Moving beyond EMET, Part 2

CorporateEnduserEnhanced Mitigation Experience ToolkitIntercept XMicrosoftWindows 10

microsoftMicrosoft has now mapped out the future for the Enhanced Mitigation Experience Toolkit (EMET) in part one and it looks pretty bleak. The advice given to EMET users was also a little vague: Upgrade to Windows 10. It’s a more secure operating system.

Although that’s true, it doesn’t cover everything that EMET does for you. Over on the CERT/CC blog, Will Dormann provides an excellent post about why Windows 10 can’t protect insecure applications like EMET can. The table seen in Dormann’s post highlights the protection available with and without EMET on Windows 7 and Windows 10. As you’ll see, Windows without EMET looks a little risky.

However, we thought we’d build upon the table in Dormann’s post by adding Sophos Intercept X to the mix.


Intercept X includes many additional exploit technique mitigations that protect your applications. The software radar in Intercept X detects browser, audio, Office and PDF applications, automatically applying protection to those programs without needing any additional configuration.

Learn more about the exploit mitigation techniques in Intercept X.

Try Intercept X


I tested your product with the HitMan Exploit tool. Intercept X caught it every time I used an exploit method against the Hitman exploit tool itself, which is the default setting. However, whenever I told the tool to exploit through a different 32bit program, it didn’t catch the exploit attempt. EMET did (Separate tests). Is there a way to tell Intercept X which applications to protect? Or is there a limitation on what it is able to protect?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.