EMET 4.1 Installation

I reviewed the User Guide and it said v4.1 would upgrade v3.0. 4.1 installed OK, but 3.0 is still on system and running concurrently with 4.1. Should I Uninstall 3.0 via Control Panel?

The applications it protects in either profile that you load up are end user applications i.e. outlook/ie/chrome/ff/reader/flash etc. Stuff that you hopefully don't have on your servers so EMET should be of limited use on servers. Can you run/install it
on the off case that someone uses IE and manages to browse a malformed/exploit hosting page either internally or externally .. yes but that's a risk management choice that is up to you.
GBS Premier Field Engineer Cybersecurity Check out my blog http://blogs.technet.com/kfalde or better yet check out http://technet.com/wiki and start contributing :)

Similar Messages

EMET 5.0 Installer Fails

The EMET 5.0 installer kept failing on the StartServices action. I created a transform, deleted the action from the InstallExecute sequence, and it worked like a charm. I was able to start the service manually afterwards.

This was more of an FYI. It works fine after manually starting it, but something about the StartServices action seems to be broken and causes a fatal error. I just installed EMET 4.0 without a hitch, but that would be expected since 5.0 is the first version
to install a true service.

EMET 4.0 installation fails with error code 1720

On many, but not all, of our systems (Server 2008 R2), installation of EMET 4.0 is failing. Here is an excerpt from the verbose MSI log:
REM kill EMET Agent 4.0 process if running (re-installing scenario) strAppName = "emet_agent.exe"
Set objProces
MSI (s) (A0:50) [10:55:47:325]: Creating MSIHANDLE (27) of type 790536 for thread 6736 MSI (s) (A0:F0) [10:55:47:325]: Creating MSIHANDLE (28) of type 0 for thread 1520 MSI (s) (A0:38) [10:55:47:325]: Generating random cookie.
MSI (s) (A0:38) [10:55:47:325]: Created Custom Action Server with PID 6588 (0x19BC).
MSI (s) (A0:DC) [10:55:47:434]: Running as a service.
MSI (s) (A0:DC) [10:55:47:434]: Hello, I'm your 32bit Elevated custom action server.
MSI (s) (A0:F0) [10:55:47:512]: Note: 1: 2262 2: Error 3: -2147287038 MSI (c) (C8:B4) [10:55:47:512]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2835: The control ErrorIcon was not found on dialog ErrorDialog The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2835. The arguments are: ErrorIcon,
ErrorDialog, MSI (s) (A0:F0) [10:55:52:223]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A0:F0) [10:55:52:223]: Product: EMET 4.0 -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could
not be run. Contact your support personnel or package vendor. Custom action _FA2E7A16_A819_4F3A_AB7E_0A039BE81BD7 script error -2147024770, : Line 21, Column 1,
MSI (s) (A0:F0) [10:55:52:223]: Closing MSIHANDLE (28) of type 0 for thread 1520 MSI (s) (A0:F0) [10:55:52:223]: Closing MSIHANDLE (27) of type 790536 for thread 6736 Action ended 10:55:52: InstallExecute. Return value 3.

I've just spent the last 6 hours trying to find a solution to this. All the steps provided by other user never worked. Running the script separately worked just fine (and YES I was running it as admin). Basically I've come up with a workaround.
The section it's failing on is a CustomAction(VBSCRIPT) that the MSI is calling to 'look for' & 'close' emet_notifier.exe or emet_agent.exe. I know it's not there because I manually removed EMET. When you modify the MSI you can pull out the CustomActions
piece that is failing.
Step 1: Modify the MSI using Orca. Orca is provided by MS in the SDK Tools. I found this site helpful for getting Orca installed on Windows 7:
http://blogs.technet.com/b/bernhard_frank/archive/2010/03/15/how-to-install-orca-exe-from-the-windows-installer-development-tools.aspx
Step 2: After installing Orca, right click EMET Setup.msi and select 'Edit with Orca'
Step 3: Find all instances of the Custom Action and Drop the Rows: Find > _FA2E7A16_A819_4F3A_AB7E_0A039BE81BD7. (Right Click each row found and select 'Drop Row'. I found 4 Rows with this entry)
File > Save (or Save As) and Run the MSI.
EMET installed without problems. Since it doesn't actually fix the problem with Windows (it only fixes the MSI), you'll have to modify future releases of the MSI the same way for that particular PC.

EMET 5.1 is available. Which problems are solved?

