Windows Defender Exploit Guard sostituirà EMET

Nella KB4034825 Features that are removed or deprecated in Windows 10 Fall Creators Update sono state rese note le funzionalità e le features che verranno deprecate o rimosse in Windows 10 Fall Creators Update, anche se tale elenco potrà ancora subire modifiche con l’aggiunta di ulteriori features o funzionalità è già deciso che Enhanced Mitigation Experience Toolkit (EMET) sarà rimosso ovvero ne verrà bloccato l’utilizzo:

Use will be blocked. Consider using the Exploit Protection feature of Windows Defender Exploit Guard as a replacement.

Di fatto questo annuncio non fa che confermare quanto già scritto nel post Moving Beyond EMET del Novembre 2016 dove veniva anticipato che le feature di sicurezza presenti in Windows 10 soppiantavano di fatto EMET:

Revolutionary new Windows 10 features like Device Guard, Credential Guard, and Windows Defender Application Guard (coming soon) use hardware virtualization to protect against vulnerability exploits and malware. Windows Defender Advanced Threat Protection (ATP) provides post-breach detection and response for Windows 10 enterprise users. And of course, Windows 10 includes numerous mitigation features to help protect Windows against the entire exploit attack chain, including DEP, ASLR, Control Flow Guard (CFG), and many new mitigations that prevents bypasses in UAC and the browser.

Come descritto nel post Announcing Windows 10 Insider Preview Build 16232 for PC + Build 15228 for Mobile nella prossima build di Windows 10 Windows Defender Antivirus potrà eseguire audit, configurazione e gestione diexploit mitigation per il sistema Windows e applicazioni tramite il Windows Defender Security Center.

Per maggiori informazioni si veda What’s new in Windows Defender ATP Fall Creators Update:

Attack surface reduction with EMET in the box – In the Windows Fall Creators Update, we are introducing Windows Defender Exploit Guard, which gives companies more control on restricting how code runs on their machines and provides tools to mitigate exploits at runtime. Windows Defender Exploit Guard will offer a set of powerful features for intrusion prevention, such as Attack Surface Reduction (ASR) smart rules, which are designed to give laser-focused and targeted blocking capabilities.

Windows Defender Exploit Guard will also help companies take advantage of vulnerability mitigation capabilities that are native to the OS as well as those formerly offered in Enhanced Mitigation Experience Toolkit (EMET) which are now built into Windows. With the addition of EMET technology, companies will be able to apply advanced vulnerability mitigations on legacy apps running on Windows 10 without the need to recompile them

Another powerful Windows Defender Exploit Guard capability will allow automatic blocking of websites known to host malicious code, by leveraging Windows Defender SmartScreen knowledge base. The integration between Windows Defender ATP and Windows Defender Exploit Guard is designed to offer new prevention capabilities that offer smarter and adaptive defenses for companies using our service

Per ulteriori informazioni sulle novità di sicurezza in Windows 10 Fall Creators Update si veda il post Announcing end-to-end security features in Windows 10 dove viene ribadito che Windows Defender Exploit Guard sostituirà EMET integrandolo nel sistema:

Building the best of EMET into Windows 10. Our customers are clearly fans of threat protections offered through the Enhanced Mitigation Experience Toolkit (EMET). Their feedback to us has been a driving force for Windows Defender Exploit Guard, a new feature making EMET native to Windows 10.​

By integrating the power of EMET along with new vulnerability mitigations, Exploit Guard includes prevention capabilities that help make vulnerabilities dramatically more difficult to exploit. In addition Exploit Guard delivers a new class of capabilities for intrusion prevention. Using intelligence from the Microsoft Intelligent Security Graph (ISG), Exploit Guard comes with a rich set of intrusion rules and policies to protect organziations from advanced threats, including zero day exploits. The inclusion of these built-in rules and policies addresses one of the key challenges with host intrusion prevention solutions which often takes significant expertise and development efforts to make effective

Nel post Moving Beyond EMET II – Windows Defender Exploit Guard viene fornita un’anteprima di Windows Defender Exploit Guard (WDEG) ed è stato annunciato che per agevolare la migrazione da EMET a Windows Defender Exploit Guard (WDEG) sarà reso disponibile un PowerShell module per convertire i file XML di impostazione EMET nelle Windows 10 mitigation policies per WDEG, per maggiori informazioni si veda Understanding Windows 10 in relation to the Enhanced Mitigation Experience Toolkit. Per prevenire incompatibilità l’installazione di Windows 10 Fall Creators Update comporterà il blocco o la rimozione di EMET, come riportato nella KB4034825.

Sempre nel post Moving Beyond EMET II – Windows Defender Exploit Guard viene riportato che WDEG includerà un numero maggiore di features rispetto ad EMET vome ad esempio l’integraziome con Windows Defender ATP (WDATP)

Per una panoramica sulle mitigation in Windows 10 si veda Mitigate threats by using Windows 10 security features si tenga però conto che non tutte le feature di sicurezza sono disponibili in tutte le edizioni di Windows 10: