Endpoint Protection

 View Only

  • 1.  SEP 12.1.4 and Microsoft EMET

    Posted May 12, 2014 12:20 PM

    We're looking for feedback from anyone that has deployed SEP 12.1 and the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to their clients.   We're currently running SEP 12.1.4 on Windown 7 Pro 64-bit clients and are interested in using the EMET to further enhance security.

    So, is anyone running SEP 12.1 and the EMET 4.1?  If so, are there any issues or incompatibilities that you have encountered between SEP and EMET?   Also, we would welcome any feedback about how the EMET was configured to avoid impacting the SEP client.

    Thanks for your comments.

    Wally



  • 2.  RE: SEP 12.1.4 and Microsoft EMET
    Best Answer

    Posted May 12, 2014 12:24 PM

    We've been running it for some time now without any issue. I would start here:

    https://isc.sans.edu/forums/diary/Beefing+up+Windows+End+Station+Security+with+EMET/18107

    EMET and SEP will run in tandem as two great layers of defense. We've used it to protect against vulns to MS office products, outlook, java, adobe, IE...

    SEP was never considered in configuring EMET as they should have no impact with one another. EMET protects against software vulnerabilities.

    Per it's doc:

    Are there restrictions as to the software that EMET can protect?

    EMET can work together with any software, regardless of when it was written or by whom it was written. This includes software that is developed by Microsoft and software that is developed by other vendors. However, you should be aware that some software may not be compatible with EMET. For more information about compatibility, see the "Are there any risks in using EMET?" section.

     



  • 3.  RE: SEP 12.1.4 and Microsoft EMET

    Posted May 12, 2014 12:28 PM

    Brian,

    Thanks - I'll check out the SANS article.

    Wally



  • 4.  RE: SEP 12.1.4 and Microsoft EMET

    Posted May 12, 2014 12:30 PM

    It's a great reference and has a couple helpful links as well. The EMET user guide is also very good.



  • 5.  RE: SEP 12.1.4 and Microsoft EMET

    Posted May 16, 2014 05:58 PM

    Thanks again, Brian.  I agree with your comment that SEP and EMET are a good pair.    I think we're going to test EMET.   The documentation is good and it looks like an easy way to block day 0 common exploits between patch cycles for most common software products as you've mentioned above.  It's not bulletproof, but at least it's another barrier the bad guys will have to get around.

    From what I see MS delivers a couple of standard security templates with EMET - the recommended template protects IE, common software products (Adobe, etc.)  and MS Office.   The other template is protect "everything"  - probably not a good idea out of the gate.

    I'll mark your reply as the solution.