EMET 5.1 prevents Internet Explorer from running on appliance (Caller Mitigation)

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth Idp Version affected:  All versions

    Description:  EMET 5.1 throws a "Caller Mitigation" alert, and either shuts down Internet Explorer, or if the customer has changed the EMET setting to "alert but do not block", multiple pop-up windows appear on the right hand side preventing normal use of IE.

    Cause:  If you have Sophos Security (anti-virus) installed on the machine, there is a known compatibility issue between Sophos and EMET, where Sophos' Buffer Overflow Protection detection triggers EMET alerts constantly.

    Resolution:  Open the Sophos console on the server, go into "Configure anti-virus and HIPS", go into "Behavior Monitoring", uncheck Buffer Overflow Protection, uncheck "Enable behavior monitoring".  The last bit is sometimes needed because the Sophos client may not adhere to disabling BOP.  So turning all of the behavior monitoring off may be necessary to restore IE functionality.


    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful



    Please sign in to leave a comment.