none
Update All.xml on clients

    Question

  • Hello all.

    I have installed emet 3.0 on 130 computers from SCCM 2007.

    Installed with the all.xml protection profile.

    Now i need to disable SEHOP for Chrome.exe on all computers.

    Updated the all.xml file on sccm server with this line:  (ref emet v3.0 user guide)

    <MiMitigation Enabled="false" Name="SEHOP"/> (chrome section)

    Deployed the file (EMET_Conf.exe --import All.xml) to some test computers.

    Sccm log says the program ran succesfully.

    When i look in configure apps in emet, SEHOP is still enabled for for chrome.exe.

    I can see that the all.xml file on the client is not the one i try to deploy from sccm. (File is not imported to the client)

    Any ideas how to fix this problem?

    Thursday, March 21, 2013 2:32 PM

Answers

  • Hi Roar 66,

    If SCCM has the ability to run the following command on each of the PCs for you (i.e. in an automated fashion), it should resolve the issue. Please note that the double quotes " " are to be included the command that you type.

     
    EMET_Conf.exe --set "*\chrome.exe" -SEHOP

    My knowledge of SCCM and Group Policy is very limited so the above suggestion may not work for you. I don’t expect you to have to run this command individually on every single PC since it would be too tedious and time consuming.

    My apologies that my knowledge does not extend to the SCCM and Group Policy deployment features of EMET.

    I hope the above suggestion is of assistance to you. Thank you.

    • Edited by JamesC_836 Friday, March 22, 2013 10:59 AM
    • Marked as answer by Roar 66 Monday, March 25, 2013 7:44 AM
    Thursday, March 21, 2013 9:05 PM
  • For reference, if a person is not using EMET with SCCM (e.g. a small business user or a home user)(i.e. where the number of systems with EMET installed is small enough to manage/configure manually), an alternative to using the command line to resolve this issue with Google Chrome would be the following:

    For Windows XP:

    Open EMET as follows:

    1. Press the Start button. Click All Programs and navigate to the following folder, Enhanced Mitigation Experience Toolkit. Finally click the EMET 3.0 icon.

    -----------------------------------------------------------

    For Windows Vista and Windows 7:

    Press the Start button. Click All Programs and navigate to the following folder, Enhanced Mitigation Experience Toolkit. Finally click the EMET 3.0 icon.

    Click Yes or enter your administrator password to continue if UAC (User Account Control) is enabled.

    -----------------------------------------------------------

    For Windows 8:

    1. Press the Windows key to display the Windows Start screen. Type the letters “emet” (without the quotes)

    2. The gray EMET lock icon should appear on the left side of the screen. Click this icon. Click Yes or enter your administrator password to continue if UAC (User Account Control) is enabled.

    -----------------------------------------------------------

    When the EMET application is open. Click the Configure Apps button:

    Direct Link To Image:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMETConfigureAppsStep.png

    Scroll down the list of protected applications and un-tick the SEHOP mitigation for chrome.exe:

    Direct Link To Image:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Google_Chrome_with_SEHOP.png

    Click OK to save the changes and restart Google Chrome if it is already running.

    Further related information is provided in the following thread:

    http://social.technet.microsoft.com/Forums/en-US/emet/thread/d64fb832-8bd3-44a7-a583-b37c264ad9fc

    I hope this helps. Thank you.

    • Edited by JamesC_836 Monday, March 25, 2013 2:56 PM Minor edit
    • Marked as answer by Roar 66 Wednesday, January 27, 2016 12:43 PM
    Monday, March 25, 2013 12:20 PM

All replies

  • Hi Roar 66,

    If SCCM has the ability to run the following command on each of the PCs for you (i.e. in an automated fashion), it should resolve the issue. Please note that the double quotes " " are to be included the command that you type.

     
    EMET_Conf.exe --set "*\chrome.exe" -SEHOP

    My knowledge of SCCM and Group Policy is very limited so the above suggestion may not work for you. I don’t expect you to have to run this command individually on every single PC since it would be too tedious and time consuming.

    My apologies that my knowledge does not extend to the SCCM and Group Policy deployment features of EMET.

    I hope the above suggestion is of assistance to you. Thank you.

    • Edited by JamesC_836 Friday, March 22, 2013 10:59 AM
    • Marked as answer by Roar 66 Monday, March 25, 2013 7:44 AM
    Thursday, March 21, 2013 9:05 PM
  • Hi JamesC_836

    Yes, this command fixes my problem.

    Thanks for your help.


    • Edited by Roar 66 Monday, March 25, 2013 8:44 AM
    Monday, March 25, 2013 7:44 AM
  • Hi JamesC_836

    Yes, this command fixes my problem.

    Thanks for your help.


    Hi Roar 66,

    You're very welcome. I am really glad that I was able to assist you.

    Thanks for letting me know the above command resolved the issue and for marking my post as an answer.

    Monday, March 25, 2013 10:38 AM
  • For reference, if a person is not using EMET with SCCM (e.g. a small business user or a home user)(i.e. where the number of systems with EMET installed is small enough to manage/configure manually), an alternative to using the command line to resolve this issue with Google Chrome would be the following:

    For Windows XP:

    Open EMET as follows:

    1. Press the Start button. Click All Programs and navigate to the following folder, Enhanced Mitigation Experience Toolkit. Finally click the EMET 3.0 icon.

    -----------------------------------------------------------

    For Windows Vista and Windows 7:

    Press the Start button. Click All Programs and navigate to the following folder, Enhanced Mitigation Experience Toolkit. Finally click the EMET 3.0 icon.

    Click Yes or enter your administrator password to continue if UAC (User Account Control) is enabled.

    -----------------------------------------------------------

    For Windows 8:

    1. Press the Windows key to display the Windows Start screen. Type the letters “emet” (without the quotes)

    2. The gray EMET lock icon should appear on the left side of the screen. Click this icon. Click Yes or enter your administrator password to continue if UAC (User Account Control) is enabled.

    -----------------------------------------------------------

    When the EMET application is open. Click the Configure Apps button:

    Direct Link To Image:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMETConfigureAppsStep.png

    Scroll down the list of protected applications and un-tick the SEHOP mitigation for chrome.exe:

    Direct Link To Image:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Google_Chrome_with_SEHOP.png

    Click OK to save the changes and restart Google Chrome if it is already running.

    Further related information is provided in the following thread:

    http://social.technet.microsoft.com/Forums/en-US/emet/thread/d64fb832-8bd3-44a7-a583-b37c264ad9fc

    I hope this helps. Thank you.

    • Edited by JamesC_836 Monday, March 25, 2013 2:56 PM Minor edit
    • Marked as answer by Roar 66 Wednesday, January 27, 2016 12:43 PM
    Monday, March 25, 2013 12:20 PM