EMET 4.0

Hello All,
I have a real problem with EMET. Starting today, every time I open IE this statement pops up.
"EMET 4.0
EMET detected that the SSL
certificate for ".facebook.com" is not
trusted by the rule "FacebookCA"
associated with the domain
"www.facebook.com"
I have tried to find out what this is an can not get any help from Microsoft. I have never been on Facebook. What in the world is this and how do I get rid of it?
Thanks, BIG TEX in FTW.

The message is about the new Configure Certificate Trust - the FacebookCA rule is set to expire on 12/30/2013.
If you open up EMET 4.0, click on TRUST ( CONFIGURE CERTIFICATE TRUST) --> Click on the Pinning Rules Tab --> Under Rule Expiration for FacebookCA you can change the rule to expire next month or later and the message will go away. You can
set it to when the YahooCA rule will expire on 3/13/2014 if you like and you won't receive the message anymore.
Not sure if the default template rules will be updated automatically or if they need to be manually updated. The Certificate stuff is all new to Emet 4.0 and I have yet to read up on all the configuration settings, etc.
You might not be on facebook but many websites incorporate facebook logins and like buttons on them, thus is why you see the EMET message since the default template rule for FacebookCA expired today.

Similar Messages

Cannot install EMET Notifier 4.1 or 5.0 Tech Preview

I uninstalled EMET notifier 3 to try out the new 5.0 tech preview. However when trying to install I get an error saying "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your
support personnel or package vendor."
I tried installing 4.1 and get the same error. I am running Windows 8.1 Home Premium and have .Net 4 installed. I have turned on verbose logging, apologies for the massive amount of data but I didn't want anything to get missed.
The log file is below. Can anyone suggest what might be going wrong?
\Edit - The log below is pretty heavy reading, but the line that seems to be causing the trouble is:
CustomAction DIRCA_CheckFX returned actual error code 1157 (note this may not be 100% accurate if translation happened inside sandbox)
Solution
The solution is to go into c:\users\"username"\AppData\Local\ then right click on "temp" and choose "properies". Choose "security" --> edit --> add, and add the username you are using, and give yourself all rights.
I got this information from http://sourceforge.net/p/googlesyncmod/support-requests/225/?page=0
Many thanks,
Ian
=== Verbose logging started: 30/04/2014 11:25:31 Build type: SHIP UNICODE 5.00.9600.00 Calling process: C:\WINDOWS\System32\msiexec.exe ===
MSI (c) (C4:6C) [11:25:31:363]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg
MSI (c) (C4:6C) [11:25:31:364]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg
MSI (c) (C4:04) [11:25:31:373]: Resetting cached policy values
MSI (c) (C4:04) [11:25:31:373]: Machine policy value 'Debug' is 0
MSI (c) (C4:04) [11:25:31:373]: ******* RunEngine:
           ******* Product: C:\Users\Ian\Downloads\EMET Setup.msi
           ******* Action:
           ******* CommandLine: **********
MSI (c) (C4:04) [11:25:31:374]: Machine policy value 'DisableUserInstalls' is 0
MSI (c) (C4:04) [11:25:31:381]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\Users\Ian\Downloads\EMET Setup.msi' against software restriction policy
MSI (c) (C4:04) [11:25:31:381]: SOFTWARE RESTRICTION POLICY: C:\Users\Ian\Downloads\EMET Setup.msi has a digital signature
MSI (c) (C4:04) [11:25:31:427]: SOFTWARE RESTRICTION POLICY: C:\Users\Ian\Downloads\EMET Setup.msi is permitted to run at the 'unrestricted' authorization level.
MSI (c) (C4:04) [11:25:31:431]: Cloaking enabled.
MSI (c) (C4:04) [11:25:31:431]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (C4:04) [11:25:31:433]: End dialog not enabled
MSI (c) (C4:04) [11:25:31:433]: Original package ==> C:\Users\Ian\Downloads\EMET Setup.msi
MSI (c) (C4:04) [11:25:31:433]: Package we're running from ==> C:\Users\Ian\Downloads\EMET Setup.msi
MSI (c) (C4:04) [11:25:31:435]: APPCOMPAT: Compatibility mode property overrides found.
MSI (c) (C4:04) [11:25:31:435]: APPCOMPAT: looking for appcompat database entry with ProductCode '{65BC2BDA-D828-4596-99E4-A8799C45C84C}'.
MSI (c) (C4:04) [11:25:31:435]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (C4:04) [11:25:31:440]: MSCOREE not loaded loading copy from system32
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'TransformsSecure' is 0
MSI (c) (C4:04) [11:25:31:443]: User policy value 'TransformsAtSource' is 0
MSI (c) (C4:04) [11:25:31:443]: Note: 1: 2262 2: MsiFileHash 3: -2147287038
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'DisablePatch' is 0
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'AllowLockdownPatch' is 0
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'DisableMsi' is 0
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (C4:04) [11:25:31:443]: User policy value 'AlwaysInstallElevated' is 0
MSI (c) (C4:04) [11:25:31:443]: Running product '{65BC2BDA-D828-4596-99E4-A8799C45C84C}' with user privileges: It's not assigned.
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'DisableLUAPatching' is 0
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (c) (C4:04) [11:25:31:443]: Enabling baseline caching for this transaction since all active patches are MSI 3.0 style MSPs or at least one MSI 3.0 minor update patch is active
