The subject of this post refers to Microsoft Enhanced Mitigation Experience Toolkit, which is a freely available security enhancement program, explained here:
http://support.microsoft.com/kb/2458544
There appears to be an issue between the latest version of IFW and version 4.1 of the EME Toolkit while running on 64-bit Windows 7 Pro. I recently installed the Toolkit and began testing a number of my system's more prominent programs for compatibility, including Image for Windows. When I started IFW from within Windows, the EME Toolkit program objected and popped up a message saying that IFL has violated the EAF (i.e., Export Address Table Access Filtering) safeguard enabled by this program, and it mandatorily shut down IFW. I then disabled this one aspect of the program for IFW and restarted it. This time it worked fine.
I am not a programmer and do not pretend to understand completely what exactly is at the root of this problem, but I can see it happening plainly enough, and it is reproducible. I have also tested this EME Toolkit with many of the other more important programs I use, and so far none of them has thrown up an objection with my normal use. That is not to say that none of them won't at some point, but just that they have not yet done so, with the sole exception of IFL while running in Windows. Not being a programmer, I am not aware of any unique differences between IFL and the other programs so far tested by me. I would not consider any of the programs I have tested to be "lightweight". They are at least on a par with IFW as far as complexity, and they do, therefore, represent comparable measures of testing, I should think.
These are the three entries from Windows Event Log pertaining to this incident, in reverse chronological order:
135952 Application Warning 4/5/2014 2:12:14 PM EMET 0 11 computer-PC 0 404 C:\Program Files (x86)\TeraByte Unlimited\Image for Windows\V2\imagew.exe has changed configuration status for the following mitigations: EAF=disabled
135951 Application Error 4/5/2014 2:02:24 PM EMET 0 2 computer-PC 0 752 EMET detected EAF mitigation and will close the application: imagew.exe EAF check failed: Application : C:\Program Files (x86)\TeraByte Unlimited\Image for Windows\V2\imagew.exe User Name : COMPUTER-PC\display Session ID : 1 PID : 0x950 (2384) TID : 0xC34 (3124) Module : N/A Address : 0x03289427
135950 Application Information 4/5/2014 2:01:39 PM EMET 0 10 computer-PC 0 824 C:\Program Files (x86)\TeraByte Unlimited\Image for Windows\V2\imagew.exe has been added to EMET configured application list with the following configuration: DEP=enabled SEHOP=enabled NullPage=enabled HeapSpray=enabled EAF=enabled MandatoryASLR=enabled BottomUpASLR=enabled LoadLib=enabled MemProt=enabled Caller=enabled SimExecFlow=enabled StackPivot=enabled
I am curious what is causing the problem, and I would like to find out the answer if you can get to the bottom of it. Thanks.
Microsoft EME Toolkit & IFW
-
TeraByte Support
- Posts: 3629
- Joined: Thu May 05, 2011 10:37 pm
Re: Microsoft EME Toolkit & IFW
The exe protected by armadillo which does all types of low level things to
help prevent attempts to debug or reverse engineer the program. That's what
would probably trigger it.
"P19" wrote in message news:7856@public.image...
The subject of this post refers to Microsoft Enhanced Mitigation Experience
Toolkit, which is a freely available security enhancement program, explained
here:
[
http://support.microsoft.com/kb/2458544
](http://support.microsoft.com/kb/2458544)
There appears to be an issue between the latest version of IFW and version
4.1 of the EME Toolkit while running on 64-bit Windows 7 Pro. I recently
installed the Toolkit and began testing a number of my system's more
prominent programs for compatibility, including Image for Windows. When I
started IFW from within Windows, the EME Toolkit program objected and popped
up a message saying that IFL has violated the EAF (i.e., Export Address
Table Access Filtering) safeguard enabled by this program, and it
mandatorily shut down IFW. I then disabled this one aspect of the program
for IFW and restarted it. This time it worked fine.
I am not a programmer and do not pretend to understand completely what
exactly is at the root of this problem, but I can see it happening plainly
enough, and it is reproducible. I have also tested this EME Toolkit with
many of the other more important programs I use, and so far none of them has
thrown up an objection with my normal use. That is not to say that none of
them won't at some point, but just that they have not yet done so, with the
sole exception of IFL while running in Windows. Not being a programmer, I
am not aware of any unique differences between IFL and the other programs so
far tested by me. I would not consider any of the programs I have tested to
be "lightweight". They are at least on a par with IFW as far as complexity,
and they do, therefore, represent comparable measures of testing, I should
think.
