Specify custom applications to protect with EMET, and any changes from EMET default protections to apply.
In the left column, specify a path specification to the executable to protect. This can include wildcards. For example, if you enter "*\Contoso\MyApp.exe", EMET protection is applied to any executable called "MyApp.exe" in a "Contoso" directory. If you enter only "MyApp.exe", EMET protection is applied to any executable called "MyApp.exe" in any directory.
In the right column, specify any changes you want to make to default EMET configuration for the program. Leave the right column empty to apply all default protections. To disable a mitigation, enter a minus sign followed by its name. To enable a mitigation, enter a plus sign followed by its name.
Default mitigations you can disable are: -SEHOP -DEP -MandatoryASLR -NullPage -BottomUpASLR -HeapSpray -EAF -LoadLib -MemProt -Caller -SimExecFlow -StackPivot
EAF+ and ASR are not enabled by default. Adding +EAF+ and +ASR to the configuration enables them. You can also customize mitigations by adding any of these parameters, followed by a colon, and custom parameters separated with semicolons.
For example, consider this configuration specification:
-SEHOP +EAF+ eaf_modules:AcroRd32.dll;Acrofx32.dll
This applies all default mitigations except SEHOP, enables EAF+, and specifies two DLLs for EAF+ protection. See the documentation for more details.
Click the "Show" button to specify custom applications to protect with EMET, and any changes from EMET default protections to apply.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Microsoft\EMET\AppSettings |
Value Name | {number} |
Value Type | REG_SZ |
Default Value |
Path specification can include wildcards. Examples:
*\Contoso\MyApp.exe --> protection applied to any MyApp.exe in a "Contoso" directory.
*\MyApp.exe, or MyApp.exe --> protection applied to any MyApp.exe in any directory.
Leave the "Value" column empty for default EMET protections. Disable default mitigations with "-" followed by mitigation name. Enable non-default mitigations with a "+". Specify parameters with parameter name followed by colon and semicolon-separated values. This example applies all default mitigations except SEHOP, enables EAF+, and specifies two DLLs for EAF+ protection:
-SEHOP +EAF+ eaf_modules:AcroRd32.dll;Acrofx32.dll