MSI (c) (C4:04) [11:25:31:444]: APPCOMPAT: looking for appcompat database entry with ProductCode '{65BC2BDA-D828-4596-99E4-A8799C45C84C}'.
MSI (c) (C4:04) [11:25:31:444]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (C4:04) [11:25:31:444]: Transforms are not secure.
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\Ian\AppData\Local\Temp\MSIc9f55.LOG'.
MSI (c) (C4:04) [11:25:31:444]: Command Line: CURRENTDIRECTORY=C:\Users\Ian\Downloads CLIENTUILEVEL=0 CLIENTPROCESSID=4548
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{69FDEBF8-3A1D-4011-AAB7-980DF90F569B}'.
MSI (c) (C4:04) [11:25:31:444]: Product Code passed to Engine.Initialize:           ''
MSI (c) (C4:04) [11:25:31:444]: Product Code from property table before transforms: '{65BC2BDA-D828-4596-99E4-A8799C45C84C}'
MSI (c) (C4:04) [11:25:31:444]: Product Code from property table after transforms: '{65BC2BDA-D828-4596-99E4-A8799C45C84C}'
MSI (c) (C4:04) [11:25:31:444]: Product not registered: beginning first-time install
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Modifying ALLUSERS property. Its current value is '2'. Its new value: '1'.
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (c) (C4:04) [11:25:31:444]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (c) (C4:04) [11:25:31:444]: User policy value 'SearchOrder' is 'nmu'
MSI (c) (C4:04) [11:25:31:444]: Adding new sources is allowed.
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (c) (C4:04) [11:25:31:444]: Package name extracted from package path: 'EMET Setup.msi'
MSI (c) (C4:04) [11:25:31:444]: Package to be registered: 'EMET Setup.msi'
MSI (c) (C4:04) [11:25:31:444]: Note: 1: 2262 2: Error 3: -2147287038
MSI (c) (C4:04) [11:25:31:445]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (c) (C4:04) [11:25:31:445]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (C4:04) [11:25:31:445]: User policy value 'AlwaysInstallElevated' is 0
MSI (c) (C4:04) [11:25:31:445]: Running product '{65BC2BDA-D828-4596-99E4-A8799C45C84C}' with user privileges: It's not assigned.
MSI (c) (C4:04) [11:25:31:445]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Users\Ian\Downloads'.
MSI (c) (C4:04) [11:25:31:445]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '0'.
MSI (c) (C4:04) [11:25:31:445]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '4548'.
MSI (c) (C4:04) [11:25:31:445]: TRANSFORMS property is now:
MSI (c) (C4:04) [11:25:31:445]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (c) (C4:04) [11:25:31:445]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\Favorites
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\Documents
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Recent
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\SendTo
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Templates
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Local
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\Pictures
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\Desktop
MSI (c) (C4:04) [11:25:31:449]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (c) (C4:04) [11:25:31:449]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI (c) (C4:04) [11:25:31:450]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (c) (C4:04) [11:25:31:455]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding AdminUser property. Its value is '1'.
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (c) (C4:04) [11:25:31:455]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Ian'.
MSI (c) (C4:04) [11:25:31:455]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Users\Ian\Downloads\EMET Setup.msi'.
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\Users\Ian\Downloads\EMET Setup.msi'.
MSI (c) (C4:04) [11:25:31:455]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'C:\Users\Ian\Downloads\'.
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'C:\Users\Ian\Downloads\'.
MSI (c) (C4:6C) [11:25:31:456]: PROPERTY CHANGE: Adding VersionHandler property. Its value is '5.00'.
=== Logging started: 30/04/2014 11:25:31 ===
MSI (c) (C4:04) [11:25:31:459]: Note: 1: 2262 2: PatchPackage 3: -2147287038
MSI (c) (C4:04) [11:25:31:459]: Machine policy value 'DisableRollback' is 0
MSI (c) (C4:04) [11:25:31:459]: User policy value 'DisableRollback' is 0
MSI (c) (C4:04) [11:25:31:459]: PROPERTY CHANGE: Adding UILevel property. Its value is '5'.
MSI (c) (C4:04) [11:25:31:459]: Note: 1: 2262 2: Font 3: -2147287038
MSI (c) (C4:04) [11:25:31:460]: Note: 1: 2203 2: C:\WINDOWS\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (c) (C4:04) [11:25:31:460]: Note: 1: 2262 2: LaunchCondition 3: -2147287038
MSI (c) (C4:04) [11:25:31:460]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
MSI (c) (C4:04) [11:25:31:461]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (c) (C4:04) [11:25:31:461]: Doing action: INSTALL
MSI (c) (C4:04) [11:25:31:461]: Note: 1: 2262 2: ActionText 3: -2147287038
Action 11:25:31: INSTALL.
Action start 11:25:31: INSTALL.
MSI (c) (C4:04) [11:25:31:461]: UI Sequence table 'InstallUISequence' is present and populated.
MSI (c) (C4:04) [11:25:31:461]: Running UISequence
MSI (c) (C4:04) [11:25:31:461]: PROPERTY CHANGE: Adding EXECUTEACTION property. Its value is 'INSTALL'.
MSI (c) (C4:04) [11:25:31:461]: Doing action: DIRCA_CheckFX