EMET 5.1 was released today. On the EMET connect portal there isn't a announcement (yet) about the changes. A short list of changes can be found at
http://blogs.technet.com/b/srd/archive/2014/11/10/emet-5-1-is-available.aspx and/or
https://support.microsoft.com/kb/3015976#Changes. Several feedback items on EMET 5.0 we have submitted should be fixed in this version. Here is a short list:
ASR settings are deleted when turned off through normal application
configuration
Internet Explorer: Manage all Add-ons or Run without
permission triggers an ASR mitigation
App can't be deleted when advanced settings are shown
Does anyone know what other things are fixed and/or which new features are added which aren't listed on the Security Research & Defense Blog or the KB3015976 article?
W. Spu

I have a problem installing EMET 5.1. I get a message that the istaller is interupted. EMET 4.1 no problem.
After Windows updates today IE 11 did not work anymore and I got a message from EMET.
Deinstalling and IE worked again. Now I can only install 4.1
Did you execute the installer with "Run as administrator"? This issue was reported before. See also
Installer interrupted before EMET 5.0 could be installed. and
EMET 5.0 Installer "interrupted" and reverses
W. Spu

EMET 3.0 to 4.1 Upgrade results in notifier bug on reboot

I am testing upgrading our enterprise environment, which is currently on 3.0 to 4.1. After installing the product with a silent install from the below directory:
waithidden msiexec.exe /i "c:\windows\temp\EMET\EMET Setup.msi" /qn /norestart
The installation works as expected, however, a bug remains: upon restarting the workstation, a Windows warning pops up briefly, indicating the "EMET Notifier has stopped working". This quickly goes away and from all appearances the notifier starts
working.
The problem appears to be a remnant file left over from the installation process. EMET 4.1 installs itself to \Program Files (x86)\EMET 4.1, and removes most of the files from EMET 3.0, which were located in \Program Files (x86)\EMET\. However, the
following files remain:
\EMET\Deployment
\EMET\DevExpress.XtraBars.v10.1.DLL
\EMET\Emet User's Guide.pdf
\EMET\EMET_notifier.exe
My question: why are these old files still on the root? It appears the issue is stemming from the old EMET_Notifier.exe being shut down and superseded by 4.1 - is this the case? I am looking for a transparent enterprise wide install, and would like to know
what part of the installation and I performing incorrectly that is responsible for the error message. Thanks.
Also: checking MSCONFIG, I see there is an entry there to run EMET_Notifier.exe from the old directory. I have deleted the entire directory and disabled the startup item, and 4.1 seems to be running normally.

Thank you for the response, but I'm not sure it gets me any further.
I've read the User Guide, but it doesn't make sense to me why deployment through SCCM does not require the "emet_conf --refresh" command while deployment through GPO does. Both of them just install the .msi and apply a set of registry entries.
Why would the programmers have it write to the registry but then ignore those settings? What other program does that? Now, if the manual said to either run that command or reboot, it would make sense.
I must also emphasise that we are not issuing the "emet_conf --refresh" command when v3.0 is being deployed here. It's not in any GPO, and we have new systems picking up EMET 3.0 all the time. Running the "emet_conf
--list" command on them returns exactly the protection profile we have requested --
emet_conf --refresh NOT required.
Note that the last line of what you quoted indicates that the "emet_conf --delete_all" line you also mention will not work for the GPO settings that were applied when EMET v3.0 was deployed.
The immediate problem/question right now is how do I remove the EMET 3.0 settings that were pushed via GPO? EMET 4.1 is deployed along with the ADMX for v4.1, but the protection profile reflected in the machines that have picked the new version up
are the settings that were for v3.0. They don't seem to be picking up the v4.1 settings and they aren't recognized by the v4.1 ADMX:
The bigger-picture problem is that the documentation on deployment appears to be incorrect (or poorly phrased) and there is no documentation on how to upgrade via GPO. It would be mighty nice if someone "official" (maybe from the EMET development/testing
team) were helping here!

Bypassing Microsoft EMET 5.1 - yet again ~ EMET 5.1 - Armor or Curtain

Update / patch schedule?
http://blog.sec-consult.com/2014/11/bypassing-microsoft-emet-51-yet-again.html
http://events.ccc.de/congress/2014/Fahrplan/events/6161.html

I have a problem installing EMET 5.1. I get a message that the istaller is interupted. EMET 4.1 no problem.
After Windows updates today IE 11 did not work anymore and I got a message from EMET.
Deinstalling and IE worked again. Now I can only install 4.1
Did you execute the installer with "Run as administrator"? This issue was reported before. See also
Installer interrupted before EMET 5.0 could be installed. and
EMET 5.0 Installer "interrupted" and reverses
W. Spu

EMET 5.1 With Default Installation Causes Slow Launching of Applications

What would I have to change to improve the speed when launching applications with EMET 5.1 running?

What would I have to change to improve the speed when launching applications with EMET 5.1 running?

