Apply recommended EMET protections to WordPad, Microsoft Office, Adobe Acrobat, Adobe Acrobat Reader, and Oracle Java
Registry Path | Value Name | Value Type | Value |
---|---|---|---|
Software\Policies\Microsoft\EMET\Defaults | *\Windows NT\Accessories\wordpad.exe | REG_SZ | |
Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\OUTLOOK.EXE | REG_SZ | |
Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\WINWORD.EXE | REG_SZ | +ASR asr_modules:flash*.ocx |
Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\EXCEL.EXE | REG_SZ | +ASR asr_modules:flash*.ocx |
Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\POWERPNT.EXE | REG_SZ | +ASR asr_modules:flash*.ocx |
Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\MSACCESS.EXE | REG_SZ | |
Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\MSPUB.EXE | REG_SZ | |
Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\INFOPATH.EXE | REG_SZ | |
Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\VISIO.EXE | REG_SZ | |
Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\VPREVIEW.EXE | REG_SZ | |
Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\LYNC.EXE | REG_SZ | |
Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\PPTVIEW.EXE | REG_SZ | |
Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\OIS.EXE | REG_SZ | |
Software\Policies\Microsoft\EMET\Defaults | *\Adobe\*\Reader\AcroRd32.exe | REG_SZ | +EAF+ eaf_modules:AcroRd32.dll;Acrofx32.dll;AcroForm.api |
Software\Policies\Microsoft\EMET\Defaults | *\Adobe\Acrobat*\Acrobat\Acrobat.exe | REG_SZ | +EAF+ eaf_modules:AcroRd32.dll;Acrofx32.dll;AcroForm.api |
Software\Policies\Microsoft\EMET\Defaults | *\Java\jre*\bin\java.exe | REG_SZ | -HeapSpray |
Software\Policies\Microsoft\EMET\Defaults | *\Java\jre*\bin\javaw.exe | REG_SZ | -HeapSpray |
Software\Policies\Microsoft\EMET\Defaults | *\Java\jre*\bin\javaws.exe | REG_SZ | -HeapSpray |
Registry Hive | Registry Path | Value Name | Value Type | Value |
---|---|---|---|---|
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\Windows NT\Accessories\wordpad.exe | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\OUTLOOK.EXE | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\WINWORD.EXE | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\EXCEL.EXE | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\POWERPNT.EXE | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\MSACCESS.EXE | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\MSPUB.EXE | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\INFOPATH.EXE | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\VISIO.EXE | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\VPREVIEW.EXE | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\LYNC.EXE | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\PPTVIEW.EXE | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\OFFICE1*\OIS.EXE | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\Adobe\*\Reader\AcroRd32.exe | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\Adobe\Acrobat*\Acrobat\Acrobat.exe | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\Java\jre*\bin\java.exe | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\Java\jre*\bin\javaw.exe | REG_DWORD | |
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER | Software\Policies\Microsoft\EMET\Defaults | *\Java\jre*\bin\javaws.exe | REG_DWORD |
Included products and mitigations:
- WordPad - all default mitigations
- Microsoft Office - all default mitigations, and ASR blocking flash*.ocx in Word, Excel, and PowerPoint
- Adobe Acrobat - all default mitigations, and EAF+
- Adobe Acrobat Reader - all default mitigations, and EAF+
- Oracle Java - all default mitigations except HeapSpray