Microsoft EMET prevents Endpoint Protection's Application Control rules from properly functioning


Article ID: 169574


Updated On:


Endpoint Protection


An Application and Device Control rule to block a process from launching another process (i.e. block Excel and Word from launching cmd.exe and powershell.exe) does not work on 32-bit Windows 8 or 10 when Microsoft's Enhanced Mitigation Experience Toolkit (EMET) protects the applications.


When EMET's Deep Hook feature is enabled and configured to monitor cmd.exe and powershell.exe, a conflict occurs with SEP Application Control. 


Updated the method by which certain instructions are dealt, to prevent issues. This issue is fixed in Symantec Endpoint Protection (MP2)  For information on how to obtain the latest build of Symantec Endpoint Protection, see Upgrade or migrate to Endpoint Protection 14