locked
Numerous Questions Relating to EMET and GPO settings RRS feed

  • Question

  • I have imported the necessary adml and admx files to sysvol, created a GPO for EMET, and enabled the three default protection profiles within the policy.  I then issued the EMET_conf.exe --refresh command on a test client to make these settings effective within EMET.  My questions are as follows:  

    -In EMET v3.5, does Microsoft plan to NOT require issuing the EMET_conf.exe --refresh command to make the GPO settings effective within EMET?  It surprised me this step is required because the application of group policies has always been as easy as rebooting and\or logging off and back on again.

    -Given the applications configured to run EMET do not show up within the EMET GUI Configure Apps button and the Event Viewer when launching EMET, I was curious if Microsoft planned on changing this in EMET v3.5.  Specifically, if the GPO settings are enforcing the default protection profiles for all of the Microsoft and 3rd party applications, why do they not show up in these two areas (I am aware a EMET_conf.exe --list command shows the applications). Perhaps the Configure Apps button could show them, but have them greyed out because they are configured via group policy.  This is certainly more of a cosmetic issue than a technical issue, but it would be nice to have the applications covered show up in all applicable areas.

    -When the GPO settings are for sure in place for all of the applications covered in the default protection profiles, is there any need to configure the System Mitigations via the policy?  I wouldn't think so because each application listed is abiding by all 7 mitigations, or those which it only supports. 

    Thanks in advance to anyone who can shed some light on the above questions.

    Tuesday, December 4, 2012 5:35 PM

Answers

  • From Microsoft:

    -There are no plans to address EMET_conf.exe --refresh needing to be ran for v3.5, but v4.0 will most likely handle this automatically

    -EMET will most likely show the GPO enabled applications in v3.5

    -Configuring the System Mitigations in addition to the protection profiles will enforce them for all other apps not configured through EMET

    My above questions are therefore answered.

    • Marked as answer by Stevo26134 Friday, December 7, 2012 2:47 PM
    Wednesday, December 5, 2012 7:15 PM

All replies

  • From Microsoft:

    -There are no plans to address EMET_conf.exe --refresh needing to be ran for v3.5, but v4.0 will most likely handle this automatically

    -EMET will most likely show the GPO enabled applications in v3.5

    -Configuring the System Mitigations in addition to the protection profiles will enforce them for all other apps not configured through EMET

    My above questions are therefore answered.

    • Marked as answer by Stevo26134 Friday, December 7, 2012 2:47 PM
    Wednesday, December 5, 2012 7:15 PM
  • > ...but v4.0 will most likely handle this automatically

    It does not.

    > -EMET will most likely show the GPO enabled applications in v3.5

    In v4.0 it does not.

    Monday, July 8, 2013 9:29 AM