IE sudden crash

March 1, 2016


You know the feeling : the sun shines, temperature rises, summer is in the air and life’s good. So you decide to do some work. But hey what’s that : technology is on strike. IE crashes.

To be more accurate : IE does nothing when starting.

In the eventviewer you see the following error :


So you start verifying the latest patches installed and uninstall some


… but unfortunately this changes nothing.

But wait .. We are running the ehanced security EMET solution. Could this have anything to do with the issue ?

Bingo … we need to disable the EAF mitigation for iexplore.exe


And our favorite browser works again.



Gino D


EMET #rdproud

July 31, 2015


Security is gaining importance, allways connected, different devices, different cloud services, security is key in all of these scenarios.

Let’s talk about an older but not well-known security addon from Microsoft : EMET ( Enhanced Mitigation Experience Toolkit )

The toolset is designed to detect and block something from exploiting an existing application vulnerability. The most important part is that it is not depending on updated signature files but focuses on patterns so it can block new exploits before these are commonly known.

The toolset also has a feature that allows you to link one or more specific root CA’s to a ssl website. For more info you can read this blog :

It can be deployed by ESD and configured for the enterprise using standard AD policies. The emet policies are also part of the MS baseline policies. ( ex- EC or SSLF policies : see )

Okay , sound good let’s install the toolset and see what it does.


It’s an easy MSI setup, after setup


Let’s be wild and use the recommended settings.

As stated in the support documentation you can set rules on apps, executables and you can select allwayson, on if app opts in for the possibility or disabled.

The guide contains detailed information about how you could use enterprise tools ( such as system center configuration manager ) for deployment of applications and activation of the default configuration.


Looking at the settings we see that we can activate system wide settings and decide whether or not we allow specific apps to run the protection.


We’ve got a view on the running process and see if they are using EMET or not.


Looking at the apps page you can see that the recommended config enables protection for office apps and IE.


You can add applications by the GUI or you can use the commandline for importing an existing prefdefined list ( or you can create your custom list )

For example you can use emet_conf –import .\deployment\protection profiles\popular software.xml


You can see now that we have activated protection on a larger set of applications


It is considered good practice to run the tool in “audit only” mode before activating it on the environment.


This will not stop the process but will only report it to :

-> Eventviewer

-> Tray icon

-> Early warning ( this will send the info to Microsoft using error reporting )


You can then use scom to consolidate the event logs and verify the informatio. It would be very usefull to have the possbility to add a custom action to detection so we could customise our logging possbility.

So let’s give it a go, it’s a free toolset and adds an additional layer of security on your device.


Gino D