EMET is very useful for Remote-Controlled Browsers Systems (ReCoBS) and Virtual Desktop Infrastructure (VDI).
Applications protected with the EMET EAF feature run about 10 times slower (or at 10% speed) in Hyper-V Guests presumably because processor debug registers are used. The performance counter"Hypervisor Root Virtual Processor(*)\Debug Register Accesses/sec" increases to a few 10 thousands on my system when EMET EAF protected applications run.
Any ideas to improve the performance without loosing the EAF benefits?
The EMET documentation doesn't explicitly reference Hyper-V, but: “Some virtual machines do not support debug registers (and consequently EAF). However, the EAF option will still be available for configuration even if EMET is being run on a machine that doesn’t support debug registers. Setting this option on those machines will have no effect. Be aware of this limitation when configuring EAF.“
DRM and Copy Protection (SecuROM and/or SafeDisc afair) software is also affected.
References:
ASLR bypass mitigated by EAF: https://badishi.com/tweaking-metasploit-modules-to-bypass-emet-part-1/
EMET Forum: http://qa.social.technet.microsoft.com/Forums/en/emet/thread/e95141f6-b1d8-4869-9a29-cc8dd321d804
EMET 3.0: http://support.microsoft.com/kb/2458544
EMET 3.5 Tech Preview: http://www.microsoft.com/en-us/download/details.aspx?id=30424
ISC SANS: https://isc.sans.edu/diary/EMET+3.5%3A+The+Value+of+Looking+Through+an+Attacker%27s+Eyes/14797
Microsoft EMET recommendation example: http://blogs.technet.com/b/msrc/p/january-2013-oob-security-bulletin-q-a.aspx
ReCoBS: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Internetsicherheit/recobslanginfo_pdf.pdf?__blob=publicationFile
Thanks