset's ver. 10 exploit protection, it will not help with your IE11 issue; certain mitigations in EMET have to be disabled in ver. 5.52 for IE11 to work properly. Also as previously stated, EMET's global "deep hooks" option has to be disabled for Eset's Online Payment Protection to function properly. I am sure there additional application software conflicts with EMET 5.52 but the two noted are the ones I personally encountered.

Eset ver. 10 added a number of new protections such as ransomware, use of ELAM driver and AMSI interface in Win 10, etc.. Any or all of these new features could also conflict with EMET.

Edited by itman
Link to comment
Share on other sites

  • Administrators

Allegedly disabling "Advanced scanning of browser scripts" could help as ESET would not inject its dll into browsers for advanced script scanning. Of course, we don't recommend doing so. I'd better drop EMET in favor of ESET's advanced protection.

Link to comment
Share on other sites

Also, IE11 uses SmartScreen. SmartScreen a while back was enhanced to provide exploit protection. So the combination of SmartScreen, Eset, and EMET anti-exploit processing most likely is causing an EAF protection conflict in EMET for IE11.

Link to comment
Share on other sites

A heads up in that with the latest Win 10 Creators Update, EMET is being replace with a PowerShell interface called Process Mitigation Management Tool. There is a thread on it over at wilderssecurity.com where you can get further details: https://www.wilderssecurity.com/threads/process-mitigation-management-tool.393096/

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...