When running Microsoft Enhanced Mitigation Experience Toolkit (EMET) and Symantec Endpoint Protection (SEP) 12.1 together, application rules preventing the launching of processes do not function as expected for applications protected by EMET.
No error messages are displayed.
Symantec development identified that EMET modifies the protected process' memory in a way that was preventing the ADC module from being able to properly detect when certain calls were being made by the application.
This issue is resolved in SEP 14.0 MP2.
If upgrading is not possible, the known workarounds to allow the ADC Rule to function consistently are:
Uninstall EMET from the client.
Remove the application that the ADC rule is to be applied to from EMET.
Subscribing will provide email updates when this Article is updated. Login is required.