EMET detected Caller mitigation and will close the application: firefox.exe
EMET and Firefox have coexisted peacefully for as long as I have used both of them --- until now. O/S in all cases is Windows 7 Professional, SP1, with all patches current. I ‘ve been running EMET v5.2 without any known issues. Based on security notices from various sources, Firefox was upgraded to 41.0. Immediately after this upgrade, EMET started blocking Firefox execution on five systems where Firefox was upgraded. EMET reported the following error: “EMET detected Caller mitigation and will close the application: firefox.exe”. Screenshot of this message is attached. I’m not sure if the actual problem exists in EMET or Firefox. A person on the Microsoft EMET team suggested installing EMET 5.5 BETA. Regarding Norton Security, it is always being updated by LiveUpdate. The onset timing of this problem did not coincide with a Norton update. It did coincide EXACTLY with when Firefox was updated from v40.0.3 to v41.0 with EMET 5.2 (pre 03/16/2015) running. The Firefox v41.0.1 upgrade did nothing to change this problem (“EMET detected Caller mitigation and will close the application: firefox.exe”). Firefox appears to be left in the system as a comatose zombie process. I tried EMET 5.2 (post 3-16-2015) and EMET 5.5 BETA. The caller mitigation problem carried across all referenced EMET versions. I tried turning off both ROP [caller] options for Firefox, but it made no difference. While removing and installing different versions of EMET, I tried running Firefox v41.0.1 when EMET was uninstalled from the system. Firefox ran with EMET removed from the system. Currently I am running EMET 5.5 BETA with Firefox sidelined right now on a test system. EMET will not let Firefox run at this time. Has anyone else had this experience?? If so, how was the issue fixed?? Thanks.
Ilungisiwe
All Replies (3)
Following a Norton LiveUpdate, both EMET 5.2 and 5.5 beta stopped blocking Firefox. The details of the update that cleared this problem remain unknown. If you are experiencing this problem, try updating your existing security software. In this case, it was the latest Norton Security that was updated.
Hmm, the Norton Toolbar still is not compatible with Firefox 41, so that should be inactive and updating that probably makes no difference, but the IPS components seem to inject themselves into various Firefox threads, so perhaps the incompatibility was in that area??
While working on this problem, tried running Firefox with both EMET ROP settings turned off: ROP Caller Check ROP Simulate Execution Flow This had no effect. For a while I thought there might be a disconnect between the policy editor and the EMET registry settings. Editing the EMET default and policy settings directly in the registry also resulted in no change in the outcome.
Per discussion with a knowledgeable Microsoft rep, there were some incompatibility issues between EMET and various security products (Norton was one of them). However, without changing EMET 5.2 or 5.5 beta, and without changing Firefox, the error disappeared immediately after a LiveUpdate session with Norton. Within EMET, Firefox is running now with all options turned on for Firefox (except ASR -- and Fonts in V5.5B).