Default Protections for Recommended Software

Apply recommended EMET protections to WordPad, Microsoft Office, Adobe Acrobat, Adobe Acrobat Reader, and Oracle Java

Supported on: Windows 10
Enable policy:
Registry PathValue NameValue TypeValue
Software\Policies\Microsoft\EMET\Defaults*\Windows NT\Accessories\wordpad.exeREG_SZ
Software\Policies\Microsoft\EMET\Defaults*\OFFICE1*\OUTLOOK.EXEREG_SZ
Software\Policies\Microsoft\EMET\Defaults*\OFFICE1*\WINWORD.EXEREG_SZ+ASR asr_modules:flash*.ocx
Software\Policies\Microsoft\EMET\Defaults*\OFFICE1*\EXCEL.EXEREG_SZ+ASR asr_modules:flash*.ocx
Software\Policies\Microsoft\EMET\Defaults*\OFFICE1*\POWERPNT.EXEREG_SZ+ASR asr_modules:flash*.ocx
Software\Policies\Microsoft\EMET\Defaults*\OFFICE1*\MSACCESS.EXEREG_SZ
Software\Policies\Microsoft\EMET\Defaults*\OFFICE1*\MSPUB.EXEREG_SZ
Software\Policies\Microsoft\EMET\Defaults*\OFFICE1*\INFOPATH.EXEREG_SZ
Software\Policies\Microsoft\EMET\Defaults*\OFFICE1*\VISIO.EXEREG_SZ
Software\Policies\Microsoft\EMET\Defaults*\OFFICE1*\VPREVIEW.EXEREG_SZ
Software\Policies\Microsoft\EMET\Defaults*\OFFICE1*\LYNC.EXEREG_SZ
Software\Policies\Microsoft\EMET\Defaults*\OFFICE1*\PPTVIEW.EXEREG_SZ
Software\Policies\Microsoft\EMET\Defaults*\OFFICE1*\OIS.EXEREG_SZ
Software\Policies\Microsoft\EMET\Defaults*\Adobe\*\Reader\AcroRd32.exeREG_SZ+EAF+ eaf_modules:AcroRd32.dll;Acrofx32.dll;AcroForm.api
Software\Policies\Microsoft\EMET\Defaults*\Adobe\Acrobat*\Acrobat\Acrobat.exeREG_SZ+EAF+ eaf_modules:AcroRd32.dll;Acrofx32.dll;AcroForm.api
Software\Policies\Microsoft\EMET\Defaults*\Java\jre*\bin\java.exeREG_SZ-HeapSpray
Software\Policies\Microsoft\EMET\Defaults*\Java\jre*\bin\javaw.exeREG_SZ-HeapSpray
Software\Policies\Microsoft\EMET\Defaults*\Java\jre*\bin\javaws.exeREG_SZ-HeapSpray
Disable Policy:
Registry HiveRegistry PathValue NameValue TypeValue
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\Windows NT\Accessories\wordpad.exeREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\OFFICE1*\OUTLOOK.EXEREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\OFFICE1*\WINWORD.EXEREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\OFFICE1*\EXCEL.EXEREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\OFFICE1*\POWERPNT.EXEREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\OFFICE1*\MSACCESS.EXEREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\OFFICE1*\MSPUB.EXEREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\OFFICE1*\INFOPATH.EXEREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\OFFICE1*\VISIO.EXEREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\OFFICE1*\VPREVIEW.EXEREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\OFFICE1*\LYNC.EXEREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\OFFICE1*\PPTVIEW.EXEREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\OFFICE1*\OIS.EXEREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\Adobe\*\Reader\AcroRd32.exeREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\Adobe\Acrobat*\Acrobat\Acrobat.exeREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\Java\jre*\bin\java.exeREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\Java\jre*\bin\javaw.exeREG_DWORD
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\EMET\Defaults*\Java\jre*\bin\javaws.exeREG_DWORD

Included products and mitigations:

- WordPad - all default mitigations

- Microsoft Office - all default mitigations, and ASR blocking flash*.ocx in Word, Excel, and PowerPoint

- Adobe Acrobat - all default mitigations, and EAF+

- Adobe Acrobat Reader - all default mitigations, and EAF+

- Oracle Java - all default mitigations except HeapSpray


emet.admx