EMET and DEP

  I’ve seen various questions recently around the use of EMET and DEP for protecting processes.  Prior to launching into this I highly recommend reading Rob Hensing’s old but good articles on this at http://blogs.technet.com/b/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-1.aspx and http://blogs.technet.com/b/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx . Getting first things out of the way DEP is an OS/System Mitigation.  EMET does not have a…

1

Updated EMET.admx file to enable disabled settings for Default sets

  An EMET customer pointed out that for the Default Sets in the .admx GPO’s the “Disabled” setting wasn’t actually doing anything.  After some review of it appeared that these 3 settings have an <enabledList> however no <disabledList> in the GPO to control them which in turn meant the Disabled button didn’t perform a removal…

0

Creating Exclusions from the Default Sets in EMET ADMX GPO’s

  I’m going to preface this with I do not recommend usage of our .admx GPO’s currently for EMET.  With that being said some customers are required to use them from a compliance perspective so this may help you with your role. If you use the .admx settings for EMET and have ever realized that…

5

Managing Trusted Sites via Policy for EMET ASR

  Part of the new functionality of EMET allows you to block or allow plugins in IE based on the zone that a web site is located in.  The default example is the java plugin is blocked on the “Internet” zone but allowed on the “Intranet” and “Trusted” sites zones.  Currently the recommendation is to…

2

Testing the ASR feature for Office documents in EMET 5.0

  Had a customer recently ask me how to test the ASR feature for EMET 5.0 so figured I would write this up to help others as well.  Keep in mind there are 2 different sets of programs that utilize ASR one is IE and the other is Office programs or more specifically Word, Excel…

7

Managing IE Sites for EMET with ASR (Attack Surface Reduction)

  If you haven’t started testing EMET 5.0 please consider doing so especially if you are charged with piloting the product for your organization as this version is the latest and has more fixes and protections than are available in the 4.x platform.  One of the great new features we introduced with 5.0 is ASR…

0

Setting EMET Local Configuration via GPP

Our PG released EMET 5.0 yeah and it works pretty well and has some cool new functionality such as actually blocking on pin rules and the new ASR feature which I feel is very cool too. A big fix was the fact that there is a service now and that service will properly refresh GPO…

10

Troubleshooting an EMET Mitigation Application Crash

  In the process of deploying and piloting EMET there is a definite possibility that a legitimate application will not function properly with EMET. Lets try to set some expectations here there are basically 2 things you can do when this occurs: Work with the developer of the application and see if they can make…

6

Configuring EMET via GPO/GPP w/o using the ADMX files

[UPDATE 7/23/2014] I've create a wiki page at http://social.technet.microsoft.com/wiki/contents/articles/25585.emet-gpo-gpp-using-task-scheduler-to-import-emet-settings.aspx that condenses these steps and adds a few new items and is open to collaborative editing as well so you may want to view that as well [/UPDATE??] If you have deployed EMET in an enterprise setting you have probably realized there are basically 2 different…

7

Automatically refreshing EMET GPO’s

If' you’ve tried configuring EMET via GPO’s you’ve probably come to realize that while the GPO’s may process normally and change registry keys locally on the system it does not actually affect the running configuration of EMET.   From the user guide for EMET see the following “Once EMET Group Policies are enabled, they will be…

16