If you open the Process Analysis page for a process on a host that has EMET protections enabled for the process, two types of EMET-related information appear. In both cases, the sensor group for the host must have EMET reporting enabled.

  • Process-specific Protections on the Host – The Process Analysis page includes a list of the EMET Protections Enabled on the host for the process that is being analyzed . These can appear even if EMET did not perform any mitigations when an exploit was attempted on the process.

    emet-enabled

  • EMET Mitigation Events – If EMET took mitigation actions related to an exploit of the process, the event table lists EMET events for these actions, and can be expanded for additional details.

    process-event-emet-details