Geeks in Phoenix

Geek Blog


Toughen your computer security with EMET 5.1

Updated January 31, 2021. Microsoft's Enhanced Mitigation Experience Toolkit reached the end of its life on July 31, 2018, and is no longer available for download.

Keeping your computer secure has always been challenging. It seems like every week there is another exploit making the rounds. Nobody can predict what kind of attack hackers will use next. But you can protect your computer from the most common actions and techniques used with the Enhanced Mitigation Experience Toolkit 5.1 (EMET).

The main screen inside of EMET 5.1
The main screen inside of EMET 5.1

What is EMET? It monitors selected programs (Internet Explorer, Microsoft Office programs, etc.) for known attack actions and techniques. When one of the several pseudo mitigation technologies is triggered, EMET can block or even terminate the program in question. It will also validate digitally signed SSL certificates inside of Internet Explorer. Here's is the current list of mitigations EMET currently looks for.

  • Structured Exception Handler Overwrite Protection (SEHOP)
  • Data Execution Prevention (DEP)
  • Heapspray allocation
  • Null page allocation
  • Mandatory Address Space Layout Randomization (ASLR)
  • Export Address Table Access Filtering (EAF)
  • Export Address Table Access Filtering Plus (EAF+)
  • Bottom-up randomization
  • Return Oriented Programming (ROP)
  • Attack Surface Reduction (ASR)

The about screen inside of EMET 5.1
The about screen inside of EMET 5.1

EMET 5.1 includes the following improvements:

  • Attack Surface Reduction (ASR) has been updated to limit the attack surface of applications and reduce attacks.
  • Export Address Table Filtering Plus (EAF+) has been updated to improve and extend the current EAF mitigation.
  • 64-bit ROP mitigations have been improved to anticipate future exploitation techniques.
  • Several security, compatibility and performance improvements.

EMET can also be customized via the registry (see EMET manual for instructions). Here are a few of the items that can be modified:

  • Enable unsafe configurations.
  • Configuring custom message for user reporting.
  • Configuring certificate trust feature for third party browsers.
  • Configuring local telemetry for troubleshooting
  • Configuring EMET Agent icon visibility.

Here's a quote from Microsoft's website:

The Enhanced Mitigation Experience Toolkit (EMET) helps raise the bar against attackers gaining access to computer systems. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques. EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software. EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives.

EMET should never monitor anti-malware and intrusion prevention or detection software, debuggers, software that handles digital rights management (DRM) technologies or software that uses anti-debugging, obfuscation, or hooking technologies.

How to safely remove external drives

External storage devices like flash drives or hard drives are so convenient for carrying data between computers. Just plug and play, as they say. But did you know it's not the same for when you unplug your drives? Here's how to safely remove external drives from your Windows computer.

How to safely remove external drives

Recently I was at a customer's location repairing her computer and needed some files from one of my USB flash drives. When I was done, I went through the process of ejecting the USB drive from her computer. She was surprised that I didn't just pull the flash drive out. You can, most of the time, unplug a USB device like a mouse or printer without having to do anything to your Windows-based computer. It's only when you have a storage device, like a flash drive or external hard drive, that you have to take an extra step to remove the device safely.

What is write caching?

By default, Windows enables write caching on storage devices for better performance, whether internal or external. Write caching allows programs to write to the device and continue without waiting for the data to be written. By properly ejecting a storage device, you ensure that the cache is getting written to the device before you disconnect it.

How to safely remove external drives

  1. Left-click on the Safely Remove Hardware icon on the Taskbar.
    Safely Remove Hardware icon on the Windows 8 Taskbar
  2. Left-click on the device you want to disconnect.
    List of removable drives ready to be ejected

or

  1. Open File Explorer (Windows logo key Windows logo key + E).
  2. Under This PC / Computer, right-click the drive you want to disconnect and select Eject.

Windows will display a notification when it's safe to disconnect the drive.

The correct ways to shut down your Windows based computer

Updated March 29, 2023

Doing computer repair, I see a lot of different issues. But there is one problem I see over and over again, start-up corruption. This most commonly occurs when the computer is not turned off properly. And laptops appear to be more prone to this issue than desktops. So here's how to properly shut down your Windows-based computer.

Which power button do you use to shut down your computer?

Logic dictates that if you use a button to turn on a device, you should also use it to turn it off (button on / button off). You use a button to turn your TV, audio/video components, and smartphone on and off. But this is only sometimes the case when it comes to your computer. It is always recommended that you allow the operating system to close down all applications and turn the computer off itself.

Using the Start menu / Start screen to shut down Windows

This may seem like a no-brainer, but you would be amazed at how many people don't use this method. It's mainly laptop users who instinctively close the lid or reach for the power button. But if you don't watch how long you hold the power button down, you could perform a hard shutdown. It's simpler and recommended to use the shut down button on the Start menu / Start screen.