Cannot install EMET Notifier 4.1 or 5.0 Tech Preview

I uninstalled EMET notifier 3 to try out the new 5.0 tech preview. However when trying to install I get an error saying "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your
support personnel or package vendor."
I tried installing 4.1 and get the same error. I am running Windows 8.1 Home Premium and have .Net 4 installed. I have turned on verbose logging, apologies for the massive amount of data but I didn't want anything to get missed.
The log file is below. Can anyone suggest what might be going wrong?
\Edit - The log below is pretty heavy reading, but the line that seems to be causing the trouble is:
CustomAction DIRCA_CheckFX returned actual error code 1157 (note this may not be 100% accurate if translation happened inside sandbox)
Solution
The solution is to go into c:\users\"username"\AppData\Local\ then right click on "temp" and choose "properies". Choose "security" --> edit --> add, and add the username you are using, and give yourself all rights.
I got this information from http://sourceforge.net/p/googlesyncmod/support-requests/225/?page=0
Many thanks,
Ian
=== Verbose logging started: 30/04/2014 11:25:31 Build type: SHIP UNICODE 5.00.9600.00 Calling process: C:\WINDOWS\System32\msiexec.exe ===
MSI (c) (C4:6C) [11:25:31:363]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg
MSI (c) (C4:6C) [11:25:31:364]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg
MSI (c) (C4:04) [11:25:31:373]: Resetting cached policy values
MSI (c) (C4:04) [11:25:31:373]: Machine policy value 'Debug' is 0
MSI (c) (C4:04) [11:25:31:373]: ******* RunEngine:
           ******* Product: C:\Users\Ian\Downloads\EMET Setup.msi
           ******* Action:
           ******* CommandLine: **********
MSI (c) (C4:04) [11:25:31:374]: Machine policy value 'DisableUserInstalls' is 0
MSI (c) (C4:04) [11:25:31:381]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\Users\Ian\Downloads\EMET Setup.msi' against software restriction policy
MSI (c) (C4:04) [11:25:31:381]: SOFTWARE RESTRICTION POLICY: C:\Users\Ian\Downloads\EMET Setup.msi has a digital signature
MSI (c) (C4:04) [11:25:31:427]: SOFTWARE RESTRICTION POLICY: C:\Users\Ian\Downloads\EMET Setup.msi is permitted to run at the 'unrestricted' authorization level.
MSI (c) (C4:04) [11:25:31:431]: Cloaking enabled.
MSI (c) (C4:04) [11:25:31:431]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (C4:04) [11:25:31:433]: End dialog not enabled
MSI (c) (C4:04) [11:25:31:433]: Original package ==> C:\Users\Ian\Downloads\EMET Setup.msi
MSI (c) (C4:04) [11:25:31:433]: Package we're running from ==> C:\Users\Ian\Downloads\EMET Setup.msi
MSI (c) (C4:04) [11:25:31:435]: APPCOMPAT: Compatibility mode property overrides found.
MSI (c) (C4:04) [11:25:31:435]: APPCOMPAT: looking for appcompat database entry with ProductCode '{65BC2BDA-D828-4596-99E4-A8799C45C84C}'.
MSI (c) (C4:04) [11:25:31:435]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (C4:04) [11:25:31:440]: MSCOREE not loaded loading copy from system32
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'TransformsSecure' is 0
MSI (c) (C4:04) [11:25:31:443]: User policy value 'TransformsAtSource' is 0
MSI (c) (C4:04) [11:25:31:443]: Note: 1: 2262 2: MsiFileHash 3: -2147287038
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'DisablePatch' is 0
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'AllowLockdownPatch' is 0
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'DisableMsi' is 0
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (C4:04) [11:25:31:443]: User policy value 'AlwaysInstallElevated' is 0
MSI (c) (C4:04) [11:25:31:443]: Running product '{65BC2BDA-D828-4596-99E4-A8799C45C84C}' with user privileges: It's not assigned.
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'DisableLUAPatching' is 0
MSI (c) (C4:04) [11:25:31:443]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (c) (C4:04) [11:25:31:443]: Enabling baseline caching for this transaction since all active patches are MSI 3.0 style MSPs or at least one MSI 3.0 minor update patch is active
MSI (c) (C4:04) [11:25:31:444]: APPCOMPAT: looking for appcompat database entry with ProductCode '{65BC2BDA-D828-4596-99E4-A8799C45C84C}'.
MSI (c) (C4:04) [11:25:31:444]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (C4:04) [11:25:31:444]: Transforms are not secure.
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\Ian\AppData\Local\Temp\MSIc9f55.LOG'.
MSI (c) (C4:04) [11:25:31:444]: Command Line: CURRENTDIRECTORY=C:\Users\Ian\Downloads CLIENTUILEVEL=0 CLIENTPROCESSID=4548
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{69FDEBF8-3A1D-4011-AAB7-980DF90F569B}'.
MSI (c) (C4:04) [11:25:31:444]: Product Code passed to Engine.Initialize:           ''
MSI (c) (C4:04) [11:25:31:444]: Product Code from property table before transforms: '{65BC2BDA-D828-4596-99E4-A8799C45C84C}'
MSI (c) (C4:04) [11:25:31:444]: Product Code from property table after transforms: '{65BC2BDA-D828-4596-99E4-A8799C45C84C}'
MSI (c) (C4:04) [11:25:31:444]: Product not registered: beginning first-time install
