AMP for Endpoints Exploit Prevention Engine Compatibility with EMET

Available Languages

Download Options

  • PDF     (3.6 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (82.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (67.9 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:September 11, 2019
Document ID:213969

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

EMET is included in Windows 10 and higher by default and is available as a downloaded add-on for Windows 7. While Cisco does not recommend running more than one memory-protection solution at the same time, there are workarounds that allow the Exploit Prevention component of Cisco AMP for Endpoints to co-exist with EMET. 

Workarounds

  • For Windows 7 endpoints, disable the EAF (Export Address Table Access Filtering) rule for processes protected by AMP for Endpoints Exploit Prevention engine.
  • For Windows 10 endpoints, disable the EAF (Export Address Table Access Filtering), IAF (Import Address Table Access Filtering), and ACG (Arbitrary Code Guard) rules for processes protected by AMP for Endpoints Exploit Prevention engine.
TAC Authored

Contributed by Cisco Engineers

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products