EMET 3.0 not enabled or activated on some client computers RRS feed

  • Question

  •   Hi,

      We have deployed EMET 3.0 to our organization to mitigate the IE9 exploit that is currently in the wild. We’re seeing some mixed results in our environment. We deployed the application, setup a GPO, ran EMET_Conf.exe --refresh, and restarted Internet Explorer. When we examine the EMET GUI on a random sampling of computers, we have seen some clients that don’t have EMET running/protecting iexplore.exe and some clients that do. There doesn’t seem to be anything in common across the organization. We have seen where restarts have resolved the problem and some that the restart doesn’t seem to have any effect at all.

      Is there any more advice that someone could offer that would give us an idea of how to overcome this issue? We followed the EMET User’s Guide closely yet we are still seeing this issue. There are no dashboards or consoles that we can use to gauge what our true status is at the moment.



    Wednesday, September 19, 2012 11:46 PM

All replies

  • Seems like the same problem we're seeing.

    EMET is installed and running, the registry key in HKLM\Software\Policies\Microsoft\EMET\defaults is set for IE with a value of *\Internet Explorer\iexplore.exe.

    Running the emet_conf --refresh doesn't seem to be working, in some cases rebooting the machine has resolved the issue but not in others.  Further adding to the frustration, some clients are functioning normally with EMET working as expected.

    It's quite frustrating not having a reliable way to know how many clients are actually protected since the installation seems to be hit or miss.

    Thursday, September 20, 2012 12:05 AM