Action 11:25:31: DIRCA_CheckFX.
Action start 11:25:31: DIRCA_CheckFX.
MSI (c) (C4:04) [11:25:31:462]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'DIRCA_CheckFX'
MSI (c) (C4:04) [11:25:31:463]: Creating MSIHANDLE (1) of type 790542 for thread 772
MSI (c) (C4:04) [11:25:31:463]: Invoking remote custom action. DLL: C:\Users\Ian\AppData\Local\Temp\MSI9FD2.tmp, Entrypoint: CheckFX
MSI (c) (C4:9C) [11:25:31:464]: Cloaking enabled.
MSI (c) (C4:9C) [11:25:31:464]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (C4:9C) [11:25:31:464]: Connected to service for CA interface.
CustomAction DIRCA_CheckFX returned actual error code 1157 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (c) (C4:04) [11:25:31:491]: Closing MSIHANDLE (1) of type 790542 for thread 772
MSI (c) (C4:04) [11:25:31:492]: Note: 1: 1723 2: DIRCA_CheckFX 3: CheckFX 4: C:\Users\Ian\AppData\Local\Temp\MSI9FD2.tmp
MSI (c) (C4:04) [11:25:31:492]: Note: 1: 2262 2: Error 3: -2147287038
MSI (c) (C4:6C) [11:25:31:493]: Note: 1: 2262 2: Error 3: -2147287038
Info 2898.For VSI_MS_Sans_Serif13.0_0_0 textstyle, the system created a 'MS Sans Serif' font, in 0 character set, of 13 pixels height.
MSI (c) (C4:6C) [11:25:31:494]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2835: The control ErrorIcon was not found on dialog ErrorDialog
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2835. The arguments are: ErrorIcon, ErrorDialog,
Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action DIRCA_CheckFX, entry: CheckFX, library: C:\Users\Ian\AppData\Local\Temp\MSI9FD2.tmp
MSI (c) (C4:04) [11:25:32:678]: Note: 1: 2262 2: Error 3: -2147287038
MSI (c) (C4:04) [11:25:32:678]: Product: EMET 4.1 -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action DIRCA_CheckFX,
entry: CheckFX, library: C:\Users\Ian\AppData\Local\Temp\MSI9FD2.tmp
Action ended 11:25:32: DIRCA_CheckFX. Return value 3.
MSI (c) (C4:04) [11:25:32:679]: Doing action: FatalErrorForm
Action 11:25:32: FatalErrorForm.
Action start 11:25:32: FatalErrorForm.
MSI (c) (C4:04) [11:25:32:680]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'FatalErrorForm'
MSI (c) (C4:6C) [11:25:32:681]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2826: Control Line1 on dialog FatalErrorForm extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: FatalErrorForm, Line1, to the right
MSI (c) (C4:6C) [11:25:32:681]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2826: Control Line2 on dialog FatalErrorForm extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: FatalErrorForm, Line2, to the right
MSI (c) (C4:6C) [11:25:32:682]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2826: Control BannerBmp on dialog FatalErrorForm extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: FatalErrorForm, BannerBmp, to the right
MSI (c) (C4:6C) [11:25:32:687]: Note: 1: 2262 2: Error 3: -2147287038
Info 2898.For VsdDefaultUIFont.524F4245_5254_5341_4C45_534153783400 textstyle, the system created a 'MS Sans Serif' font, in 0 character set, of 13 pixels height.
MSI (c) (C4:6C) [11:25:32:687]: Note: 1: 2262 2: Error 3: -2147287038
Info 2898.For VSI_MS_Sans_Serif16.0_1_0 textstyle, the system created a 'MS Sans Serif' font, in 0 character set, of 20 pixels height.
Action 11:25:32: FatalErrorForm. Dialog created
MSI (c) (C4:08) [11:25:32:691]: Note: 1: 2731 2: 0
Action ended 11:25:35: FatalErrorForm. Return value 1.
Action ended 11:25:35: INSTALL. Return value 3.
MSI (c) (C4:04) [11:25:35:322]: Destroying RemoteAPI object.
MSI (c) (C4:9C) [11:25:35:324]: Custom Action Manager thread ending.
Property(C): UpgradeCode = {D12F7559-47B0-4D52-B302-737539A86620}
Property(C): WindowsFolder = C:\WINDOWS\
Property(C): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(C): DesktopFolder = C:\Users\Public\Desktop\
Property(C): SystemFolder = C:\WINDOWS\SysWOW64\
Property(C): SourceDir = C:\Users\Ian\Downloads\
Property(C): VSDFrameworkVersion = v4.0
Property(C): VSDAllowLaterFrameworkVersions = False
Property(C): ProductName = EMET 4.1
Property(C): ProductCode = {65BC2BDA-D828-4596-99E4-A8799C45C84C}
Property(C): ProductVersion = 4.1
Property(C): Manufacturer = Microsoft Corporation
Property(C): ARPHELPLINK = http://social.technet.microsoft.com/Forums/en/emet/threads
Property(C): ARPCONTACT = Microsoft Corporation
Property(C): ARPCOMMENTS = Enhanced Mitigation Experience Toolkit 4.1
Property(C): ARPURLINFOABOUT = http://www.microsoft.com/emet
Property(C): ProductLanguage = 1033
Property(C): ALLUSERS = 1
Property(C): ARPPRODUCTICON = _6FEFF9B68218417F98F549.exe
Property(C): SecureCustomProperties = PREVIOUSVERSIONSINSTALLED;NEWERPRODUCTFOUND
Property(C): RedirectedDllSupport = 2
Property(C): VersionNT = 603
Property(C): VSDNETURLMSG = This setup requires the .NET Framework version [1]. Please install the .NET Framework and run this setup again. The .NET Framework can be obtained from the web. Would you like to do this now?
Property(C): VSDIISMSG = This setup requires Internet Information Server 5.1 or higher and Windows XP or higher. This setup cannot be installed on Windows 2000. Please install Internet Information Server or a newer operating system and run this
setup again.
Property(C): VSDUIANDADVERTISED = This advertised application will not be installed because it might be unsafe. Contact your administrator to change the installation user interface option of the package to basic.