Windows Vista

Shut down button location in Windows Vista
Start button > Power button > Shut down

Windows 7

Shut down button location in Windows 7
Start button > Shut down

Windows 8

Sign out button location in Windows 8
1. Start screen > Sign out
Shut down button location in Windows 8
2. Sign in screen > Power button > Shut down

Windows 8.1

Shut down button location in Windows 8.1
Start screen > Power button > Shut down

Or

Power users shut down button location in Windows 8.1
Power users menu (Windows logo key Windows logo + X) > Shut down or sign out > Shut down

Windows 10

Shut down button location in Windows 10
Start button > Power button > Shut down

Or

Power users shut down button location in Windows 10
Power users menu (Windows logo key Windows logo + X) > Shut down or sign out > Shut down

Windows 11

Shut down button location in Windows 11
Start button > Power button > Shut down

Or

Power users shut down button location in Windows 11
Power users menu (Windows logo key Windows logo + X) > Shut down or sign out > Shut down

Using the power button on the computer to shut down Windows

This method is acceptable for turning off your computer, as it performs the same command as the shut down button on the Start menu / Start screen. But you have to check and ensure that the power options inside the operating system are configured to shut down the system when the power button is pressed.

Power button options inside of Windows 8.1
Power button options inside of Windows 8.1 / Windows 10

The power button can be configured to put the system into sleep or hibernate. And if your system loses power while it's asleep, you will get an error when you restart it. This happens quite often with laptops when they are not using the ac adapter and the battery runs out.

Using the power button on the computer to force it to shut down

How do you turn off your computer when it freezes and has no reset button? This is where the Advanced Configuration and Power Interface (ACPI) specification comes into play. This spec has been built into every computer for well over a decade now. It mandates that when the power button is held down for 10 seconds or longer, the system performs a hard shutdown, turning off power to all components. This will most likely cause an error upon restart.

Managing Virtual Memory / Pagefile in Windows 8

Your computer has two types of memory, Random Access Memory (RAM) and Virtual Memory. All programs use RAM, but when there isn't enough RAM for the program you're trying to run, Windows temporarily moves information that would usually be stored in RAM to a file on your hard disk called a Paging File. The amount of data temporarily stored in a paging file is also referred to as virtual memory. Using virtual memory, in other words, moving information to and from the paging file, frees up enough RAM for programs to run correctly.

The more RAM your computer has, the faster your programs will generally run. If a lack of RAM is slowing your computer, you might be tempted to increase virtual memory to compensate. However, your computer can read data from RAM much more quickly than from a hard disk, so adding RAM is a better solution.

If you receive error messages that warn of low virtual memory, you need to either add more RAM or increase your paging file size to run the program on your computer. Windows usually manages this automatically, but you can manually change the virtual memory size if the default size isn't large enough for your needs.

There is a formula for calculating the correct pagefile size. The Minimum pagefile size is one and a half (1.5) x the amount of memory. The Maximum pagefile size is three (3) x the minimum pagefile size. Let's say you have 2 Gb (2,048 Mb) of memory. The minimum pagefile size would be 1.5 x 2,048 = 3,072 Mb and the maximum pagefile size would be 3 x 3,072 = 9,216 Mb.

How to change the pagefile size in Windows 8

  1. Open the System Properties, press the Windows logo key Windows logo key + Pause, or use the Power User menu (Windows logo key Windows logo key + X) and select System.
    Managing Windows 8 virtual memory 1
  2. If you are going to use the formula above to configure your pagefile, note the amount of installed memory under the System category.
    Managing Windows 8 virtual memory 2
  3. In the left pane, click Advanced system settings. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  4. On the Advanced tab under Performance, click Settings.
    Managing Windows 8 virtual memory 3
  5. Click the Advanced tab and then under Virtual memory, click Change.
    Managing Windows 8 virtual memory 4
  6. Clear the Automatically manage paging file size for all drives checkbox.
    Managing Windows 8 virtual memory 5
  7. Under Drive [Volume Label], click the drive that contains the paging file you want to change.
  8. Click Custom size, type a new size in megabytes in the Initial size (MB) and Maximum size (MB) box, click Set, and then click OK.

Note: Increases in size usually don't require a restart for the changes to take effect, but if you decrease the size, you'll need to restart your computer. It is recommended that you don't disable or delete the paging file.

Modifying the default locations of user files and library properties in Windows 8

Did you know that Windows 8 has some great ways of managing your user files? From adding additional folder locations in the Libraries to ultimately moving your user documents to another location. You can do all of these and more. Here's how to modify the default locations of user files and library properties in Windows 8.

Moving your personal folders has become more commonplace when you have two (2) or more disk drives in a computer. By moving the user files to another drive, you're freeing up space on the operating system's drive. This can be extremely beneficial if your operating system is installed on a Solid State Drive (SSD). When you move a folder to a new location, you change where the folder and files are stored. However, you'll still access the folder the same way you did before you moved it.

Also, instead of moving a folder, you might want to consider including another folder in one of your libraries. For example, if you have a large number of pictures, you can store those pictures in a location other than your primary hard drive and then include that location in your Pictures library. For more information, see below.

How to change the location of user files in Windows 8

There are six (6) user folders in Windows 8, which you can change their locations. They are Desktop, Documents, Downloads, Music, Pictures, and Videos. You will need to create folders with the same name in the new location before moving any of them.