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Modifying ALLUSERS property. Its current value is '2'. Its new value: '1'.
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (c) (C4:04) [11:25:31:444]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (c) (C4:04) [11:25:31:444]: User policy value 'SearchOrder' is 'nmu'
MSI (c) (C4:04) [11:25:31:444]: Adding new sources is allowed.
MSI (c) (C4:04) [11:25:31:444]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (c) (C4:04) [11:25:31:444]: Package name extracted from package path: 'EMET Setup.msi'
MSI (c) (C4:04) [11:25:31:444]: Package to be registered: 'EMET Setup.msi'
MSI (c) (C4:04) [11:25:31:444]: Note: 1: 2262 2: Error 3: -2147287038
MSI (c) (C4:04) [11:25:31:445]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (c) (C4:04) [11:25:31:445]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (C4:04) [11:25:31:445]: User policy value 'AlwaysInstallElevated' is 0
MSI (c) (C4:04) [11:25:31:445]: Running product '{65BC2BDA-D828-4596-99E4-A8799C45C84C}' with user privileges: It's not assigned.
MSI (c) (C4:04) [11:25:31:445]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Users\Ian\Downloads'.
MSI (c) (C4:04) [11:25:31:445]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '0'.
MSI (c) (C4:04) [11:25:31:445]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '4548'.
MSI (c) (C4:04) [11:25:31:445]: TRANSFORMS property is now:
MSI (c) (C4:04) [11:25:31:445]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (c) (C4:04) [11:25:31:445]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\Favorites
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\Documents
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Recent
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\SendTo
MSI (c) (C4:04) [11:25:31:446]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Templates
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Local
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\Pictures
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (c) (C4:04) [11:25:31:447]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (c) (C4:04) [11:25:31:448]: SHELL32::SHGetFolderPath returned: C:\Users\Ian\Desktop
MSI (c) (C4:04) [11:25:31:449]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (c) (C4:04) [11:25:31:449]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI (c) (C4:04) [11:25:31:450]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (c) (C4:04) [11:25:31:455]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding AdminUser property. Its value is '1'.
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (c) (C4:04) [11:25:31:455]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Ian'.
MSI (c) (C4:04) [11:25:31:455]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Users\Ian\Downloads\EMET Setup.msi'.
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\Users\Ian\Downloads\EMET Setup.msi'.
MSI (c) (C4:04) [11:25:31:455]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'C:\Users\Ian\Downloads\'.
MSI (c) (C4:04) [11:25:31:455]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'C:\Users\Ian\Downloads\'.
MSI (c) (C4:6C) [11:25:31:456]: PROPERTY CHANGE: Adding VersionHandler property. Its value is '5.00'.
=== Logging started: 30/04/2014 11:25:31 ===
MSI (c) (C4:04) [11:25:31:459]: Note: 1: 2262 2: PatchPackage 3: -2147287038
MSI (c) (C4:04) [11:25:31:459]: Machine policy value 'DisableRollback' is 0
MSI (c) (C4:04) [11:25:31:459]: User policy value 'DisableRollback' is 0
MSI (c) (C4:04) [11:25:31:459]: PROPERTY CHANGE: Adding UILevel property. Its value is '5'.
MSI (c) (C4:04) [11:25:31:459]: Note: 1: 2262 2: Font 3: -2147287038
MSI (c) (C4:04) [11:25:31:460]: Note: 1: 2203 2: C:\WINDOWS\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (c) (C4:04) [11:25:31:460]: Note: 1: 2262 2: LaunchCondition 3: -2147287038
MSI (c) (C4:04) [11:25:31:460]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
MSI (c) (C4:04) [11:25:31:461]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (c) (C4:04) [11:25:31:461]: Doing action: INSTALL
MSI (c) (C4:04) [11:25:31:461]: Note: 1: 2262 2: ActionText 3: -2147287038
Action 11:25:31: INSTALL.
Action start 11:25:31: INSTALL.
MSI (c) (C4:04) [11:25:31:461]: UI Sequence table 'InstallUISequence' is present and populated.
MSI (c) (C4:04) [11:25:31:461]: Running UISequence
MSI (c) (C4:04) [11:25:31:461]: PROPERTY CHANGE: Adding EXECUTEACTION property. Its value is 'INSTALL'.
MSI (c) (C4:04) [11:25:31:461]: Doing action: DIRCA_CheckFX
Action 11:25:31: DIRCA_CheckFX.
Action start 11:25:31: DIRCA_CheckFX.
MSI (c) (C4:04) [11:25:31:462]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'DIRCA_CheckFX'
MSI (c) (C4:04) [11:25:31:463]: Creating MSIHANDLE (1) of type 790542 for thread 772
MSI (c) (C4:04) [11:25:31:463]: Invoking remote custom action. DLL: C:\Users\Ian\AppData\Local\Temp\MSI9FD2.tmp, Entrypoint: CheckFX
MSI (c) (C4:9C) [11:25:31:464]: Cloaking enabled.
MSI (c) (C4:9C) [11:25:31:464]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (C4:9C) [11:25:31:464]: Connected to service for CA interface.
