EMET 5.2 - client initiated event forwarding RRS feed

  • Question

  • I'm trying to set up client initiated event forwarding of EMET (v5.2) events from windows 8.1 clients to a WS2012 R2 collector.

    From the client I can export the custom view using the gui and output this as an XML. Viewing it seems to show that everything I need is in there... so I moved to the server (WS 2012 R2) which is to be the collector. I had a quick look in the event sources and EMET is not there?! either way I thought I would import it to see if a source would become visible... It didn't. It just created a custom view where some settings were carried across but not the source and event codes.

    I then deleted this and tried importing from the command line to see if there would be an error message and there was...

    wecutil cs C:\EMET_Events.xml
    Root node of config file is not Subscription or in correct namespace. Error = 0x80070057.
    The parameter is incorrect.

    Does anybody know how to add the event source for EMET to the collector side windows event viewer without installing EMET on there.



    Thursday, August 13, 2015 2:38 PM