Sunday, October 30, 2022

Adobe Flash fails when EMET 3.x is configured for Google Chrome [MS]


When using the Enhanced Mitigation Experience Toolkit (EMET) and Google Chrome (chrome.exe) is configured, after the EMET policy is applied Adobe Flash Player does not function properly when viewing flash based sites in Google Chrome.


EMET contains mitigations for DEP, SEHOP, NullPage, HeapSpray, EAF, ASLR, and BottomUpRand. The Structured Exception Handling Overwrite Protection (SEHOP) mitigation feature is preventing the Adobe Flash Player from functioning. The Popular Software policy enables all mitigations (including SEHOP) for applications included in the Popular Software policy of which Google Chrome is one.


To resolve this issue, disable SEHOP for Google Chrome.

If you are using the Popular Software policy or a custom XML file, you can disable SEHOP for Google Chrome by modifying the file in a manner similar to the following:

  <Vendor Name="Google">
    <Product Name="Chrome">
      <Version Arch="x86" Path="*\Google\Chrome\Application\chrome.exe">
      <Mitigation Name="SEHOP" Enabled="false" />

If you are using the group policy template, you can disable SEHOP for Google Chrome by modifying EMET.admx:

<item key="Software\Policies\Microsoft\EMET\Defaults" valueName="Chrome">
            <string>*\Google\Chrome\Application\chrome.exe -SEHOP</string>

More Information

The security mitigation technologies that EMET uses carry an application compatibility risk with them. Some applications rely on exactly the behavior that the mitigations block. It is important to thoroughly test EMET on all target computers by using test scenarios before you deploy EMET in a production environment. If you encounter a problem with a specific mitigation, you can individually enable and disable the specific mitigations. For more information, refer to the user's guide that is included with EMET.

No comments:

Post a Comment

Search This Blog

August 2015 Bing News app update for WSUS for Windows 8.1 - Microsoft Support [MS]

August 2015 Bing News app update for WSUS for Windows 8.1 Windows 8.1 Ent...