Property(C): VSDNETMSG = This setup requires the .NET Framework version [1]. Please install the .NET Framework and run this setup again.
Property(C): VSDINVALIDURLMSG = The specified path '[2]' is unavailable. The Internet Information Server might not be running or the path exists and is redirected to another machine. Please check the status of this virtual directory in the Internet Services
Manager.
Property(C): VSDVERSIONMSG = Unable to install because a newer version of this product is already installed.
Property(C): AdminMaintenanceForm_Action = Repair
Property(C): EulaForm_Property = No
Property(C): FolderForm_AllUsers = ME
Property(C): FolderForm_AllUsersVisible = 0
Property(C): ErrorDialog = ErrorDialog
Property(C): SFF_UpFldrBtn = UpFldrBtn
Property(C): SFF_NewFldrBtn = NewFldrBtn
Property(C): MaintenanceForm_Action = Repair
Property(C): DefaultUIFont = VsdDefaultUIFont.524F4245_5254_5341_4C45_534153783400
Property(C): AdminEulaForm_Property = No
Property(C): WelcomeForm_NextArgs = FolderForm
Property(C): FolderForm_PrevArgs = WelcomeForm
Property(C): FolderForm_NextArgs = EulaForm
Property(C): EulaForm_PrevArgs = FolderForm
Property(C): EulaForm_NextArgs = ConfirmInstallForm
Property(C): ConfirmInstallForm_PrevArgs = EulaForm
Property(C): AdminWelcomeForm_NextArgs = AdminFolderForm
Property(C): AdminFolderForm_PrevArgs = AdminWelcomeForm
Property(C): AdminFolderForm_NextArgs = AdminEulaForm
Property(C): AdminEulaForm_PrevArgs = AdminFolderForm
Property(C): AdminEulaForm_NextArgs = AdminConfirmInstallForm
Property(C): AdminConfirmInstallForm_PrevArgs = AdminEulaForm
Property(C): LAUNCHAPP = 1
Property(C): MsiLogFileLocation = C:\Users\Ian\AppData\Local\Temp\MSIc9f55.LOG
Property(C): PackageCode = {69FDEBF8-3A1D-4011-AAB7-980DF90F569B}
Property(C): ProductState = -1
Property(C): PackagecodeChanging = 1
Property(C): CURRENTDIRECTORY = C:\Users\Ian\Downloads
Property(C): CLIENTUILEVEL = 0
Property(C): CLIENTPROCESSID = 4548
Property(C): VersionDatabase = 200
Property(C): VersionMsi = 5.00
Property(C): VersionNT64 = 603
Property(C): WindowsBuild = 9600
Property(C): ServicePackLevel = 0
Property(C): ServicePackLevelMinor = 0
Property(C): MsiNTProductType = 1
Property(C): MsiNTSuitePersonal = 1
Property(C): WindowsVolume = C:\
Property(C): System64Folder = C:\WINDOWS\system32\
Property(C): RemoteAdminTS = 1
Property(C): TempFolder = C:\Users\Ian\AppData\Local\Temp\
Property(C): ProgramFilesFolder = C:\Program Files (x86)\
Property(C): CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property(C): ProgramFiles64Folder = C:\Program Files\
Property(C): CommonFiles64Folder = C:\Program Files\Common Files\
Property(C): AppDataFolder = C:\Users\Ian\AppData\Roaming\
Property(C): FavoritesFolder = C:\Users\Ian\Favorites\
Property(C): NetHoodFolder = C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(C): PersonalFolder = C:\Users\Ian\Documents\
Property(C): PrintHoodFolder = C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(C): RecentFolder = C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Recent\
Property(C): SendToFolder = C:\Users\Ian\AppData\Roaming\Microsoft\Windows\SendTo\
Property(C): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(C): CommonAppDataFolder = C:\ProgramData\
Property(C): LocalAppDataFolder = C:\Users\Ian\AppData\Local\
Property(C): MyPicturesFolder = C:\Users\Ian\Pictures\
Property(C): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(C): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(C): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(C): FontsFolder = C:\WINDOWS\Fonts\
Property(C): GPTSupport = 1
Property(C): OLEAdvtSupport = 1
Property(C): ShellAdvtSupport = 1
Property(C): MsiAMD64 = 6
Property(C): Msix64 = 6
Property(C): Intel = 6
Property(C): PhysicalMemory = 8052
Property(C): VirtualMemory = 5796
Property(C): LogonUser = Ian
Property(C): UserSID = S-1-5-21-48452953-3679128683-2660926274-1002
Property(C): UserLanguageID = 2057
Property(C): ComputerName = CYRIXINSTEAD
Property(C): SystemLanguageID = 2057
Property(C): ScreenX = 1920
Property(C): ScreenY = 1080
Property(C): CaptionHeight = 23
Property(C): BorderTop = 1
Property(C): BorderSide = 1
Property(C): TextHeight = 16
Property(C): TextInternalLeading = 3
Property(C): ColorBits = 32
Property(C): TTCSupport = 1
Property(C): Time = 11:25:35
Property(C): Date = 30/04/2014
Property(C): MsiNetAssemblySupport = 4.0.30319.33440
Property(C): MsiWin32AssemblySupport = 6.3.9600.16384
Property(C): AdminUser = 1
Property(C): Privileged = 1
Property(C): USERNAME = Ian
Property(C): DATABASE = C:\Users\Ian\Downloads\EMET Setup.msi
Property(C): OriginalDatabase = C:\Users\Ian\Downloads\EMET Setup.msi
Property(C): SOURCEDIR = C:\Users\Ian\Downloads\
Property(C): VersionHandler = 5.00
Property(C): UILevel = 5
Property(C): ACTION = INSTALL
Property(C): EXECUTEACTION = INSTALL
=== Logging stopped: 30/04/2014 11:25:35 ===
MSI (c) (C4:04) [11:25:35:331]: Windows Installer installed the product. Product Name: EMET 4.1. Product Version: 4.1. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.
MSI (c) (C4:04) [11:25:35:333]: Grabbed execution mutex.
MSI (c) (C4:04) [11:25:35:333]: Cleaning up uninstalled install packages, if any exist
MSI (c) (C4:04) [11:25:35:334]: MainEngineThread is returning 1603
=== Verbose logging stopped: 30/04/2014 11:25:35 ===

