Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is a suite of tools that can help protect your computer from malicious software. EMET helps block known exploits, prevent malware from spreading, and protect your computer against future attacks. EMET is available as a free download from Microsoft’s website. To install EMET, open the Windows Start menu and search for “EMET.” Click the “Download EMET” link to download the installer. After you have downloaded and installed EMET, launch it by clicking the “Start” button and then clicking “EMET.” To use EMET, first select the type of protection you want to use: protection against known exploits or protection against malware. Next, select the exploit or malware that you want to protect your computer against. Finally, click the “Enable” button to activate the protection. If you are using Windows 10 Anniversary Update or later, EMET will automatically detect and block known exploits. If you are using an earlier version of Windows 10, you will need to manually select which exploits to block. You can also manually add new exploits to be blocked by EMET by clicking the “Add New Exploit” button in the Protection tab of EMET’s main window. If you are using a web browser on your computer, be sure to enable Enhanced Security Features in your browser settings. This will help protect your computer against cross-site scripting (XSS) attacks and other forms of malicious web content. ..


Only one cash prize went unclaimed at Pwn2Own 2014. All major browsers were hacked, but hackers were unable to claim the $150,000 grand prize for hacking IE 11 secured with EMET. Secure your own PC with EMET today.

Microsoft is targeting EMET more at system administrators, but any Windows user can use EMET to quickly enable some additional security features without any special knowledge. This tool can even help secure outdated Windows XP systems.

Update: EMET has been discontinued, but Exploit Protection is built into Windows 10.

Download the Enhanced Mitigation Experience Toolkit (EMET) from Microsoft and install it. Select the Use Recommended Settings option to enable recommended settings to protect commonly exploited programs like Internet Explorer, Microsoft Office, Adobe Reader, and the insecure Java plug-in.

Next, launch the EMET GUI application from your Start menu or Start screen. Click the Import button at the top-left corner of the screen.

Select the Popular Software.xml file provided with EMET and import it. This file adds additional rules to help protect popular third-party programs like Firefox, Chrome, Skype, iTunes, Photoshop, Thunderbird, Opera, Google Talk, Pidgin, VLC, WinRAR, and 7-Zip.

You can view the rules installed on your system by clicking the Apps button under Configuration in the ribbon at the top of the window.

Your computer should now be more secure. Read on if you’d like to know what exactly EMET is doing and how to make your own rules.

How Does EMET Work?

RELATED: Why the 64-bit Version of Windows is More Secure

When Microsoft started getting serious about security with Windows XP SP2, they began adding security features applications could take advantage of. For example, Data Execution Prevention (DEP) allows the operating system to mark certain sections of memory as non-executable data. If an attacker takes advantage of a buffer overflow vulnerability in an application and attempts to run code from a sector marked as data, the operating system won’t run it. Address space layout randomization (ASLR) randomizes the locations of applications and system libraries in memory — an attacker can’t create reliable exploits that depend on knowing exactly where certain code is in memory. These are just a few of the features modern versions of Windows allow programs to use. They help protect a system from being exploited, even if attackers find a security hole in an application.

Windows enables these features by default for its own system programs. Third-party application developers can also choose to enable them for their own applications. However, these features aren’t enabled by default for every program — they may cause problems, especially with old and out-of-date programs. For maximum compatibility, Windows runs applications without these security features unless they superficially request them.

EMET provides a way to turn on DEP, ASLR, as well as other security features for applications that don’t specifically request them. It’s not an included Windows feature because it could potentially break some programs and most Windows users wouldn’t know how to fix such problems.

Lock Down Other Applications

EMET allows you to activate more security features on your own. For example, you can click the Quick Profile Name box and select Maximum security settings. This will enable DEP for all applications and enable Structured Exception Handler Overwrite Protection (SEHOP) for applications that don’t specifically opt out of it.

You’re free to tweak the system-wide settings by modifying settings under System Status on your own, too.

To help protect a specific application, right-click it in the list of running processes and select Configure Process. You’ll be able to set various rules to help lock it down. For technical information on exactly what each security feature does, click Help > User Guide in EMET.

These protections aren’t enabled by default because they may cause some applications to not work properly. If an application breaks, go back into EMET, disable certain security features for it, and see if the application works. If you changed a system-wide setting and an application no longer works properly, change the system setting back or add a special exception for that application.

Network administrators could use EMET to test if an application works, export the rule, and then import it on other PCs running EMET to roll out their tested rules. Use the Export or Export Selected options to export rules you’ve created.

If we’re lucky, EMET is the sort of feature we’ll see built into future versions of Windows by default to increase security. Microsoft could provide default rules that work well and update them automatically, just as they provide rules for popular third-party applications along with EMET today.