Important Notice: On February 29th, this community will be put into read-only mode. All existing posts will remain but customers will be unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Deploying Enhanced Mitigation Experience Toolkit (EMET 3.0)

I am trying to deploy Emet 3.0 via PDQ Deploy. I don't get it working 100%.

step 1:The package installation works fine (EMET Setup.msi msiexec.exe /i "EMET Setup.msi" ALLUSERS=1 /q /norestart)
step 2:The command to import an xml-file doesn't "C:\Program Files (x86)\EMET\Deployment\Protection Profiles\all.xml"

when I manually run the cmd on my machine it works fine, but when I run it via PDQ deploy it doesn't.
This is the command I am running:

"c:\program files (x86)\emet\emet_conf.exe" --import "c:\program files (x86)\emet\deployment\protection profiles\all.xml"

It ends with the following error from PDQ Deploy: Installer returned error code 1

0

Comments

7 comments
Date Votes
  • If you put the command in to a batch file like emet-import.cmd) and run that, does it work?

    The problem might be the 32 vs 64 bit context.

    The other question is where is the XML data imported to. Registry? If so, HKCU or HKLM?

    0
  • Just want to make sure that the second step is, in fact, a Command step and not a Package.

    Error 1 could be a number of things. It could mean that the file, emet_conf.exe,  wasn't found. It could also just be a general failure code returned  by emet_conf.exe. If it works when you run the command locally it could be that the import only works when run interactively (in a logged user context).

    This is one point that Selfman is making when he asks where the data is being imported. If it is placed in the registry then it is important to know if it goes in HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE.

    If the target machine is running a 32-bit version of Windows then you would most assuredly get an error 1 since the path   "C:\Program Files (x86)\EMET\Deployment\Protection Profiles\all.xml" wouldn't exist.

    0
  • Hi thanks you both for your quick replies.

    - The pc's I am deploying to are Windows 7 64-bit Enterprise machines, so the command should be ok.

    - The batchfile also ends in the same error 1

    - The data is imported to the registry into HKLM as far as I can see. All the settings are under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET

    0
  • Is the XML infrmormation imported to the registry?
    Does the XML exist in the target location?
    What are the access rights to the folder with the XML file and the XML file itself.

    0
  • The xml file is not imported to the registry

    The xml file does exist in the target location. It's installed by the 'emet setup.msi'. The xml file is at this location: C:\Program Files (x86)\EMET\Deployment\Protection Profiles\all.xml

    I am running the Deployment via the localadmin on the machine. The localadmin has full control on the folder.

     

    0
  • I would run the ProcessMonitor, monitor the whole installation and then look for the XML in the log. Because at the moment it is absolutely unclear what is happening there.

    0
  • I am also trying to install EMET(4.0). I believe the issue may be related to emet_conf.exe. When I launch this after installing EMET with PDQ it tries to access the installer which no longer exists in the PDQ directory C:\Windows\PDQDeployRunner\. There is some good information in the EMET 4.0 Users guide that may help even though it's for SCCM(GASP!). Here's it's suggestion for the configuration. 

    3.1.4 Create the EMET Configuration Package and Program
    1. Place the following 4 files in a source directory that will be used as the source for the EMET configuration package. These files can be gathered from the source directory of the EMET client after it has been installed on a system. NOTE: If all of the files are not included EMET configuration will not work.

    a. Popular Software.XML (from the applications folder \EMET\Deployment\Protection Profiles)
    b. EMET_Conf.exe (from the applications folder \EMET)
    c. HelperLib.dll (from the applications folder \EMET)
    d. MitigationInterface.dll (from the applications folder \EMET)
    e. PKIPinningSubsystem.dll (from the applications folder \EMET)
    2. From Software Library | Packages choose to Create Package.
    3. Name the package, and choose this package containing the source files. Provide the path where the four files referenced in step 1 are sourced.
    4. Choose standard program.
    5. Name the program, and set the command line to be EMET_Conf.exe --import “Popular Software.xml”. NOTE: This is just an example, using the “Popular Software” protection profile provided by the EMET team. It is possible to modify this profile or use one of the other protection profiles provided by EMET. The file to be imported needs just to be referenced and included in the EMET configuration package.
    6. Set the program to run hidden, and whether or not a user is logged on.
    7. Complete the wizard.
    8. After the package and program are complete, choose to deploy it.
    9. Pick the just created collection as the target collection, and complete the wizard with the desired settings.

     

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post