I uninstalled EMET notifier 3 to try out the new 5.0 tech preview. However when trying to install I get an error saying "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support
personnel or package vendor."
I tried installing 4.1 and get the same error. I am running Windows 8.1 Home Premium and have .Net 4 installed. I have turned on verbose logging, apologies for the massive amount of data but I didn't want anything to get missed.
The log file is below. Can anyone suggest what might be going wrong?
Many thanks,
Ian
I am having exactly the same problem. But I also can't even uninstall EMET 3.0 or EMET 4.0 both of which I have installed on my machine. I get the same error message when I try to uninstall them !! I need to uninstall them so that I can install EMET 4.1
or EMET 5.0.
I have been trying to do this for more than a month but without any luck. So any help will be much appreciated.
Thanks,
Mohamed

EMET v4.1 not installing on Windows 7 x64

We are testing EMET v4.1 in our environment, and I created a package in SCCM 2007 using the recommended command line from the documentation:
msiexec /i "EMETSetupv4.1.msi" /qn /norestart
When pushed to a Windows XP x32 system via sccm it worked fine to install, and then we configured the settings using the custom ADMX template, and everything is working great.
When pushed to our Windows 7 x64 system's via SCCM it keeps failing, so I tried installing manually and we get the message:
"The advertised application will not be installed because it might be unsafe. Contact your administrator to change the installation user interface option of the package to basic"
Does anyone know why the EMET msi is causing this when set to install using the /qn switch? We use this switch to install many other .msi's via SCCM and have never had this issue before, this seems very weird with a Microsoft branded .MSI.
I changed the /qn to /qb as the message indicates and then we get a message that .net 4 framework is not installed. We have the
Microsoft .NET Framework 4 Client Profile (4.0.30319) installed on our Windows 7 x64 image, I don't see any guidance regarding exactly what version of .net framework is required, does anyone know if the full/extended version is needed
or a newer version?

If you choose "unblock" from the MSI's file properties dialog, redistribute to your DPs, and try to install again, does the issue go away?
Jason | http://blog.configmgrftw.com
I did notice this on the MSI, I will try this and see if it makes a difference. However I did try to just install it locally using the same switches, with the MSI having been unblocked and I still got the same thing. But I will double check this.
Also does anyone have any insight on what .net is required for EMET? I'm going to try the Full .Net 4 framework, since we only have the client profile installed right now.

Emet 5.1 had DEP activity and closed Office 2003 applications and won't allow Internet Explorer to open in Windows 8 desktop version

I can't find any answer to why EMET 5.1 blocks Internet Explorer from running in Windows 8 Desktop version. Initially Google Chrome wouldn't work either but after uninstalling EMET 5.1 and reinstalling it Chrome now works. Also it prevents Microsoft
Office 2003 Word, Excel, Access, Outlook and Publisher from running. It says DEP mitigation and closing application. I also get the error that Microsoft Office Access or other applications has stopped working and they only work under safe mode.
How do you get these applications to work in EMET 5.1? Do I need to get rid of EMET 5.1? Or are there other solutions.
Thanks,
Chris

Do you still use Office 2003 or did you mean Office 2013?
W. Spu

How can I tell if my EMET GPO is in place instead of the local xml file on a computer?

Hi,
I did the following commands on my test machine with EMET 5.1 installed:
emet_conf --delete_all
emet_conf --refresh
emet_conf --list
There were applications that came up but how can I tell if it is really coming from GPO and not the local configuration file that came with EMET 5.1? Am I suppose to see a "greater than symbol" prior to the name of the application or no?
When I ran rsop.msc on the machine, I can see that my group policy in place. But I thought I'm suppose to see a greater than symbol (like below) - which means the list of apps are coming from the GPO:
Executable             Path
Mitigations
>7z.exe                *\7-Zip
DEP SEHOP NullPage HeapSpray EAF MandatoryASLR BottomUpASLR
>7zFM.exe              *\7-Zip
DEP SEHOP NullPage HeapSpray EAF MandatoryASLR BottomUpASLR
>7zG.exe               *\7-Zip
DEP SEHOP NullPage HeapSpray EAF MandatoryASLR BottomUpASLR
>Acrobat.exe           *\Adobe\Acrobat 8.0\Acrobat            DEP SEHOP NullPage HeapSpray EAF MandatoryASLR BottomUpASLR
>Acrobat.exe           *\Adobe\Acrobat 9.0\Acrobat            DEP SEHOP NullPage HeapSpray EAF MandatoryASLR BottomUpASLR
>Acrobat.exe           *\Adobe\Acrobat 10.0\Acrobat           DEP SEHOP NullPage HeapSpray
Am I wrong? Is that an EMET 3.1 "thing" only? Please let me know.
Thanks!

Never mind. I got it. If you do an "Emet_conf --List" it will turn out something like this that indicates you are getting your policies from GPO

EMET 5.0 Pinning Rule doesn´t work

I have installed EMET 5.0 on my Windows 7 pro system. I have configured a pinning rule for my internetbank exactly the same way as i did with EMET 4.1. But when I apply a different certificate
from my bank's to test the rule nothing happens - no warnings when I log in to the internetbank. Except once!. With EMET 4.1 the warnings never failed to show.
The new EMET 5.0 blocking function doesn't work at all (which is very disappointing, as this was the main reason why I upgraded to EMET 5.0).
Anyone who knows how to do to make this work?
I tried to enclose screenshots of my current configuration, but got the error message:
"Body text cannot contain images or links until we are able to verify your account."
But i don't understand how to verify my account...sorry...

