Caller is a per-executable exploit mitigation option. EMET is configurable via GPO, command line, GUI, and importable policy files.
My understanding is that Google expressly does not recommend EMET for use on Chrome because of compatibility concerns and because it’s already doing the stuff EMET does. We’ve followed that advice. echo + Setting general EMET preferences start "" /b /wait "%PROGFILES%\EMET 4.1\EMET_Conf.exe" --reporting +telemetry +eventlog +trayicon >nul reg add "HKLM\SOFTWARE\Microsoft\EMET" /v AntiDetours /t REG_DWORD /d "1" /f >nul 2>&1 reg add "HKLM\SOFTWARE\Microsoft\EMET" /v BannedFunctions /t REG_DWORD /d "1" /f >nul 2>&1 reg add "HKLM\SOFTWARE\Microsoft\EMET" /v DeepHooks /t REG_DWORD /d "1" /f >nul 2>&1 echo + Protecting iTunes start "" /b /wait "%PROGFILES%\EMET 4.1\EMET_Conf.exe" --set --force "*\iTunes\iTunes.exe" -Caller >nul Daniel Wolf From: [email protected] [mailto:[email protected]] On Behalf Of Ed Ziots Sent: Friday, May 23, 2014 11:53 AM To: [email protected] Subject: Re: [NTSysADM] Chrome update and EMET. Quick question on emet is there a central configuration that u can do with the utility to make it easier to deploy across an organization and keep the configuration on browsers in align with all other workstations? Ez On May 23, 2014 12:07 PM, "Jim Majorowicz" <[email protected]<mailto:[email protected]>> wrote: Jim, I'm not sure I've updated my Chrome install yet, but I'm not sure what you mean by opting out of Caller. Is there install notes somewhere that explains this in detail? On Thu, May 22, 2014 at 6:31 AM, Kennedy, Jim <[email protected]<mailto:[email protected]>> wrote: New Chrome update yesterday, it seems to require you opt chrome.exe out of Caller. Don’t forget EMET_Conf –refresh after you make the change.
