- Article on protection against an Adobe 0-day. Note: the problem is in a dll so the steps outlined here need to be applied to any application that loads the vulnerable dll
- Rationally Paranoid write-up on EMET.
- James Mcquaid write-up on EMET.
One annoying thing about the command line configuration tool EMET_conf.exe is that it doesn't support file globs. So I whipped up the following batch file in a couple of minutes to deal with this. Hopefully it will save you a couple of minutes when adding executables to EMET for compatibility testing your applications. It would be nice to be able to toggle EMET options via cli as well.. Perhaps I will work on this next.
@echo off
SETLOCAL EnableDelayedExpansion EnableExtensions
rem - change this to the path of your emet_conf executable.
SET EMETCMD="%PROGRAMFILES%\emet\emet_conf.exe"
if "%1" == "" goto error_missing_action
if %2 == "" goto error_missing_glob
if "%1" == "add" goto emet_add
if "%1" == "delete" goto emet_delete
echo.
rem - add the user_supplied glob to emet
:emet_add
echo going to add files matching glob %2 to emet
@echo on
for /f "tokens=*" %%i in ('dir /s/b/p %2') do %EMETCMD% --add "%%i"
@echo off
goto end
rem - delete the user_supplied glob to emet
:emet_delete
echo going to delete files matching glob %2 to emet
@echo on
for /f "tokens=*" %%i in ('dir /s/b/p %2') do %EMETCMD% --delete "%%i"
@echo off
goto end
rem - user must specify add or delete as action
:error_missing_action
echo missing action argument you must specify add or delete!
echo usage emet_glob.bat adddelete "%PROGRAMFILES%\adobe\*.exe"
goto end
rem - user must specify a second argument of a base path to recursively search for files to add
:error_missing_glob
echo missing action argument you must specify add or delete!
echo "usage emet_glob.bat adddelete "%PROGRAMFILES%\adobe\*.exe"
goto end
:end
echo.
echo Done.
