I've just heard about and started playing with EMET and I am curious, do any AV or security suite applications do what EMET does or is EMET something entirely different?
Asked
Active
Viewed 719 times
2
-
2I presume that, by EMET, you mean [Microsoft's Enhanced Mitigation Experience Toolkit](http://support.microsoft.com/kb/2458544) and not the [town in Turkey](https://en.wikipedia.org/wiki/Emet) or the [EMET Prize for Art, Science and Culture](https://en.wikipedia.org/wiki/EMET)? – Iszi Aug 08 '13 at 17:04
-
Yes, that EMET. – Travis Thompson Aug 08 '13 at 18:57
1 Answers
3
Some AntiVirus suites are meant to provide similar features to the ones implemented in EMET as a proactive security feature. These include global API hooking to raise the bar of creating ROP payloads and DLL injection to implement process-level buffer-overflow detection.
However right now I can only refer to two papers describing how these protections of a specific product fail:
https://lock.cmpxchg8b.com/sophail.pdf
https://lock.cmpxchg8b.com/sophailv2.pdf
Generally speaking AVs still mainly focus on reactive protection so i would recommend to use EMET together with the traditional security tools.
buherator
- 1,730
- 1
- 9
- 15