This morning I:
1. Logged in as administrator on Windows 8 (Swedish version).
2. Installed and configured EMET 5.0 with recommended settings and added pinning/blocking rule for my internetbank. Imported certificate different from that used by my internetbank.
3. Logged out.
4. Logged in as standard user.
5. Launched Internet Explorer in desktop mode (didn't run as administrator).
6. Tried to log in to my internetbank – pinning rule blocked login, nice!.
As you stated before, pinning rule does not work as one would like on Windows 7 (I have windows 7 professional English version).
Have not yet tried to use EMET logged in as administrator on Windows 7 but why bother? I agree with you, not a good idea to log in as administrator and then use internet…
I will use Windows 8 for my internet banking until this is resolved.
Thank you!

EMET doesn't work with common software in Windows 7

I installed EMET 5.0, and began to have problems with EMET shutting down Acrobat Reader, Flash, Java, Internet Explorer, and browser linkage to .PDF files. Also, I could not load a .PDF file directly either. (No way to view the PDF docs
for EMET!)
Error messages included "simexecflow", EAF mitigation and need to turn off "Deep Hooks", and others.
I installed EMET about a month ago, didn't notice immediate problems, but a large set of Windows updates happened soon afterward (installed 11/8/14). Soon after this I first noticed the problems. I can't say for sure they weren't there before,
since the time between was short.
I (I think) managed to stop the Java and Flash problems with settings, but could not get others fixed. I finally had to uninstall EMET to fix ALL the problems !
We also have a Vista and an 8.1 machine, no problems with EMET (so far!).
I know that EMET may have problems with some applications, but it seems to me that there should NEVER be problems with these very common and essential applications.
Please either fix the problems with EMET, or tell me specifically what's needed to make these apps work with Windows 7 and EMET.
This machine has been thoroughly checked for all manner of malware, including rootkits. All clear.
Thanks!

Microsoft released EMET 5.1 on November 10th which fixes compatibility issues with those programs under EMET 5. Here's the information on the fixes:
http://blogs.technet.com/b/srd/archive/2014/11/10/emet-5-1-is-available.aspx.
"Several application compatibility issues with Internet Explorer, Adobe Reader, Adobe Flash, and Mozilla Firefox and some of the EMET mitigations have been solved."

WARNING: DATA LOSS - EMET 4 reporter deletes files

NOTE: This EMET issue was moved here from this original post: http://answers.microsoft.com/en-us/windowslive/forum/gallery-wlsettings/photo-gallery-crash-emet-reporter-deletes-file/e5a510c8-e0fb-4d33-8179-8ee7a18d11e5?rtAction=1377879230389
Discovered a bug in EMET 4.0 running on Windows 8 (desktop).
Steps to reproduce:
open a .jpg graphic... opens in Photo Gallery.
hit the "Edit, Organize, or Share" button, top left menu bar.
Program crashes and opens a "Photo Gallery has stopped working"/Close program prompt.
EMET opens up a "Do you want to send more information about this issue?" prompt.
When you click Yes/Send with the EMET prompt it DELETES YOUR FILE - no recycle bin, no warning.
It appears to be a problem with EMET. I closed the Photo Gallery prompt and the program closed, file deletion did not occur until the EMET prompt was sent/closed.
UPDATE: Discovered a new unwanted behavior... it will delete the file when you hit the DONT report button as well. I guess the only way is to close the prompt window and not to choose the REPORT or DON'T REPORT buttons.

NOTE: The below entry describes a problem with the default EMET 4 configuration for Windows Photo Gallery which led to the discovery of this bug. It is taken from (duplicated from) this post... http://answers.microsoft.com/en-us/windowslive/forum/gallery-wlsettings/photo-gallery-crash-emet-reporter-deletes-file/e5a510c8-e0fb-4d33-8179-8ee7a18d11e5
---------------------------->>
I did not reinstall Photo Gallery here (not needed)... I think the problem is with EMET.
With the previous entry, where I was asked to disable EMET and test Photo Gallery, I may not have disabled it fully via the task manager... so I got the expected crash. I just tested with EMET running but with all the mitigation checkboxes unchecked for
WLXPhotoGallery.exe, and I was able to use the "Edit, Organize, or Share" button in Photo Gallery properly with no crash.
I will have to experiment with which EMET mitigation check is causing the crash when using the "Edit, Organize, or Share" button. The default EMET installation list had all mitigation checkboxes checked for this program. If someone happens
to know the proper checkbox configuration for WLXPhotoGallery.exe please post.

How to determine installed version of EMET via script?

Hi all,
I was not able to find a easy way to determine installed verison of EMET via script. If you can guide me in the right direction, this would help a lot.
Many thanks
Sam

