Comments 5
UFO landed and left these words here
UFO landed and left these words here
UFO landed and left these words here
Предлагаемый по ссылке в статье конфиг EMET
<EMET Version="5.0.5324.31801">
  <Settings />
  <EMET_Apps>
    <AppConfig Path="*" Executable="dllhost.exe">
      <Mitigation Name="DEP" Enabled="false" />
      <Mitigation Name="SEHOP" Enabled="false" />
      <Mitigation Name="NullPage" Enabled="false" />
      <Mitigation Name="HeapSpray" Enabled="false" />
      <Mitigation Name="EAF" Enabled="false" />
      <Mitigation Name="EAF+" Enabled="false" />
      <Mitigation Name="MandatoryASLR" Enabled="false" />
      <Mitigation Name="BottomUpASLR" Enabled="false" />
      <Mitigation Name="LoadLib" Enabled="false" />
      <Mitigation Name="MemProt" Enabled="false" />
      <Mitigation Name="Caller" Enabled="false" />
      <Mitigation Name="SimExecFlow" Enabled="false" />
      <Mitigation Name="StackPivot" Enabled="false" />
      <Mitigation Name="ASR" Enabled="true">
        <asr_modules>packager.dll</asr_modules>
      </Mitigation>
    </AppConfig>
    <AppConfig Path="*\OFFICE1*" Executable="POWERPNT.EXE">
      <Mitigation Name="DEP" Enabled="true" />
      <Mitigation Name="SEHOP" Enabled="true" />
      <Mitigation Name="NullPage" Enabled="true" />
      <Mitigation Name="HeapSpray" Enabled="true" />
      <Mitigation Name="EAF" Enabled="true" />
      <Mitigation Name="EAF+" Enabled="false" />
      <Mitigation Name="MandatoryASLR" Enabled="true" />
      <Mitigation Name="BottomUpASLR" Enabled="true" />
      <Mitigation Name="LoadLib" Enabled="true" />
      <Mitigation Name="MemProt" Enabled="true" />
      <Mitigation Name="Caller" Enabled="true" />
      <Mitigation Name="SimExecFlow" Enabled="true" />
      <Mitigation Name="StackPivot" Enabled="true" />
      <Mitigation Name="ASR" Enabled="true">
        <asr_modules>flash*.ocx;packager.dll</asr_modules>
      </Mitigation>
    </AppConfig>
  </EMET_Apps>
</EMET>


отключает для dllhost.exe ряд настроек, или при импорте true на false не меняется, или эти настройки для dllhost.exe должны быть только такими?
Only those users with full accounts are able to leave comments. Log in, please.