EMET and Deepguard compatibility?
The latest version of EMET, 5.0, was the most difficult one to configure to get all protected programs from the standard import file to work without crashing. A lot of trial-and-error with configuring the mitigations on every protected program. First I thought EMET didn't work well on all systems but now I've discovered that it's conflicting with Deepguard, and that's probably what's causing most of these crashes. Users that have certain other AV software have no problems.
The only solution is to enable the compatibility mode for Deepguard so it doesn't inject itself into processes. But I don't want to do that. What I would like is to exclude only certain processes, for example trusted ones like browsers, and to only use EMET on those. Without having to disable critical EMET mitigations because of Deepguard.
On all other processes I want Deepguard injections.
- Is this possible to do perhaps with a settings file? Or suitable as a future feature?
- Does F-Secure do tests with EMET, and if so can you share the results?
The mitigations that often are incompatible are EAF and StackPivot. Two of the most important mitigations in EMET as I understand it. I now have these disabled on several programs, but maybe it would be better to disable the Deepguard injection and enable these in EMET?!
A comment from F-Secure please.