This is probably not the right forum for scripting questions and you didn't specify which script you (want to) use... Below you can find some examples...
If you use VBscript you could use WMI and query the class Win32_Product:
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set colSoftware = objWMIService.ExecQuery _
("Select * from Win32_Product where Name like '%EMET%'")
For Each objSoftware in colSoftware
Wscript.Echo "Name: " & objSoftware.Name
Wscript.Echo "Version: " & objSoftware.Version
Next
This method is not advisable because the class isn't optimized for queries and therefore the query takes a long time!
You can also use the Windows Installer object:
Option Explicit
' Connect to Windows Installer object
Dim installer
Set installer = Wscript.CreateObject("WindowsInstaller.Installer")
Dim product, products
Set products = installer.Products
For Each product In products
if instr(1,installer.ProductInfo(product, "InstalledProductName"), "EMET", vbTextCompare) > 0 AND instr(1,installer.ProductInfo(product, "Publisher"), "Microsoft", vbTextCompare) > 0 then
Wscript.Echo installer.ProductInfo(product, "InstalledProductName")
Wscript.Echo installer.ProductInfo(product, "VersionString")
End If
Next
Set products = Nothing
Set installer = Nothing
Wscript.Quit 0
This method enumerates all the products but be aware that you should also check the installstate because the installstate of a product also can be advertised.
You can also use powershell to enumerate the uninstall registry keys but you have take into account that the results may be different on a 64-bit Windows and the bitness of the powershell proces:
gci "hklm:\software\microsoft\windows\currentversion\uninstall" | foreach { gp $_.PSPath } | select DisplayVersion,DisplayName | where { $_.DisplayName -match "^EMET*" }
You can also install and use the
Windows Installer PowerShell Module and use this command:
get-msiproductinfo | where { $_.Name -like '*EMET*' } | select ProductName,ProductVersion | format-list
On the internet you can find a lot of information about your question. For instance I found these pages:
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/15/use-powershell-to-find-installed-software.aspx
http://blogs.technet.com/b/alexshev/archive/2008/06/30/from-msi-to-wix-part-17-windows-installer-automation-interface-part-2.aspx
W. Spu

Install EMET 4.1, IE refuses to open

EMET 4.1 seems to fail with IE 11 on Windows 8.1 Enterprise x64. I tried it on three different workstations, two physical computers and one virtual desktop and IE 11 tried to come up, the window is visible, then closes without logging anything.
No AppCrash recorded, nothing in the Applications events. I installed it and chose to accept the "Recommended Settings." I removed all EMET settings from IE as an experiment (SEHOP was grayed out for me, so I could not just uncheck it alone) and
it still would not run.
We have a desktop virtualization project and I'd like to use both 8.1 and EMET, but can't if I'm going to have these problems right off the bat.
UAC is on with default settings (saw one Google post claiming that could be a problem is UAC were turned off).
Suggestions?
SnoBoy

One of the physical computers was fresh from a Windows 8.1 ISO form MS Volume License website. The other was Win 8 upgraded to 8.1. The virtual desktop is VMware Horizon View based and was Win 8 upgraded to 8.1. So I have the gamut of possibilities
except a fresh virtual desktop from 8.1 media - which I will be testing soon.
I'll try the VM desktop fresh from an 8.1 ISO and see if I get different results, but three separate tests doesn't give me a lot of confidence unless it is inadvertently possible to mess it up with GP objects. All three machines are in an AD domain (Win
2008 R2 functional level, BTW). Could that be a possibility?
Just as another data point, I did just install it on my personal Win 8.1 (upgraded from 8) laptop and it seems to work on it, so I'm tempted to blame it on the GPOs or maybe IE settings pushed out with GPOs on our domain.
SnoBoy

Is EMET Config XML the same as the GPO of EMET?

Hi,
I deployed EMET to our environment and used GPO to deploy settings. I can see that the GPO are applied and is protecting the computer by going to the registry of the computer. Ex. regedit --> HKLM --> Software --> Policies --> Microsoft
-> EMET.
Then I read on the link below that I have to import the XML, but the XML looks quite similar as the what was set on the GPO. My question is, do I still need to import the XML file if I am already implementing something via GPO?
If that is the case, then if I implement the XML and if something went wrong, I could not globally manage unlike the GPO.
http://blogs.technet.com/b/configmgrteam/archive/2012/05/15/deploying-and-configuring-the-enhanced-mitigation-experience-toolkit.aspx
On the other hand, what I noticed though is with the GPO enabled, I don't see a list of programs being protected under "configure apps". Instead I see what are being protected by going here regedit --> HKLM --> Software --> Policies -->
Microsoft -> EMET.
Am I configuring it correctly or do I need to do both?

Starting with EMET 5.0, EMET installs a service which imports group policy.
http://blogs.technet.com/b/srd/archive/2014/07/31/announcing-emet-v5.aspx - "We have added a new service, called EMET Service, which is taking in charge many duties that EMET Agent used to do in previous versions. The EMET Service, among other
things, takes care of evaluating the Certificate Trust rules, appropriately dispatching EMET Agents in every user’s instance, and automatically applying Group Policy settings pushed through the network. Also, a service offers more resiliency and better ability
to being monitored."
EMET does not currently have the ability to show the group policy application settings in the GUI. You can use the command line to see group policy settings however: emet_conf --list. Microsoft has indicated they are planning on adding that feature
to the GUI in future versions:
https://connect.microsoft.com/emet/Feedback/Details/905794.
You do not need to apply both the group policy and the local xml settings, just one or the other. You can also verify that the group policy settings are applied by looking in the GUI at the list of running applications and noting the green check mark
circle next to the ones that are configured for EMET.

EMET 5.0 Installer Fails

The EMET 5.0 installer kept failing on the StartServices action. I created a transform, deleted the action from the InstallExecute sequence, and it worked like a charm. I was able to start the service manually afterwards.

This was more of an FYI. It works fine after manually starting it, but something about the StartServices action seems to be broken and causes a fatal error. I just installed EMET 4.0 without a hitch, but that would be expected since 5.0 is the first version
to install a true service.

