Group Policy Implementation: Adding Exceptions to System Wide DEP RRS feed

  • Question

  • Hey All,

    I have an issue with configuring EMET via Group Policy and the precedence for individual application configuration. The machine that is affected is a Server 2012 Virtual Machine in a domain with group policy pushed out by another Server 2012 Virtual Machine.

    At the moment, we need to have system wide DEP enabled as part of our security requirements and this has been configured via Group Policy. However, one program/service we need to run is being picked up by EMET and is being blocked. I have narrowed this down to be a block by the DEP mitigation.

    I have tried so far to then add some Application Configuration to the same Group Policy Object that controls System Wide DEP. I add *\syslogd\syslogd_service.exe and --force -DEP which I assume takes the path of the executable that starts the service and forces a DEP exception. I can run EMET_conf --list on the client server and see that indeed syslogd_service.exe is listed in the applications and that DEP is not in its list of mitigations.

    However, I still do not have the power to turn on the service. It behaves as if the DEP mitigation still exists.

    I have tried explicitly disabling system-wide DEP, enabling the exception, forcing GP update, refreshing EMET, restarting the server, enabling system-wide DEP and repeating, with no success.

    Is this an issue with EMET, or with how I am approaching this problem? 

    Thanks. :)

    Tuesday, July 4, 2017 11:50 PM