You enabled Microsoft EMET and added protection against processes that ENS Exploit Protection covers in its Application Protection or Signature-based Rules. When EMET and ENS Exploit Prevention are enabled, processes that are protected by both software crash.
Below are example log entries when the crash occurs.
From the System Application log when EMET is enabled:
Type: INFORMATION
Source: EMET
Event ID: 50
Description:
EMET Service status is: Running EMET configuration for Application mitigations (Registry) is: <ConfigAppmitREG> </ConfigAppmitREG> EMET configuration for Application mitigations (GPO) is: <ConfigAppmitGPO> java.exe *\Java\jre7\bin DEP SEHOP NullPage EAF MandatoryASLR BottomUpASLR LoadLib MemProt Caller SimExecFlow StackPivot</ConfigAppmitGPO>
When EMET closes an application thread:
Type: ERROR
Source: EMET
Event ID: 2
Description:
EMET detected Caller mitigation and will close the application: java.exe Caller check failed: Application : C:\Program Files (x86)\Java\jre7\bin\java.exe User Name : xxxx\xxx ...
When Windows Error Reporting (WER) handles the crash:
The ENS Exploit Prevention DLL calls the following DLLs: HipHanlders64.dll, EpMPApi.dll, and EpMPThe.dll. These DLLs are loaded with emet.dll in the same process thread.
Both ENS and EMET track the thread API calls. This fact causes a race condition causing undesirable behaviors.
