locked
EMET 4.1 Changes RRS feed

  • Question

  • We currently use EMET 4.0 and noticed that EMET 4.1 is currently out. A few questions come to mind:

    1. If we deployment EMET 4.1 with our existing 4.0 group policy work with 4.1 until we can update all 4.0 EMET clients?
    2. If we update the ADMX files to support 4.1, will we still have access to 4.0 policy settings, or do those need to be backed out first?

    Friday, December 6, 2013 3:47 PM

Answers

  • 1.) Yes
    2.) Yes and No

    The following changes exist between the admx files:

    >fc ".\EMET 4.0\EMET.admx" "\EMET 4.1\EMET.admx"
    Vergleichen der Dateien .\EMET 4.0\EMET.admx und .\EMET 4.1\EMET.ADMX
    ***** .\EMET 4.0\EMET.admx
              <value>
                <string>*\Adobe\Reader*\Reader\AcroRd32.exe</string>
              </value>
    ***** .\EMET 4.1\EMET.admx
              <value>
                <string>*\Adobe\Reader*\Reader\AcroRd32.exe -MemProt</string>
              </value>
    *****

    ***** .\EMET 4.0\EMET.admx
              <value>
                <string>*\Adobe\Acrobat*\Acrobat\Acrobat.exe</string>
              </value>
    ***** .\EMET 4.1\EMET.admx
              <value>
                <string>*\Adobe\Acrobat*\Acrobat\Acrobat.exe -MemProt</string>
              </value>
    *****

    ***** .\EMET 4.0\EMET.admx
              <value>
                <string>*\Java\jre6\bin\java.exe</string>
              </value>
    ***** .\EMET 4.1\EMET.admx
              <value>
                <string>*\Java\jre6\bin\java.exe -HeapSpray</string>
              </value>
    *****

    ***** .\EMET 4.0\EMET.admx
              <value>
                <string>*\Java\jre6\bin\javaw.exe</string>
              </value>
    ***** .\EMET 4.1\EMET.admx
              <value>
                <string>*\Java\jre6\bin\javaw.exe -HeapSpray</string>
              </value>
    *****

    ***** .\EMET 4.0\EMET.admx
              <value>
                <string>*\Java\jre6\bin\javaws.exe</string>
              </value>
    ***** .\EMET 4.1\EMET.admx
              <value>
                <string>*\Java\jre6\bin\javaws.exe -HeapSpray</string>
              </value>
    *****

    ***** .\EMET 4.0\EMET.admx
              <value>
                <string>*\Java\jre7\bin\java.exe</string>
              </value>
    ***** .\EMET 4.1\EMET.admx
              <value>
                <string>*\Java\jre7\bin\java.exe -HeapSpray</string>
              </value>
    *****

    ***** .\EMET 4.0\EMET.admx
              <value>
                <string>*\Java\jre7\bin\javaw.exe</string>
              </value>
    ***** .\EMET 4.1\EMET.admx
              <value>
                <string>*\Java\jre7\bin\javaw.exe -HeapSpray</string>
              </value>
    *****

    ***** .\EMET 4.0\EMET.admx
              <value>
                <string>*\Java\jre7\bin\javaws.exe</string>
              </value>
    ***** .\EMET 4.1\EMET.admx
              <value>
                <string>*\Java\jre7\bin\javaws.exe -HeapSpray</string>
              </value>
    *****

    ***** .\EMET 4.0\EMET.admx
              <value>
                <string>*\Windows Live\Photo Gallery\WLXPhotoGallery.exe</string>
              </value>
    ***** .\EMET 4.1\EMET.admx
              <value>
                <string>*\Windows Live\Photo Gallery\WLXPhotoGallery.exe -Caller</string>
              </value>
    *****

    ***** .\EMET 4.0\EMET.admx
              <value>
                <string>*\7-Zip\7z.exe</string>
              </value>
    ***** .\EMET 4.1\EMET.admx
              <value>
                <string>*\7-Zip\7z.exe -EAF</string>
              </value>
    *****

    ***** .\EMET 4.0\EMET.admx
              <value>
                <string>*\7-Zip\7zG.exe</string>
              </value>
    ***** .\EMET 4.1\EMET.admx
              <value>
                <string>*\7-Zip\7zG.exe -EAF</string>
              </value>
    *****

    ***** .\EMET 4.0\EMET.admx
              <value>
                <string>*\7-Zip\7zFM.exe</string>
              </value>
    ***** .\EMET 4.1\EMET.admx
              <value>
                <string>*\7-Zip\7zFM.exe -EAF</string>
              </value>
    *****

    • Marked as answer by Oldguard Thursday, December 12, 2013 4:05 PM
    Monday, December 9, 2013 10:16 AM