microsoft EMET-增强缓解体验工具包5.5用户指南（英文）.docx

Enhanced Mitigation Experience Toolkit 5.5 User Guide January 2016 /emet Table of Contents TOC \o "1-2" \h \z \u Introduction 1 Capabilities 2 Mitigations 2 Structured Exception Handler Overwrite Protection (SEHOP) 2 Data Execution Prevention (DEP) 4 Heapspray Allocations 5 Null page allocation 7 Mandatory Address Space Layout Randomization (ASLR) 7 Export Address Table Access Filtering (EAF) 8 Export Address Table Access Filtering Plus (EAF+) 9 Bottom-up randomization 9 ROP mitigations 9 Attack Surface Reduction (ASR) 10 Advanced Mitigations for ROP 10 Certificate Trust (configurable certificate pinning) 11 Untrusted font mitigation 11 Reporting 12 Supported Operating Systems and software requirements 13 EMET Configuration 15 EMET Protection Profiles 16 EMET Graphical User Interface 17 EMET Command Line Tool 23 Deploying EMET 26 Microsoft System Center Configuration Manager 26 Group Policy 28 Other Options 30 Advanced Options 30 Enabling Unsafe Configurations 30 Configuring custom message for user reporting 31 Configuring Certificate Trust feature for third party browsers 31 Configuring Local Telemetry 31 Configuring EMET Agent icon visibility 31 Mitigation Caveats 31 System Settings 32 Application Specific Settings 32 Frequently Asked Questions 33 Lifecycle Policy 33 EMET 4 Questions 33 General Mitigation Questions 33 Troubleshooting Problems with Mitigations 34 General Questions 35 Support 35 Appendix A: EMET Compatibility 36 Appendix B: EMET 5.5 Release Notes 36 PAGE PAGE 37 Enhanced Mitigation Experience Toolkit 5.5 User Guide Introduction The Enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent attackers from gaining access to computer systems. EMET anticipates the most common techniques attackers might use to exploit vulnerabilities in computer systems, and helps protect by diverting, terminating, blocking, and invalidating those actions and tech