CustomAction DIRCA_CheckFX returned actual error code 1157 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (c) (C4:04) [11:25:31:491]: Closing MSIHANDLE (1) of type 790542 for thread 772
MSI (c) (C4:04) [11:25:31:492]: Note: 1: 1723 2: DIRCA_CheckFX 3: CheckFX 4: C:\Users\Ian\AppData\Local\Temp\MSI9FD2.tmp
MSI (c) (C4:04) [11:25:31:492]: Note: 1: 2262 2: Error 3: -2147287038
MSI (c) (C4:6C) [11:25:31:493]: Note: 1: 2262 2: Error 3: -2147287038
Info 2898.For VSI_MS_Sans_Serif13.0_0_0 textstyle, the system created a 'MS Sans Serif' font, in 0 character set, of 13 pixels height.
MSI (c) (C4:6C) [11:25:31:494]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2835: The control ErrorIcon was not found on dialog ErrorDialog
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2835. The arguments are: ErrorIcon, ErrorDialog,
Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action DIRCA_CheckFX, entry: CheckFX, library: C:\Users\Ian\AppData\Local\Temp\MSI9FD2.tmp
MSI (c) (C4:04) [11:25:32:678]: Note: 1: 2262 2: Error 3: -2147287038
MSI (c) (C4:04) [11:25:32:678]: Product: EMET 4.1 -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action DIRCA_CheckFX,
entry: CheckFX, library: C:\Users\Ian\AppData\Local\Temp\MSI9FD2.tmp
Action ended 11:25:32: DIRCA_CheckFX. Return value 3.
MSI (c) (C4:04) [11:25:32:679]: Doing action: FatalErrorForm
Action 11:25:32: FatalErrorForm.
Action start 11:25:32: FatalErrorForm.
MSI (c) (C4:04) [11:25:32:680]: Note: 1: 2235 2: 3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'FatalErrorForm'
MSI (c) (C4:6C) [11:25:32:681]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2826: Control Line1 on dialog FatalErrorForm extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: FatalErrorForm, Line1, to the right
MSI (c) (C4:6C) [11:25:32:681]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2826: Control Line2 on dialog FatalErrorForm extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: FatalErrorForm, Line2, to the right
MSI (c) (C4:6C) [11:25:32:682]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2826: Control BannerBmp on dialog FatalErrorForm extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: FatalErrorForm, BannerBmp, to the right
MSI (c) (C4:6C) [11:25:32:687]: Note: 1: 2262 2: Error 3: -2147287038
Info 2898.For VsdDefaultUIFont.524F4245_5254_5341_4C45_534153783400 textstyle, the system created a 'MS Sans Serif' font, in 0 character set, of 13 pixels height.
MSI (c) (C4:6C) [11:25:32:687]: Note: 1: 2262 2: Error 3: -2147287038
Info 2898.For VSI_MS_Sans_Serif16.0_1_0 textstyle, the system created a 'MS Sans Serif' font, in 0 character set, of 20 pixels height.
Action 11:25:32: FatalErrorForm. Dialog created
MSI (c) (C4:08) [11:25:32:691]: Note: 1: 2731 2: 0
Action ended 11:25:35: FatalErrorForm. Return value 1.
Action ended 11:25:35: INSTALL. Return value 3.
MSI (c) (C4:04) [11:25:35:322]: Destroying RemoteAPI object.
MSI (c) (C4:9C) [11:25:35:324]: Custom Action Manager thread ending.
Property(C): UpgradeCode = {D12F7559-47B0-4D52-B302-737539A86620}
Property(C): WindowsFolder = C:\WINDOWS\
Property(C): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(C): DesktopFolder = C:\Users\Public\Desktop\
Property(C): SystemFolder = C:\WINDOWS\SysWOW64\
Property(C): SourceDir = C:\Users\Ian\Downloads\
Property(C): VSDFrameworkVersion = v4.0
Property(C): VSDAllowLaterFrameworkVersions = False
Property(C): ProductName = EMET 4.1
Property(C): ProductCode = {65BC2BDA-D828-4596-99E4-A8799C45C84C}
Property(C): ProductVersion = 4.1
Property(C): Manufacturer = Microsoft Corporation
Property(C): ARPHELPLINK = http://social.technet.microsoft.com/Forums/en/emet/threads
Property(C): ARPCONTACT = Microsoft Corporation
Property(C): ARPCOMMENTS = Enhanced Mitigation Experience Toolkit 4.1
Property(C): ARPURLINFOABOUT = http://www.microsoft.com/emet
Property(C): ProductLanguage = 1033
Property(C): ALLUSERS = 1
Property(C): ARPPRODUCTICON = _6FEFF9B68218417F98F549.exe
Property(C): SecureCustomProperties = PREVIOUSVERSIONSINSTALLED;NEWERPRODUCTFOUND
Property(C): RedirectedDllSupport = 2
Property(C): VersionNT = 603
Property(C): VSDNETURLMSG = This setup requires the .NET Framework version [1]. Please install the .NET Framework and run this setup again. The .NET Framework can be obtained from the web. Would you like to do this now?
Property(C): VSDIISMSG = This setup requires Internet Information Server 5.1 or higher and Windows XP or higher. This setup cannot be installed on Windows 2000. Please install Internet Information Server or a newer operating system and run this
setup again.
Property(C): VSDUIANDADVERTISED = This advertised application will not be installed because it might be unsafe. Contact your administrator to change the installation user interface option of the package to basic.
Property(C): VSDNETMSG = This setup requires the .NET Framework version [1]. Please install the .NET Framework and run this setup again.
