none
DEP/ASLR Policy settings are ineffective by default

    Question

  • I've recently upgraded from EMET 5.2 to 5.5 (including creating a brand new GPO using the new templates) and on every PC I've installed it on we get the follow warning message:

    "DEP/ASLR Policy settings are ineffective by default; see user's guide on how to enable them"

    However I can't see where in the user guide it says to.

    DEP is set to Always On (via GPO) and ASLR is Application Opt-In (via GPO).

    Other than that EMET seems to be working.

    Thursday, February 4, 2016 3:15 PM

All replies

  • I am also having this issue.  At this point, my online search has not resulted in any answers.  I have tried a few different settings and none have worked.  I always get that message.  Hopefully someone has an answer.
    Thursday, February 11, 2016 2:08 PM
  • Same issue here. Can anybody help us?


    Thanks!

    Thursday, February 18, 2016 8:05 AM
  • Same issue here on Windows 2012 R2 server.
    Thursday, February 18, 2016 2:10 PM
  • This seems to happen when DEP and ASLR settings are managed by the Registry (though I cannot find where these 2 settings are hidden) and by GPO.

    Remove the GPO settings and the message also disappears.

    Surely something specific to 5.5 (bug?) as this was not the case with 5.2

    Friday, February 19, 2016 2:42 PM
  • I dont think this is an error just a warning. If you import the group policy all settings are on "not configured".

    So EMET is warning you because it is managed by group policy, telling you you need to set the DEP and SEHOP Settings to Enabled in the GPO.

    Would like confirmation from MS on this.

    Wednesday, February 24, 2016 11:58 AM
  • When I install EMET 5.5 on my machine (without GPO first) then no message.
    DEP=AlwaysOn SEHOP=ApplicationOptOut ASLR=ApplicationOptIn Pinning=Enabled

    When I link GPO then message appears.
    Registry and GPO settings are aligned.

    Did you try to set DEP via EMET GUI? Pop-ups about Bitlocker appears.
    I set it via bcdedit.exe /set {current} nx AlwaysOn
    Message is still visible.

    EMET configuration for System mitigations (Registry) is:
    DEP: Always On
    SEHOP: Application Opt Out
    ASLR: Application Opt In
    Pinning: Enabled

    EMET configuration for System mitigations (GPO) is:
    DEP: Always On
    SEHOP: Application Opt Out
    ASLR: Application Opt In
    Pinning: Enabled

    Wednesday, February 24, 2016 12:32 PM
  • Also having this issue
    Friday, May 27, 2016 4:01 PM
  • Any news on this one ?

    I'm getting the same problem EMET 5.5 with admx

    Tuesday, June 7, 2016 7:45 AM
  • I would like to emphasize once more that I dont think this is a real issue. Just a notification telling you that you have to configure it to enable it.
    One would expect the message to disappear after you did enable it, but the tool doesnt seem so smart.

    "DEP/ASLR Policy settings are ineffective by default; see user's guide on how to enable them"

    It doesnt say that it is not enabled, just that you have to enable for it to work.

    Tuesday, June 7, 2016 10:55 AM
  • It throws a 'Unhandled excepetion' and the program stops working !! 

    So it is a real issue ;)

    Tuesday, June 7, 2016 11:45 AM