Hi there. While testing Intercept-X as a replacement for EMET in prep for EOL, I am having trouble understanding if in fact Intercept-X can be used as a direct replacement. One of the great advantages of using EMET is it's ability to force applications into using mitigation techniques. I tested this by running the Hitman Pro Exploit test tool against applications other than itself. While using any of the exploit techniques, such as DEP or SEHOP, Intercept-X caught most if not all when leveraged against Microsoft applications. However, once I used these same techniques against a non-popular program, EA's Origin client in this case, Intercept-X was not able to prevent the exploit technique.
To insure EMET would in fact mitigate these exploits, I un-installed Intercept-X, restarted, installed EMET, restarted and added Origin as a program to protect along with enabling the mitigations that I wanted EMET to force the application into. I then ran the exploit tool again and EMET caught/prevented all but maybe one, while Intercept-X did not catch any.
So my question is...Unlike EMET, where you can add an application to protect and force mitigation techniques upon. Is Intercept-X not a direct potential replacement in that it will only protect certain applications that it is programed to protect? Are there plans to allow users to pick additional applications that they would like Intercept-X to protect?
While I understand Office applications, Java, Flash and browsers are the main attack vector of popular incidents. It is important to also protect the other applications within our organization as they can also be leveraged in an attack.
Thanks!
Ryan
This thread was automatically locked due to age.
