Deploying Enhanced Mitigation Experience Toolkit (EMET 3.0)

Comments

7 comments

  • SelfMan

    If you put the command in to a batch file like emet-import.cmd) and run that, does it work?

    The problem might be the 32 vs 64 bit context.

    The other question is where is the XML data imported to. Registry? If so, HKCU or HKLM?

    0
    Comment actions Permalink
  • Shane Corellian

    Just want to make sure that the second step is, in fact, a Command step and not a Package.

    Error 1 could be a number of things. It could mean that the file, emet_conf.exe,  wasn't found. It could also just be a general failure code returned  by emet_conf.exe. If it works when you run the command locally it could be that the import only works when run interactively (in a logged user context).

    This is one point that Selfman is making when he asks where the data is being imported. If it is placed in the registry then it is important to know if it goes in HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE.

    If the target machine is running a 32-bit version of Windows then you would most assuredly get an error 1 since the path   "C:\Program Files (x86)\EMET\Deployment\Protection Profiles\all.xml" wouldn't exist.

    0
    Comment actions Permalink
  • Heimann, Gertti

    Hi thanks you both for your quick replies.

    - The pc's I am deploying to are Windows 7 64-bit Enterprise machines, so the command should be ok.

    - The batchfile also ends in the same error 1

    - The data is imported to the registry into HKLM as far as I can see. All the settings are under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET

    0
    Comment actions Permalink
  • SelfMan

    Is the XML infrmormation imported to the registry?
    Does the XML exist in the target location?
    What are the access rights to the folder with the XML file and the XML file itself.

    0
    Comment actions Permalink
  • Heimann, Gertti

    The xml file is not imported to the registry

    The xml file does exist in the target location. It's installed by the 'emet setup.msi'. The xml file is at this location: C:\Program Files (x86)\EMET\Deployment\Protection Profiles\all.xml

    I am running the Deployment via the localadmin on the machine. The localadmin has full control on the folder.

     

    0
    Comment actions Permalink
  • SelfMan

    I would run the ProcessMonitor, monitor the whole installation and then look for the XML in the log. Because at the moment it is absolutely unclear what is happening there.

    0
    Comment actions Permalink
  • Matt Boast

    I am also trying to install EMET(4.0). I believe the issue may be related to emet_conf.exe. When I launch this after installing EMET with PDQ it tries to access the installer which no longer exists in the PDQ directory C:\Windows\PDQDeployRunner\. There is some good information in the EMET 4.0 Users guide that may help even though it's for SCCM(GASP!). Here's it's suggestion for the configuration. 

    3.1.4 Create the EMET Configuration Package and Program
    1. Place the following 4 files in a source directory that will be used as the source for the EMET configuration package. These files can be gathered from the source directory of the EMET client after it has been installed on a system. NOTE: If all of the files are not included EMET configuration will not work.

    a. Popular Software.XML (from the applications folder \EMET\Deployment\Protection Profiles)
    b. EMET_Conf.exe (from the applications folder \EMET)
    c. HelperLib.dll (from the applications folder \EMET)
    d. MitigationInterface.dll (from the applications folder \EMET)
    e. PKIPinningSubsystem.dll (from the applications folder \EMET)
    2. From Software Library | Packages choose to Create Package.
    3. Name the package, and choose this package containing the source files. Provide the path where the four files referenced in step 1 are sourced.
    4. Choose standard program.
    5. Name the program, and set the command line to be EMET_Conf.exe --import “Popular Software.xml”. NOTE: This is just an example, using the “Popular Software” protection profile provided by the EMET team. It is possible to modify this profile or use one of the other protection profiles provided by EMET. The file to be imported needs just to be referenced and included in the EMET configuration package.
    6. Set the program to run hidden, and whether or not a user is logged on.
    7. Complete the wizard.
    8. After the package and program are complete, choose to deploy it.
    9. Pick the just created collection as the target collection, and complete the wizard with the desired settings.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.