The lengthily-named Enhanced Mitigation Experience Toolkit is a simple though powerful tool that provides easy control over a number of Windows security features, including Structured Exception Handler Overwrite Protection (SEHOP), Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP).
These are all useful technologies that help to prevent malware from infecting your PC - in theory, at least. But the problem is that Windows only provides an interface to tweak DEP, and that's hidden away. The rest can only be adjusted with Registry tweaks, if you know exactly where to look.
But that's where the Enhanced Mitigation Experience Toolkit comes in.
Now you'll be able to find out at a glance how your PC is configured. So for instance you'll see whether ASLR is set up as "Application Opt In" (off by default, only enabled if it's turned on for each individual program), or the more secure "Application Opt Out" (ASLR is on for everything, only disabled for particular apps if they don't support it).
You can also configure your system with several "pseudo-mitigations", new techniques that may make it harder for some malware to infect your PC. (These have technical names like "Heapspray allocation" and "Export Address Table Access Filtering", but you don't need to worry about the low-level details - for the most part, they just work.)
And if you don't like the setting for a particular security technology, then there's no more Registry tweaking required - you can for example turn on ASLR for everything in just a few clicks, instantly making your PC more secure.
The toolkit can be a great boost to your PCs security, then, but you must use it with care. Some apps don't take kindly to having DEP or ASLR forced upon them, and may crash - if this happens with a driver, your PC may no longer boot properly unless you use Safe Mode.
And as a result, the Enhanced Mitigation Experience Toolkit really isn't for complete PC novices, and even knowledgeable PC users should be sure to read the full Users Guide before applying any of its tweaks to their system.
Version 5.0 brings these improvements:
- Attack Surface Reduction (ASR), to limit the attack surface of applications and reduce attacks.
- Export Address Table Filtering Plus (EAF+), to improve and extend the current EAF mitigation.
- 64-bit ROP mitigations, to anticipate future exploitation techniques.
- Several security, compatibility and performance improvements.