locked
EMET 5.5 not importing protections configuration from config xml file RRS feed

  • Question

  • Hi!

    We have deployed EMET 5.5 on some Windows 7 Pro x64 with Software Distribuion GPO. We have make a special configuration, and exported it to an xml from GUI or from command. We have decided to distribute the configuration xml file following this article

    http://itcalls.blogspot.com.es/2015/02/how-to-prevent-users-from-changing-emet.html

    To test it, we disable all the protections on a test PC (DEP, SEHOP, ASLR and Certificate Trust) and reboot the compuerts and When system restarts, the configuration seems not to be imported, cause the EMET protections are still disabled. Importing the config file do not enable the EMET protections, so if a user disabled EMET protection we can not reenable with config import.

    If we do a configuration import from the EMET GUI or from command line (EMET_Conf --import \\domain\netlogon\config.xml  and restart the EMET_Service, or restart the PC, the EMET protections are still disabled.

    Any ideas?

    This is the beginning of the config file

    <EMET Version="5.5.5871.31890">
      <Settings>
        <ExploitAction Value="StopProgram" />
        <AdvancedSettings DeepHooks="True" AntiDetours="True" BannedFunctions="True" />
        <Reporting Telemetry="True" TrayIcon="False" EventLog="True" />
        <SystemSettings DEP="Always On" SEHOP="Application Opt Out" ASLR="Application Opt In" Pinning="Enabled" />
      </Settings>






    Monday, February 15, 2016 10:56 AM

All replies

  • I have a base configuration PC, where I have enabled all Protections and added apps to protect. Then, I export it from the GUI or from command line to an xml file

    EMET BASE PC CONFIG

    I have deployed EMET on another PC, and when I import the xml config file (from GUi or with EMET_conf --import), DEP and ASLR are disabled, on the GUI and from EMET_Config --list_system

    ANOTHER PC IMPORT CONFIG XML FILE

    Why is this? How can get DEP and ASLR enabled from config xml file?


    • Proposed as answer by DiamondM121 Wednesday, July 13, 2016 1:45 PM
    Thursday, February 18, 2016 11:30 AM
  • Hello InformaticaCHJ. I'm not sure why EMET does not import the System configuration, although its settings are declared in the XML. It may be a bug in the software, since the application list and its associated mitigations is getting imported just fine. 

    The workaround I implemented for this issue, was to build a small script to 1. Delete the current application list, 2. Import my application list, 3. Configure the System configurations, all of this using the EMET_Config.EXE process.

    Net Stop EMET_SERVICE
    EMET_Config.exe /Delete_ALL #This is not required, I do it because I am updating the mitigation policy as I test each application, and for some reason, what has been added is not removed if the object is not in the next imported XML.
    EMET_Config.exe /import C:\Program Files\EMET 5.5\Deployment\Custom_XML.xml #Replace this path for the path to your XML.
    EMET_Config.exe /system SEHOP=ApplicationOptOut Pinning=Disabled #Here you will continue adding the System mitigation & configuration you want to implement.
    Net Start EMET_SERVICE
    Hope this helps! Although it came 5 months late.

    Miguel Angel Mojica IT Administrator Server Administrator MTA CCNA CCDA

    Wednesday, June 29, 2016 4:35 PM