Introduction
EMET is included in Windows 10 and higher by default and is available as a downloaded add-on for Windows 7. While Cisco does not recommend running more than one memory-protection solution at the same time, there are workarounds that allow the Exploit Prevention component of Cisco AMP for Endpoints to co-exist with EMET.
Workarounds
- For Windows 7 endpoints, disable the EAF (Export Address Table Access Filtering) rule for processes protected by AMP for Endpoints Exploit Prevention engine.
- For Windows 10 endpoints, disable the EAF (Export Address Table Access Filtering), IAF (Import Address Table Access Filtering), and ACG (Arbitrary Code Guard) rules for processes protected by AMP for Endpoints Exploit Prevention engine.