EMET: Enhanced Mitigation Experience Toolkit

EMET is a product from Microsoft that further restricts access to system-level files, folders, and processes. It is like a step above User Access Control. It can be used to restrict access and keep a computer safe. Users primarily use it to mitigate risks associated with browser plugins that are known vectors for infecting computers. When set up properly, this can add another level of protection to devices. Reference materials and downloads can be found here: https://support.microsoft.com/kb/2458544.


The first thing to understand is that there are risks to using EMET. Theoretically, you can make a computer unusable if you implement a bad rule in EMET. Using EMET might produce application-compatibility risks because they rely on behavior that EMET prohibits.

Fortunately, EMET rules can be created with such granularity that administrators can usually create a rule that still protects a device while still allowing applications to run. The most important thing to remember when deploying EMET is to test your rules in a test environment before deploying them in production.


Installation is pretty straightforward. You can download the installer for the link above. It is a simple MSI, so it can be deployed fairly easy with either a GPO or SCCM. There is an ADMX template that is included with the install. You must install EMET on a machine, then look in Program Files for a “Deployment” folder. The ADMX template will be in there. This can be imported into Group Policy and deployed to all machines. This gives administrators a central way of managing policies.

“Popular Software” Template

The installation of EMET comes with three built-in templates. We will focus on the “popular software” template. This template includes rules for programs such as Internet Explorer, 7zip, Adobe Reader, Firefox, Chrome, and Office. This template is pre-configured with Microsoft-recommended settings. To import it, open the EMET console and click “Import” in the ribbon. It should open to the templates directory. Select “Popular Software.xml” and import it. I also recommend setting “Data Execution Prevention” and “Structured Exception Handles Overwrite Protection” to “Always On”. This provides the maximum amount of protection for your device. One important note: activating DEP changes the boot configuration for your device. If you have BitLocker enabled, you will have to input your BitLocker key.


I also have my “Quick Profile Name” set to “Maximum security settings”. This is optional, and probably not recommended for users who must make a lot of system changes or run software that requires system-level access.

Application Rules

To see the application rules, click the “Apps” button in the ribbon. This will present the list of applications that are being protected. You can add additional applications here by clicking “Add Application” and navigating to the executable. I have personally added all SCCM processes and PowerShell to see what happens. As far as I can tell, these processes run fine when guarded by EMET.

Group Policy Configuration

By using Group Policy, administrators can control the EMET policies centrally and all devices. Options can be set to automatically enable DEP, SEHOP, and ASLR. Application settings can also be specified here. This ensures that all devices are running exactly the same.


EMET is a great tool for adding another level of security to your devices. Like anything though, test it carefully before deploying to all devices.


All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistant.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.