locked
EMET + GPO: How to Disable Default Protections RRS feed

  • Question

  • Hi,

    I have rolled out EMET 4.1 and configured it via GPO. When I first deployed it, Default Protections for Internet Explorer, Recommended Software and Popular Software were activated. Now, after some issues came up I want to configure every application myself.

    Now to my problem:

    I can’t deactivate the Default Protections, every time I try to set them to disabled they go back to not configured. Does anybody know how to fix this? Also, if these Default Protections are not enabled does EMET then use the Setting from the Registry?

    Wednesday, May 21, 2014 1:18 PM

All replies

  • I have to say that I do not have any experience with configuring EMET via GPO's. I guess you disabled the GPO settings but are the registry values also removed under the registry key 'HKLM/Software/Policies/Microsoft/EMET'. When you change the EMET GPO and you have updated the policies on the computer with 'gpupdate /Target:Computer /Force' you have to wait a few seconds and use the command "emet_conf.exe --refresh" to update EMET mitigation settings. You can then use the command "emet_conf.exe --list" to display all the application mitigation settings for EMET, showing the settings configured locally (EMET_GUI or EMET_CONF) first, followed by the settings configured via Group Policy.

    W. Spu

    • Proposed as answer by W. Spu Friday, May 30, 2014 4:46 PM
    Wednesday, May 21, 2014 8:08 PM