Comments 5
UFO just landed and posted this here
Предлагаемый по ссылке в статье конфиг EMET
<EMET Version="5.0.5324.31801">
<Settings />
<EMET_Apps>
<AppConfig Path="*" Executable="dllhost.exe">
<Mitigation Name="DEP" Enabled="false" />
<Mitigation Name="SEHOP" Enabled="false" />
<Mitigation Name="NullPage" Enabled="false" />
<Mitigation Name="HeapSpray" Enabled="false" />
<Mitigation Name="EAF" Enabled="false" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="false" />
<Mitigation Name="BottomUpASLR" Enabled="false" />
<Mitigation Name="LoadLib" Enabled="false" />
<Mitigation Name="MemProt" Enabled="false" />
<Mitigation Name="Caller" Enabled="false" />
<Mitigation Name="SimExecFlow" Enabled="false" />
<Mitigation Name="StackPivot" Enabled="false" />
<Mitigation Name="ASR" Enabled="true">
<asr_modules>packager.dll</asr_modules>
</Mitigation>
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="POWERPNT.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="true">
<asr_modules>flash*.ocx;packager.dll</asr_modules>
</Mitigation>
</AppConfig>
</EMET_Apps>
</EMET>
отключает для dllhost.exe ряд настроек, или при импорте true на false не меняется, или эти настройки для dllhost.exe должны быть только такими?
Sign up to leave a comment.
В обновлении MS14-060 обнаружен 0day