EMET 5.5 vs BitLocker RRS feed

  • Question

  • Whenever I try to enable DEP System-Wide, EMET will say BitLocker needs to be suspended. I don't use BitLocker, never will. I only use TrueCrypt. I click on the message to suspend BitLocker, it then says that BitLocker couldn't be suspended, and then give me this error.

    (I can't post links yet, sorry).

    I talked to 3 Microsoft Tech helpers and none could help me, even with remote connections.

    I've been re-installing Windows 7 on numerous spare drives and I noticed that I can only enable DEP if I encrypt my drive with BitLocker (because then BitLocker's "protection" will be active and EMET will be able to suspend it).

    What I tried so far:

    - bcdedit.exe /set {current} nx AlwaysOn

    - EMET_Conf.exe --system --force dep=ApplicationOptOut

    - I also edited the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\EnableUnsafeSettings registry KEY, with no avail.

    Is there a way to trick EMET I have BitLocker running?

    EDIT: After rebooting, I could see that the command given to me by the last MS technician was correct, I just needed  to reboot.

    What solved to me:

    • Open CMD as Administrator.

    If you want DEP to always on, paste the following command (without quotes): "bcdedit.exe /set {current} nx AlwaysOn"

    If you want DEP to Application Opt Out, paste the following command (without quotes): "bcdedit.exe /set {current} nx OptOut"

    Then reboot.

    If you open EMET now, you'll see that the selected option is correct to what you specified on CMD before rebooting.

    If you want to change DEP settings again, do the same thing via CMD, then reboot. Don't try to change it via EMET GUI otherwise you'll still get that error.

    Hope this helps :)

    • Edited by AmarildoSjr Wednesday, March 30, 2016 9:42 PM
    Wednesday, March 30, 2016 8:41 PM

All replies

  • I tried 
    • Open CMD as Administrator. and rune bcdedit.exe /set {current} nx OptOut" but after reboot, the DEP still point to default value.

    any thing did you try ?

    Tuesday, July 19, 2016 5:50 AM
  • Eventually, I have to install the bit locker without configure it
    Friday, July 29, 2016 3:19 AM