Property(C): VSDINVALIDURLMSG = The specified path '[2]' is unavailable. The Internet Information Server might not be running or the path exists and is redirected to another machine. Please check the status of this virtual directory in the Internet Services
Manager.
Property(C): VSDVERSIONMSG = Unable to install because a newer version of this product is already installed.
Property(C): AdminMaintenanceForm_Action = Repair
Property(C): EulaForm_Property = No
Property(C): FolderForm_AllUsers = ME
Property(C): FolderForm_AllUsersVisible = 0
Property(C): ErrorDialog = ErrorDialog
Property(C): SFF_UpFldrBtn = UpFldrBtn
Property(C): SFF_NewFldrBtn = NewFldrBtn
Property(C): MaintenanceForm_Action = Repair
Property(C): DefaultUIFont = VsdDefaultUIFont.524F4245_5254_5341_4C45_534153783400
Property(C): AdminEulaForm_Property = No
Property(C): WelcomeForm_NextArgs = FolderForm
Property(C): FolderForm_PrevArgs = WelcomeForm
Property(C): FolderForm_NextArgs = EulaForm
Property(C): EulaForm_PrevArgs = FolderForm
Property(C): EulaForm_NextArgs = ConfirmInstallForm
Property(C): ConfirmInstallForm_PrevArgs = EulaForm
Property(C): AdminWelcomeForm_NextArgs = AdminFolderForm
Property(C): AdminFolderForm_PrevArgs = AdminWelcomeForm
Property(C): AdminFolderForm_NextArgs = AdminEulaForm
Property(C): AdminEulaForm_PrevArgs = AdminFolderForm
Property(C): AdminEulaForm_NextArgs = AdminConfirmInstallForm
Property(C): AdminConfirmInstallForm_PrevArgs = AdminEulaForm
Property(C): LAUNCHAPP = 1
Property(C): MsiLogFileLocation = C:\Users\Ian\AppData\Local\Temp\MSIc9f55.LOG
Property(C): PackageCode = {69FDEBF8-3A1D-4011-AAB7-980DF90F569B}
Property(C): ProductState = -1
Property(C): PackagecodeChanging = 1
Property(C): CURRENTDIRECTORY = C:\Users\Ian\Downloads
Property(C): CLIENTUILEVEL = 0
Property(C): CLIENTPROCESSID = 4548
Property(C): VersionDatabase = 200
Property(C): VersionMsi = 5.00
Property(C): VersionNT64 = 603
Property(C): WindowsBuild = 9600
Property(C): ServicePackLevel = 0
Property(C): ServicePackLevelMinor = 0
Property(C): MsiNTProductType = 1
Property(C): MsiNTSuitePersonal = 1
Property(C): WindowsVolume = C:\
Property(C): System64Folder = C:\WINDOWS\system32\
Property(C): RemoteAdminTS = 1
Property(C): TempFolder = C:\Users\Ian\AppData\Local\Temp\
Property(C): ProgramFilesFolder = C:\Program Files (x86)\
Property(C): CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property(C): ProgramFiles64Folder = C:\Program Files\
Property(C): CommonFiles64Folder = C:\Program Files\Common Files\
Property(C): AppDataFolder = C:\Users\Ian\AppData\Roaming\
Property(C): FavoritesFolder = C:\Users\Ian\Favorites\
Property(C): NetHoodFolder = C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(C): PersonalFolder = C:\Users\Ian\Documents\
Property(C): PrintHoodFolder = C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(C): RecentFolder = C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Recent\
Property(C): SendToFolder = C:\Users\Ian\AppData\Roaming\Microsoft\Windows\SendTo\
Property(C): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(C): CommonAppDataFolder = C:\ProgramData\
Property(C): LocalAppDataFolder = C:\Users\Ian\AppData\Local\
Property(C): MyPicturesFolder = C:\Users\Ian\Pictures\
Property(C): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(C): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(C): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(C): FontsFolder = C:\WINDOWS\Fonts\
Property(C): GPTSupport = 1
Property(C): OLEAdvtSupport = 1
Property(C): ShellAdvtSupport = 1
Property(C): MsiAMD64 = 6
Property(C): Msix64 = 6
Property(C): Intel = 6
Property(C): PhysicalMemory = 8052
Property(C): VirtualMemory = 5796
Property(C): LogonUser = Ian
Property(C): UserSID = S-1-5-21-48452953-3679128683-2660926274-1002
Property(C): UserLanguageID = 2057
Property(C): ComputerName = CYRIXINSTEAD
Property(C): SystemLanguageID = 2057
Property(C): ScreenX = 1920
Property(C): ScreenY = 1080
Property(C): CaptionHeight = 23
Property(C): BorderTop = 1
Property(C): BorderSide = 1
Property(C): TextHeight = 16
Property(C): TextInternalLeading = 3
Property(C): ColorBits = 32
Property(C): TTCSupport = 1
Property(C): Time = 11:25:35
Property(C): Date = 30/04/2014
Property(C): MsiNetAssemblySupport = 4.0.30319.33440
Property(C): MsiWin32AssemblySupport = 6.3.9600.16384
Property(C): AdminUser = 1
Property(C): Privileged = 1
Property(C): USERNAME = Ian
Property(C): DATABASE = C:\Users\Ian\Downloads\EMET Setup.msi
Property(C): OriginalDatabase = C:\Users\Ian\Downloads\EMET Setup.msi
Property(C): SOURCEDIR = C:\Users\Ian\Downloads\
Property(C): VersionHandler = 5.00
Property(C): UILevel = 5
Property(C): ACTION = INSTALL
Property(C): EXECUTEACTION = INSTALL
=== Logging stopped: 30/04/2014 11:25:35 ===
MSI (c) (C4:04) [11:25:35:331]: Windows Installer installed the product. Product Name: EMET 4.1. Product Version: 4.1. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.
MSI (c) (C4:04) [11:25:35:333]: Grabbed execution mutex.
MSI (c) (C4:04) [11:25:35:333]: Cleaning up uninstalled install packages, if any exist
MSI (c) (C4:04) [11:25:35:334]: MainEngineThread is returning 1603
=== Verbose logging stopped: 30/04/2014 11:25:35 ===

