Page 1 of 1

How to use Microsoft EMET

Posted: Mon Sep 29, 2014 11:18 am
by Eshan
EMET is a dynamic security tool by Microsoft, which is available to be downloaded at tech center site of Microsoft ([url=technet.microsoft.com/en-us/security/jj653751]technet.microsoft.com/en-us/security/jj653751[/url]). For better security of computer you can install it on Windows XP. You can know how EMET is used to secure the computer once it has been installed.

Selected Processes can be secured

Rather than locking the whole system with EMET, it is better to keep only a few programs under it supervision- for instance Skype, browsers, Google Hangouts and certain other programs that are internet programs. You will have less trouble to your device if EMET does not check everything.
In order to secure a particular program, you should turn it on then see its process on EMET interface. When you have found it, you can right click it and select Configure Process. This must open to ‘Application Configuration interface’ window, with the selected program highlighted. You will see that there are many columns where checkboxes are selected by default. A check marked box means that EMET is watching it and there is a restriction on it in certain way. You can attempt to use your programs if you want to see problems turning up. In case of a hitch, you can go back to ‘Application Configuration Interface’ and attempt to remove a few checkmarks.

How will you know that EMET has found something wrong?


When a program which is under the supervision of EMET does something which is risky or breaks certain rules, the default action by EMET is to shut down the program. You receive a notification which asks you whether you would want to pass the information about the whole incident to Microsoft. You will get a chance to change the policy of shutting down though.

Change the policy of EMET

EMET by default is set on Exploit mode- which means that programs are shut whenever there is security issue. The programs that you have under the supervision of EMET, you may not like the idea of shutting them down at a point. This is the type of requirement that EMET has the mode of ’Audit Only’ for. You can turn on the Audit Only mode by selecting the radio button which is on the ribbon interface on top of ‘Application Configuration Interface’ in Default Action- section. If this mode is on EMET will not be able to shut the program which has broken rules but will just inform you about it.
You can save the settings
When the EMET installation is configured with the information that is required, you can click on the Export button which is on the far left of the window and save the settings. You can use the saved setting on other PC’s too.