1

I'm a new user of EMET. I wanted to know if there is anyway to avoid DEP on IE for a specific site.

I want to do this because I use VMware remote server and when I start a remote console, EMET starts blocking iexplore (because of DEP attack) and the console doesn't work well. If I close the IE tab, EMET stops throwing errors, but I wish I didn't have to.

Diego
  • 227
  • 1
  • 5

1 Answers1

2

No. DEP is enforced process-wide, and you can't switch it off for just one site.

There are two ways around this:

  • Turn off DEP enforcement in the EMET policy for iexplore.exe
  • Manually patch the DEP flag into whatever VMware component is being loaded, using a tool such as CFF Explorer (Optional Header -> DllCharacteristics -> Image is NX compatible) so that it is marked as DEP enabled and works alongside EMET.

You should file a bug with VMware about this, as they shouldn't be producing non-NX binaries.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • I'd already turn off DEP for `iexplore.exe`. I will file the bug to VMware and hope the do something about it. Thanks! – Diego Sep 02 '15 at 15:12