How to move a user folder to a new location

  1. From the desktop, left-click on the File Explorer icon on the Taskbar or press the Windows logo key Windows logo key + E.
  2. Navigate to This PC and expand it. If you don't see the Navigation pane go to the View tab, pull down the Navigation pane toolbar, and place a checkmark next to the Navigation pane.
  3. Right-click the folder that you want to move, and then click Properties.
  4. Click the Location tab, and then click Move.
  5. Browse to the location where you want to move this folder. You can select another location on this computer, another drive attached to this computer, or another computer on the network. To find a network location, type two backslashes (\\) into the address bar followed by the name of the location where you want to redirect the folder (for example, \\mylaptop), and then press Enter.
  6. Click the folder where you want to store the files, click Select Folder, and then click OK.
  7. In the dialog that appears, click Yes to move all the files to the new location.

To restore a folder to its original location

  1. From the desktop, left-click on the File Explorer icon on the Taskbar or press the Windows logo key Windows logo key + E.
  2. Navigate to This PC and expand it. If you don't see the Navigation pane go to the View tab, pull down the Navigation pane toolbar, and place a checkmark next to the Navigation pane.
  3. Right-click the folder that you previously redirected and want to restore to its original location, and then click Properties.
  4. Click the Location tab, click Restore Default, and then click OK.
  5. Click Yes to recreate the original folder, and then click Yes again to move all the files back to the original folder.

Note:
If you don't see the Location tab in a folder's Properties dialog, then the folder can't be moved. If you see the Location tab but can't edit the folder path, you don't have permission to move it.

How to modify library properties in Windows 8

We are all familiar with files and folders, but when Windows 7 came out, we got another way to manage them, Libraries. Libraries are where you go to manage your documents, music, pictures, and other files. You can browse your files the same way you would in a folder or view your files arranged by properties like date, type, and author.

In some ways, a library is similar to a folder. For example, when you open a library, you'll see one or more files. However, unlike a folder, a library gathers files that are stored in several locations. This is a subtle but significant difference. Libraries don't hold your folders/files. They monitor folders that contain your files, and let you access and arrange the items in different ways. For instance, if you have music files in folders on your hard disk and an external drive you can access all of your music files at once using the Music library.

Windows 8 has four default libraries: Documents, Music, Pictures, and Videos. You can also create new libraries. If you don't see the Libraries in File Explorer, go to the View tab, pull down the Navigation pane toolbar and place a checkmark next to Show Libraries.

Here are some ways you can modify an existing library:

  • Include or remove a folder. Libraries gather content from included folders or library locations. You can include up to 50 folders in one library.
  • Change the default save location. The default save location determines where an item is stored when copied, moved, or saved to the library.
  • Change the type of file a library is optimized for. Each library can be optimized for a particular file type (such as music or pictures). Optimizing a library for a specific file type changes the available options for arranging your files.

How to add a folder to a library

  1. From the desktop, left-click on the File Explorer icon on the Taskbar or press the Windows logo key Windows logo key + E.
  2. Open the library you'd like to change.
  3. On the ribbon on top select Manage library.
  4. In the Library Locations dialog box, click on Add, navigate to the folder you want to add to the library, and click on Include folder.
  5. Click OK.

How to change a library's default save location

A library's default save location determines where an item will be stored when copied, moved, or saved.

  1. From the desktop, left-click on the File Explorer icon on the Taskbar or press the Windows logo key Windows logo key + E.
  2. Right-click on the library you'd like to change and click Properties.
  3. Select the library location that you want as default and click on Set save location.
  4. Click OK.

How to change the type of files a library is optimized for

Each library can be optimized for a particular file type (such as music or pictures). Optimizing a library for a specific file type changes the available options for arranging the files in that library..

  1. From the desktop, left-click on the File Explorer icon on the Taskbar or press the Windows logo key Windows logo key + E.
  2. Right-click on the library you'd like to change, and then click Properties.
  3. In the Optimize this library for list, select a file type and then click OK.

Free computer diagnostics

Repairing a PC can sometimes be expensive, and that is why we offer free basic in-shop diagnostics. Give one of our professional and experienced technicians a call at (602) 795-1111, and let's see what we can do for you.

Check out our reviews

Geeks In Phoenix LLC, BBB Business Review

Customer service is #1

Here at Geeks in Phoenix, we take pride in providing excellent customer service. We aim to give the highest quality of service  from computer repair, virus removal, and data recovery.

Bring your computer to us and save

Repairing a computer can be time-consuming. That is why we base our in-shop service on the time we work on your computer, not the time it takes for your computer to work! From running memory checking software to scanning for viruses, these are processes that can take some time.

Contact us

If you have any questions, please feel free to give us a call at (602) 795-1111  and talk with one of our Geeks. Or you can send us a message from our contact page contact page , and one of our Geeks will get back to you as soon as possible. Or you can stop by and see us. Here are our hours and location.

Like Geeks in Phoenix on Facebook

Follow Geeks in Phoenix on Twitter

Watch Geeks in Phoenix on YouTube