Default Action and Mitigation Settings

Configure default action after detection and advanced ROP mitigation settings


Supported on: Windows 10
Deep Hooks:


  1. Disabled
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\EMET\SysSettings
    Value NameDeepHooks
    Value TypeREG_DWORD
    Value0
  2. Enabled
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\EMET\SysSettings
    Value NameDeepHooks
    Value TypeREG_DWORD
    Value1
  3. User Configured
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\EMET\SysSettings
    Value NameDeepHooks
    Value TypeREG_DWORD
    Value2

Anti Detours:


  1. Disabled
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\EMET\SysSettings
    Value NameAntiDetours
    Value TypeREG_DWORD
    Value0
  2. Enabled
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\EMET\SysSettings
    Value NameAntiDetours
    Value TypeREG_DWORD
    Value1
  3. User Configured
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\EMET\SysSettings
    Value NameAntiDetours
    Value TypeREG_DWORD
    Value2

Banned Functions:


  1. Disabled
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\EMET\SysSettings
    Value NameBannedFunctions
    Value TypeREG_DWORD
    Value0
  2. Enabled
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\EMET\SysSettings
    Value NameBannedFunctions
    Value TypeREG_DWORD
    Value1
  3. User Configured
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\EMET\SysSettings
    Value NameBannedFunctions
    Value TypeREG_DWORD
    Value2

Exploit Action:


  1. Audit Only
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\EMET\SysSettings
    Value NameExploitAction
    Value TypeREG_DWORD
    Value0
  2. Stop Program
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\EMET\SysSettings
    Value NameExploitAction
    Value TypeREG_DWORD
    Value1
  3. User Configured
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\EMET\SysSettings
    Value NameExploitAction
    Value TypeREG_DWORD
    Value2


emet.admx