These are the three entries from Windows Event Log pertaining to this
incident, in reverse chronological order:
135952 Application Warning 4/5/2014 2:12:14 PM EMET 0 11 computer-PC 0 404
C:\Program Files (x86)\TeraByte Unlimited\Image for Windows\V2\imagew.exe
has changed configuration status for the following mitigations: EAF=disabled
135951 Application Error 4/5/2014 2:02:24 PM EMET 0 2 computer-PC 0 752
EMET detected EAF mitigation and will close the application: imagew.exe
EAF check failed: Application : C:\Program Files (x86)\TeraByte
Unlimited\Image for Windows\V2\imagew.exe User Name : COMPUTER-PC\display
Session ID : 1 PID : 0x950 (2384) TID : 0xC34 (3124) Module :
N/A Address : 0x03289427
135950 Application Information 4/5/2014 2:01:39 PM EMET 0 10 computer-PC 0
824 C:\Program Files (x86)\TeraByte Unlimited\Image for
Windows\V2\imagew.exe has been added to EMET configured application list
with the following configuration: DEP=enabled SEHOP=enabled NullPage=enabled
HeapSpray=enabled EAF=enabled MandatoryASLR=enabled BottomUpASLR=enabled
LoadLib=enabled MemProt=enabled Caller=enabled SimExecFlow=enabled
StackPivot=enabled
I am curious what is causing the problem, and I would like to find out the
answer if you can get to the bottom of it. Thanks.
help prevent attempts to debug or reverse engineer the program. That's what
would probably trigger it.
"P19" wrote in message news:7856@public.image...
The subject of this post refers to Microsoft Enhanced Mitigation Experience
Toolkit, which is a freely available security enhancement program, explained
here:
[
http://support.microsoft.com/kb/2458544
](http://support.microsoft.com/kb/2458544)
There appears to be an issue between the latest version of IFW and version
4.1 of the EME Toolkit while running on 64-bit Windows 7 Pro. I recently
installed the Toolkit and began testing a number of my system's more
prominent programs for compatibility, including Image for Windows. When I
started IFW from within Windows, the EME Toolkit program objected and popped
up a message saying that IFL has violated the EAF (i.e., Export Address
Table Access Filtering) safeguard enabled by this program, and it
mandatorily shut down IFW. I then disabled this one aspect of the program
for IFW and restarted it. This time it worked fine.
I am not a programmer and do not pretend to understand completely what
exactly is at the root of this problem, but I can see it happening plainly
enough, and it is reproducible. I have also tested this EME Toolkit with
many of the other more important programs I use, and so far none of them has
thrown up an objection with my normal use. That is not to say that none of
them won't at some point, but just that they have not yet done so, with the
sole exception of IFL while running in Windows. Not being a programmer, I
am not aware of any unique differences between IFL and the other programs so
far tested by me. I would not consider any of the programs I have tested to
be "lightweight". They are at least on a par with IFW as far as complexity,
and they do, therefore, represent comparable measures of testing, I should
think.
These are the three entries from Windows Event Log pertaining to this
incident, in reverse chronological order:
135952 Application Warning 4/5/2014 2:12:14 PM EMET 0 11 computer-PC 0 404
C:\Program Files (x86)\TeraByte Unlimited\Image for Windows\V2\imagew.exe
has changed configuration status for the following mitigations: EAF=disabled
135951 Application Error 4/5/2014 2:02:24 PM EMET 0 2 computer-PC 0 752
EMET detected EAF mitigation and will close the application: imagew.exe
EAF check failed: Application : C:\Program Files (x86)\TeraByte
Unlimited\Image for Windows\V2\imagew.exe User Name : COMPUTER-PC\display
Session ID : 1 PID : 0x950 (2384) TID : 0xC34 (3124) Module :
N/A Address : 0x03289427
135950 Application Information 4/5/2014 2:01:39 PM EMET 0 10 computer-PC 0
824 C:\Program Files (x86)\TeraByte Unlimited\Image for
Windows\V2\imagew.exe has been added to EMET configured application list
with the following configuration: DEP=enabled SEHOP=enabled NullPage=enabled
HeapSpray=enabled EAF=enabled MandatoryASLR=enabled BottomUpASLR=enabled
LoadLib=enabled MemProt=enabled Caller=enabled SimExecFlow=enabled
StackPivot=enabled
I am curious what is causing the problem, and I would like to find out the
answer if you can get to the bottom of it. Thanks.