Microsoft EMET prevents Endpoint Protection's Application Control rules from properly functioning
Last Updated July 13, 2017
An Application and Device Control rule to block a process from launching another process (i.e. block Excel and Word from launching cmd.exe and powershell.exe) does not work on 32-bit Windows 8 or 10 when Microsoft's Enhanced Mitigation Experience Toolkit (EMET) protects the applications.
When EMET's Deep Hook feature is enabled and configured to monitor cmd.exe and powershell.exe, a conflict occurs with SEP Application Control.
Updated the method by which certain instructions are dealt, to prevent issues. This issue is fixed in Symantec Endpoint Protection 188.8.131.52 (MP2) For information on how to obtain the latest build of Symantec Endpoint Protection, see Upgrade or migrate to Endpoint Protection 14
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe