If you open the Process Analysis page for a process on a host that has EMET protections enabled for the process, two types of EMET-related information appear. In both cases, the sensor group for the host must have EMET reporting enabled.

  • Process-specific Protections on the Host – The Process Analysis page includes a list of the EMET Protections Enabled on the host for the process that is being analyzed . These can appear even if EMET did not perform any mitigations when an exploit was attempted on the process.

    The Process Analysis page displaying the EMET protection enabled

  • EMET Mitigation Events – If EMET took mitigation actions related to an exploit of the process, the event table lists EMET events for these actions, and can be expanded for additional details.

    The event table displaying the EMET event details and the EMET metadata