How to Install the Enhanced Mitigation Experience Toolkit (EMET)

A recent zero-day exploit in Internet Explorer affecting IE 6, 7, 8 & 9 (not 10) requires action on your part. You could stop using IE and use an alternate browser. An even better idea, install the free security tool, Enhanced Mitigation Experience Toolkit (EMET). Deploying EMET will help to prevent a malicious website from successfully exploiting issues like in Security Advisory 2757760. EMET in action is unobtrusive and should not affect the Web browsing experience.

1. Download EMET Setup.msi to desktop, download folder or other convenient location.

emet-download

2. Double click EMET Setup.msi to run

emet-setup

3. Read the welcome screen and click Next

emet-setup-1

4. Accept the default installation folder, or specify a new one, and select the Everyone radio button. Click Next.

emet-setup-2

5. Accept the license agreement (I agree) and click Next.

emet-setup-3

6. Confirm the installation by clicking Next.

emet-setup-4

7. Please wait while EMET is installed. Accept any User Account Control prompts.

emet-setup-5

8. Installation complete! Click Close to exit.

emet-setup-6

EMET is now installed, however for complete protection applications must be added. The easiest way is to import one of Microsoft’s preconfigured and tested apps lists which can be found in C:\Program Files (x86)\EMET\Deployment\Protection Profiles:

1. Open the Enhanced Mitigation Experience Toolkit (EMET), and click the Configure Apps button.

EMET-configure

2. From the File menu, select Import…

EMET-configure-2

3. Navigate to the EMET policies folder, usually C:\Program Files (x86)\EMET\Deployment\Protection Profiles.

EMET-configure-3

Three profiles are offered:

  • Internet Explorer.xml: Enables mitigations for supported versions of Microsoft Internet Explorer.
  • Office Software.xml: Enables mitigations for supported versions of Microsoft Internet Explorer, applications that are part of the Microsoft Office suite, Adobe Acrobat 8-10 and Adobe Acrobat Reader 8-10.
  • All.xml: Enables mitigations for common home and enterprise applications, including Microsoft Internet Explorer and Microsoft Office.

4. Select one of the profiles, in this example we selected All.xml. Click OK.

EMET-configure-4

You will have to restart your computer for the changes to take effect.

Should you notice any compatibility issues with applications, you can return to the Configure Apps screen to adjust EMET settings. Congratulations! You are now more secure and better protected against current and future exploits.

Updated to add protection profiles.

  • NeonFx

    From the KB Article: http://support.microsoft.com/kb/2458544

    How do I use EMET to protect my software?After you install EMET, you must configure EMET to provide protection for a piece of software. This requires you to provide the name and location of the executable file that you want to protect. To do this, use one of the following methods:
    Work with the Configure apps feature of the graphical applicationUse the command prompt utilityNote Instructions that describe how to use both methods are in the user's guide that is installed with EMET.

  • Mike

    and this is why i use firefox with ABE and No script