EMET questions (system32 programs)

[tvfore]

I have added csrss.exe, smss.exe, wininit.exe and winlogon.exe to the configure apps tab, but they don't show up as running EMET. I added several other apps from the system32 folder and they do show as running EMET. Is there a reason why these particular apps won't show as running emet? I'm using EMET 3.0.

Thanks in advance.

 

[mechBgon]

Maybe they start before EMET does, that's my guess. My systems do the same thing.

Tangentially, have you tried the Always On setting for ASLR in the "Configure System" section? If your system doesn't BSOD during startup, you're home free. To get the Always On option, you have to change a Registry setting:

HKEY_LOCAL_MACHINE > Software > Microsoft > EMET

set the EnableUnsafeSettings to 1 and then restart EMET.

Before doing this, get the latest video drivers installed, since they're what'll crash if they're not compatible with enforced ASLR. If your system does BSOD on boot-up, start in Safe Mode and change ASLR back to Opt In.

 

[tvfore]

Thanks for replying, mechBgon. It's good to know that it isn't just my system that's not showing these as running EMET.

I haven't tried setting ASLR as always on yet. Will give that a try.