Author Topic: Process Lasso Activation (plActivate.exe) & Microsoft EMET 5.2  (Read 4189 times)

Offline mjdl

  • Member
  • ***
  • Posts: 24
Process Lasso (8.4 x64) on Windows 7 SP1 x64 (all current patches) won't work in the default configuration (with 1 change: SEHOP Opt Out for all processes). The "Ooops" activation failure dialog is displayed after 30-45 seconds. Once the executable plActivate.exe has been added to the EMET exception list with all EMET protections disabled, then activation can proceed.

There is no exploit mitigation pop-up from the EMET tray icon, nor EMET mitigation message in the Event Log.

Sorry, I did not deactivate the EMET protections one by one, so the precise protection blocking plactivate.exe is not certain, but easy to test if you have the time.

Offline BenYeeHua

  • Member#
  • *****
  • Posts: 2232
  • Gender: Male
Re: Process Lasso Activation (plActivate.exe) & Microsoft EMET 5.2
« Reply #1 on: July 10, 2015, 11:57:15 AM »
Thank for telling that Process Lasso is not compatibility with EMET. ;)

But ya, as I know, EMET has compatibility issues with many software, so far the best supported software is Microsoft product like IE and Office. :)

It is still strange that EMET don't tell why it has blocked the activation, so I guess except the software want to launch another software, or using known vulnerability, or some exploit techniques.
And also it look like Chromium don't supported well with EMET too, I guess it is best for using IE with EMET, if for best security. :D
https://www.chromium.org/Home/chromium-security/chromium-and-emet

I also tried to Google for find out how to fixing compatibility with EMET, but too bad so far no good result about that. :P

Offline mjdl

  • Member
  • ***
  • Posts: 24
Re: Process Lasso Activation (plActivate.exe) & Microsoft EMET 5.2
« Reply #2 on: July 10, 2015, 12:30:12 PM »
Thanks for the reply.

I just use EMET as an extra layer of anti-exploit protection for internet apps, or for apps that process files from internet sources (e.g. PDF readers, web browsers, email apps). True, it's very oriented to Microsoft applications in its default configuration, and malware developers are continually finding ways to defeat it, but nevertheless if applications work correctly with the EMET dll loaded in the process and *all* EMET mitigations enabled, then that's a little more assurance that the app is not behaving too weirdly.

Of course, I don't really expect a licensing app like plActivate.exe to be able to function without doing some pretty weird Windows API manipulations--which is to say I trust Bitsum software on my computer (I think the developer's dedication to software quality speaks for itself).

The one big change I made to the EMET default configuration--enabling SEHOP for all processes--may be the problem for plActivate.exe. Once I configured EMET to load its dll into the plActivate.exe process with all mitigations including SEHOP disabled, activation succeeded. Of course my Process Lasso is now activated, so I don't have a chance to test a narrower set of disabled EMET mitigations.

Offline BenYeeHua

  • Member#
  • *****
  • Posts: 2232
  • Gender: Male
Re: Process Lasso Activation (plActivate.exe) & Microsoft EMET 5.2
« Reply #3 on: July 12, 2015, 01:16:58 AM »
Yup, just handle it to the dev, and thank for providing info about your EMET config. :)

Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5409
  • Gender: Male
  • The Lasso
    • Bitsum
Re: Process Lasso Activation (plActivate.exe) & Microsoft EMET 5.2
« Reply #4 on: July 16, 2015, 08:30:45 PM »
Yikes... I will have to create an action plan for this.

Thanks for the report!
Software Engineer. Bitsum LLC.