I uninstalled EMET notifier 3 to try out the new 5.0 tech preview. However when trying to install I get an error saying "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support
personnel or package vendor."
I tried installing 4.1 and get the same error. I am running Windows 8.1 Home Premium and have .Net 4 installed. I have turned on verbose logging, apologies for the massive amount of data but I didn't want anything to get missed.
The log file is below. Can anyone suggest what might be going wrong?
Many thanks,
Ian
I am having exactly the same problem. But I also can't even uninstall EMET 3.0 or EMET 4.0 both of which I have installed on my machine. I get the same error message when I try to uninstall them !! I need to uninstall them so that I can install EMET 4.1
or EMET 5.0.
I have been trying to do this for more than a month but without any luck. So any help will be much appreciated.
Thanks,
Mohamed

EMET v4.1 not installing on Windows 7 x64

We are testing EMET v4.1 in our environment, and I created a package in SCCM 2007 using the recommended command line from the documentation:
msiexec /i "EMETSetupv4.1.msi" /qn /norestart
When pushed to a Windows XP x32 system via sccm it worked fine to install, and then we configured the settings using the custom ADMX template, and everything is working great.
When pushed to our Windows 7 x64 system's via SCCM it keeps failing, so I tried installing manually and we get the message:
"The advertised application will not be installed because it might be unsafe. Contact your administrator to change the installation user interface option of the package to basic"
Does anyone know why the EMET msi is causing this when set to install using the /qn switch? We use this switch to install many other .msi's via SCCM and have never had this issue before, this seems very weird with a Microsoft branded .MSI.
I changed the /qn to /qb as the message indicates and then we get a message that .net 4 framework is not installed. We have the
Microsoft .NET Framework 4 Client Profile (4.0.30319) installed on our Windows 7 x64 image, I don't see any guidance regarding exactly what version of .net framework is required, does anyone know if the full/extended version is needed
or a newer version?

If you choose "unblock" from the MSI's file properties dialog, redistribute to your DPs, and try to install again, does the issue go away?
Jason | http://blog.configmgrftw.com
I did notice this on the MSI, I will try this and see if it makes a difference. However I did try to just install it locally using the same switches, with the MSI having been unblocked and I still got the same thing. But I will double check this.
Also does anyone have any insight on what .net is required for EMET? I'm going to try the Full .Net 4 framework, since we only have the client profile installed right now.

"There is a problem with this installer package - script is required to complete install," - please can someone clarify script supplied.