Auto refresh EMET configuration

Hi everyone!
For one thing, if someone has already asked for this and got an answer, please link me the conversation. :)
Is it possible to automatically run emet_conf.exe, for example with logon script? I need a way to do this automatically cause it'll take forever if I have to run emet_conf.exe locally on every PC always when I make a change in configurations. I simply need
something to automatically refresh emet configurations from Group Policy.
Thank you for your help :)

OK, so I am working on setting up the scheduled tasks in gpp, however I am unsure on a few items.
1. If there is a space in the path to the task i.e. program files do I need to enclose the c:\program files (x86)\EMET 4.1\emet_conf.exe in quotes?
2. Do I need to be concerned with the start in parameter? If so does it require "" around the path as there are spaces?
3. Can I use the %ProgramFilesDir% variable for these items, or does it not resolve them well? (if so is that the right variable? There are two options and I am not sure which one is correct)
4. I notice that the EMET parameters seem to require -- before refresh, is this accurate or should it just be -refresh?
5. I have been trying to test this through group policy results in the GPMC, however when I make adjustments to my scheduled task properties they are not reflected in the RSOP settings, i.e. I refresh the report till I am blue in the face and even
recreate it and it has settings from a LONG time ago. Does Group Policy Results Wizard actually look at the target machine, i.e. a gpupdate needs to be run on the machine?
6. We have a 2003 level domain and forest our DC's are 2003 and 2008 R2. My workstations are Windows 7 and Windows 8. When I create a scheduled task the "newest" version I can create is Windows 7. Is that OK, should I just be using
the "generic" task.
I cannot believe how much of a hard time I am having with this as it is SUCH SIMPLE TASK...at least on the surface.

EMET 5 and Comodo AV Compatibility

Hi,
I am running Windows 7 x64 SP1 Home Premium with IE11 and Office 2010. I also use Comodo antivurus 2014 (no HIPS). After installing EMET 5, IE and Office apps refuse to start and crash with various errors. Sorry, at this moment I don't have the specific
error as the computer is not local.
After uninstalling EMET 5 all apps work again. Any guidance is appreciated as it's hard to find what EMET controls are interfering, thus my inability to make adjustments to the settings. I know MS can't test every piece of software in the world for compatibility,
but I can't find the MS guidance needed to determine what in EMET is causing the issue.
Regards,
Tony

Exactly the same problem -Comodo, Office apps and ie. Please let me know if there is a workaround or fix.

EMET 5.1 crashes Outlook.exe, Photoshop.exe and Communicator.exe. Please explain why it would do that?

Hi,
EMET 5.1 is crashing/not opening these applications on two of our staff workstations (Both are Windows 7 x86): Outlook.exe, Photoshop.exe and Communicator.exe.
One computer, EMET crashes Communicator and Outlook. The other Computer, the EMET crashes Photoshop only.
Obviously, it works for everybody else. Can someone please explain to me why would EMET crash these apps if it works for the rest? Could it be that it found a possible threat/exploit to the machine?
How do I mitigate this problem?
Please advise. Below is a sample of the error.
Fault bucket 1031393421, type 17
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: communicator.exe
P2: 4.0.7577.4103
P3: 4fd6bebb
P4: EMET.DLL
P5: 5.0.0.0
P6: 545ffd74
P7: c0000005
P8: 00060310
P9:
P10:
Attached files:
C:\Users\xx\AppData\Local\Temp\WERD21D.tmp.WERInternalMetadata.xml
These files may be available here:
C:\Users\xx\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_communicator.exe_7fba75e97ffde076db3fe52dd74029de19dc38_15d4e56e
Analysis symbol:
Rechecking for solution: 0
Report Id: 97ed67e2-de0a-11e4-822e-00125a5e8f35
Report Status: 0
Faulting application name: Photoshop.exe, version: 15.2.2.310, time stamp: 0x5480306d
Faulting module name: EMET.DLL, version: 5.0.0.0, time stamp: 0x545ffd74
Exception code: 0xc0000005
Fault offset: 0x0006714e
Faulting process id: 0x15c4
Faulting application start time: 0x01d0721e6fc383e7
Faulting application path: C:\Program Files\Adobe\Adobe Photoshop CC 2014 (32 Bit)\Photoshop.exe
Faulting module path: C:\WINDOWS\AppPatch\EMET.DLL
Report Id: b159a74a-de11-11e4-86b9-1cc1de578f37

One guess is that old Outlook plugins can sometimes cause issues with EMET. Try starting Outlook in safe mode, by holding down the CTRL key when starting Outlook to see if that helps, and look in Outlook in File / Options / Add-Ins menu item to see
the add-ons that are installed. Verify that the OS and apps have all the latest patches if you haven't, though you have probably already done that. If those don't work you could try unchecking the EMET application protection boxes for the
application that isn't working, one by one. Note that EMET 5.2 is out now so that might be something to try too.

Firefox 28 with EMET 4.1

Recently added EMET 4.1 to my PC [Win 7 Home SP1] but having frequent FF28.0 crashes even after applying all .NET 4.0 Windows updates. Some are identified specifically as DEP errors by EMET. The best I am able to do is use FF safe mode with EMET on [except DEP] or turn off all EMET protection except SEHOP & NUL page protection. Been experimenting with turning on/off FF add-ons and EMET options individually but everytime I get a configuration I think works, another crash occurs. What configurations of EMET are folks having success with? FF addons include Foxit Reader, Google Talk, Google Update, Intel Identity Protection & Flash. I want to get one PC solid before adding FF to EMET on my other PCs. Machine has been full scanned for viruses, etc in the past few days.

Thanks but still no joy. My firefox.exe settings in EMET work fine so long as I only have SEHOP and NUL Page Prealloc checked & NOTHING ELSE. Plugin-container is not listed at all in EMET. If I check any other mitigations, I get Firefox crashes [either Firefox directly or plugin-container]. Decided to settle for some protection rather than nothing but too bad FF isn't fully compatible. Maybe in the future? Working with Linux now....maybe things will be better over there!

EMET 4.0

Similar Messages

Maybe you are looking for