FileZilla 3.8.1 incompatible with EMET
|Reported by:||notrone2||Owned by:|
|Component version:||Operating system type:||Windows|
|Operating system version:||Windows 7 x64 SP1|
The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.
Since upgrading to 3.8.1, FileZilla is being terminated by EMET as it is triggering the "SimExecFlow" mitigation:
EMET detected SimExecFlow mitigation and will close the application: filezilla.exe
SimExecFlow check failed: Application : C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe User Name : asdf Session ID : 1 PID : 0x1198 (4504) TID : 0x2428 (9256) CodeAddress : 0x009D1909 CodeStackPtr : 0x28FDB4 CalledAddress : 0x753F4327 API name : kernel32.VirtualProtect StackPtr : 0x0028FD98 FramePtr : 0x28FDC0
As EMET is used in enterprise environments where it cannot be disabled by users, this issue prevents FileZilla from functioning. Downgrading to 3.8.0 fixes the issue.