Protect Your Computer

Using Microsoft's Enhanced Mitigation Experience Toolkit ("EMET")

by eBay Security Team, trademarked images and references with permission from Microsoft

We all know the Internet, so much a part of our everyday lives and livelihoods, can sometimes be a dangerous place. We also know that traditional defenses such as antivirus and firewalls, while still necessary, are no longer enough. Threats such as vulnerabilities in Java and Adobe products being widely exploited routinely make headlines, leaving users wondering what they can do to protect their computers.

The safety of our eBay community is important to us so we would like to introduce you to Microsoft's Enhanced Mitigation Experience Toolkit ("EMET"), and show you how to install and use it.

EMET addresses the types of technical actions that make the most common—and most effective—types of attacks possible by introducing additional obstacles for the bad guys to overcome, dramatically reducing their chances for success. EMET accomplishes this in a manner that you, as the end user, will likely never even notice, and it's easy to use.

Each download of EMET includes a user manual that discusses the attack methodologies and EMET's protections in depth which you can read at your leisure. Our purpose here is to walk you through a typical installation and configuration of EMET.

Installing EMET:

1. EMET should be downloaded from the Microsoft EMET information page to ensure you're getting the legitimate and most up-to-date version. You'll find the download, along with more information about EMET at www.microsoft.com/emet.
2. Copy and paste the download URL into your web browser's address bar.

3. Click the "download" button. This will take you to the installer named EMET Setup.msi.

   Note: You can save the file to your own machine or run it directly from the website. It's up to you and may depend on your bandwidth. For the sake of brevity, we'll provide instructions to run it rather than save it in this article.

4. Once you select "Run," you'll be presented with the installation wizard:

5. Click "Next". You will then be presented with a choice as to where to install EMET and who should have access to it. This would be a good time to note where EMET is being installed because we will refer you to this folder later on in this guide.

   Note: The default is "Just Me". We suggest that everyone who uses the computer should be able to protect their applications, so select "Everyone."

   

6. Click "Next." This will bring up the license agreement. We suggest that you always read license agreements to any application you install on your computers or mobile devices. This one contains pretty standard stuff, with no surprises.

   
7. Click "I Agree", and then click "Next."

8. Next you will see the installation confirmation. No reason to turn back now! Click "Next."

   

   You'll see a status bar marking the installer's progress and a command screen flash by. Both happen quickly, after which you're rewarded with the following:

   
9. Note the reference to keeping the .NET Framework updated. You do have Windows Update enabled, don't you?
• If your answer is, "Yes, of course I believe in protecting my system with as little effort as possible," you'll get .NET updates automatically.
• If your answer is no, please refer to this article to set up your computer to automatically update: http://windows.microsoft.com/en-US/windows/help/windows-update
10. Go ahead and click "Close" to exit the wizard.

Configuring EMET

Now, we need to configure EMET.

1. Open EMET. EMET should have placed an icon in your programs list of the start menu. If not, you can find the EMET folder where the program was installed, as noted above.

   To Manually Locate the EMET folder: If you've followed the defaults as shown above, you'll typically find it in C:\Program Files (x86)\EMET on a 64-bit system or C:\Program Files\EMET on an older computer.

   The contents of the EMET folder include the User's Guide along with a bunch of other files. We will refer to this folder again in the configuration instructions; however the one we're interested in at the moment is EMET_GUI.exe.

2. Double-click on EMET_GUI.exe to open the EMET configuration program. This is where you'll see a list of running processes and the EMET default status.

   Not much protection under that "Running EMET" column, is there? Let's fix that.

3. Skip past the "Configure System" button and go to the bottom of the Configuration window.

4. Click on the "Configure Apps" button at the bottom right.

   

   This is where the magic happens. In this screen you'll add all of the applications that you'd like to protect against the evildoers who would exploit vulnerabilities in order to gain access to your computer.

   

   But which applications should you add? Microsoft has made that part easy! The EMET installation includes a configuration file that adds all of the most-attacked applications. You simply need to import it.

5. Click "File" and then click "Import." This will open the Explorer window.

   

6. Navigate to the EMET directory referred to earlier and double-click on the "Deployment" file folder. Here, you'll see two more files.

   
7. "Protection Profiles" is the one we want. Double-click on the filename to open it.

8. The file "all.xml" is exactly what it sounds like. It contains the settings to protect all of the most-attacked applications in one package. Click on "all.xml" to select it, and then click "Open".

   

   Here's what you should see next:

   

   EMET is now populated with the applications it's assigned to protect. The checkmarks note the different attack types that EMET protects against; most of the defaults set by Microsoft are sufficient and will cause the least amount of inadvertent application issues.

   You can experiment with enabling or disabling by checking and unchecking the boxes, or you can also simply leave it as is.

   Should you experiment and live to regret it, just delete the entries by clicking on the App Name, click "Remove," then re-import the "all.xml" file to get back to these settings.

9. Click "OK" to close the configuration window. You'll be taken back to the EMET home screen.

   

   Note the warning at the bottom of the screen. This is perfectly normal. You'll see the warning reiterated in a popup when you close the GUI by clicking on the red X in the upper right corner. This just means that you need to restart the applications – and better yet, reboot your system - to fully enjoy a protected environment.

10. You can now close EMET by clicking on the red X in the upper right corner.

Even when the EMET interface is closed, your applications are now protected.