I have downloaded EMET 4.1 but it will not install -
"There is a problem with this Windows installer package. A script required for this install to complete. Contact your support personnel or package vendor."
I have seen the same problem answered in the support section with a script posted as follows, and wondered if it would solve my problem - only there is no explanation with it and I have no idea what to do with it! Forgive my ignorance but could someone
please explain what to do with it please? Many thanks.
(I looked up the other thread but I was no wiser.)
This thread is probably a dublet of http://social.technet.microsoft.com/Forums/pt-BR/ab0ee94b-ce61-4a62-8478-41a1e8ac39e2/emet-40-installation-fails-with-error-code-1720?forum=emet
Please create and check a verbose Installer logfile: msiexec.exe /?
_FA2E7A16_A819_4F3A_AB7E_0A039BE81BD7 refers the Custom Install Action Blob _6A58D16B437E5B268B3B9D09B8746240 which conatins this vb script in EMET 4.1:
' Begin
REM kill the old EMET 3.0 Notifier process if running (upgrade scenario)
strAppName = "emet_notifier.exe"
Set objProcesses = GetObject("winmgmts://" & strMachine).ExecQuery("SELECT * FROM Win32_Process WHERE Caption LIKE '" & strAppName & "'")
For Each objProcess In objProcesses
intRetVal = objProcess.Terminate(0)
Next
REM kill EMET Agent 4.0 process if running (re-installing scenario)
strAppName = "emet_agent.exe"
Set objProcesses = GetObject("winmgmts://" & strMachine).ExecQuery("SELECT * FROM Win32_Process WHERE Caption LIKE '" & strAppName & "'")
For Each objProcess In objProcesses
intRetVal = objProcess.Terminate(0)
Next
' End

Managed to get the installation sorted. Go to Control Panel, and where you have a list of all installed programs, repair all the Apple/Itunes related programs. Installation worked fine after that. Hopefully it helps you out too!

WARNING: DATA LOSS - EMET 4 reporter deletes files

NOTE: This EMET issue was moved here from this original post: http://answers.microsoft.com/en-us/windowslive/forum/gallery-wlsettings/photo-gallery-crash-emet-reporter-deletes-file/e5a510c8-e0fb-4d33-8179-8ee7a18d11e5?rtAction=1377879230389
Discovered a bug in EMET 4.0 running on Windows 8 (desktop).
Steps to reproduce:
open a .jpg graphic... opens in Photo Gallery.
hit the "Edit, Organize, or Share" button, top left menu bar.
Program crashes and opens a "Photo Gallery has stopped working"/Close program prompt.
EMET opens up a "Do you want to send more information about this issue?" prompt.
When you click Yes/Send with the EMET prompt it DELETES YOUR FILE - no recycle bin, no warning.
It appears to be a problem with EMET. I closed the Photo Gallery prompt and the program closed, file deletion did not occur until the EMET prompt was sent/closed.
UPDATE: Discovered a new unwanted behavior... it will delete the file when you hit the DONT report button as well. I guess the only way is to close the prompt window and not to choose the REPORT or DON'T REPORT buttons.

NOTE: The below entry describes a problem with the default EMET 4 configuration for Windows Photo Gallery which led to the discovery of this bug. It is taken from (duplicated from) this post... http://answers.microsoft.com/en-us/windowslive/forum/gallery-wlsettings/photo-gallery-crash-emet-reporter-deletes-file/e5a510c8-e0fb-4d33-8179-8ee7a18d11e5
---------------------------->>
I did not reinstall Photo Gallery here (not needed)... I think the problem is with EMET.
With the previous entry, where I was asked to disable EMET and test Photo Gallery, I may not have disabled it fully via the task manager... so I got the expected crash. I just tested with EMET running but with all the mitigation checkboxes unchecked for
WLXPhotoGallery.exe, and I was able to use the "Edit, Organize, or Share" button in Photo Gallery properly with no crash.
I will have to experiment with which EMET mitigation check is causing the crash when using the "Edit, Organize, or Share" button. The default EMET installation list had all mitigation checkboxes checked for this program. If someone happens
to know the proper checkbox configuration for WLXPhotoGallery.exe please post.

How to determine installed version of EMET via script?

Hi all,
I was not able to find a easy way to determine installed verison of EMET via script. If you can guide me in the right direction, this would help a lot.
Many thanks
Sam

This is probably not the right forum for scripting questions and you didn't specify which script you (want to) use... Below you can find some examples...
If you use VBscript you could use WMI and query the class Win32_Product:
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set colSoftware = objWMIService.ExecQuery _
("Select * from Win32_Product where Name like '%EMET%'")
For Each objSoftware in colSoftware
Wscript.Echo "Name: " & objSoftware.Name
Wscript.Echo "Version: " & objSoftware.Version
Next
This method is not advisable because the class isn't optimized for queries and therefore the query takes a long time!
You can also use the Windows Installer object:
Option Explicit
' Connect to Windows Installer object
Dim installer
Set installer = Wscript.CreateObject("WindowsInstaller.Installer")
Dim product, products
Set products = installer.Products
For Each product In products
if instr(1,installer.ProductInfo(product, "InstalledProductName"), "EMET", vbTextCompare) > 0 AND instr(1,installer.ProductInfo(product, "Publisher"), "Microsoft", vbTextCompare) > 0 then
Wscript.Echo installer.ProductInfo(product, "InstalledProductName")
Wscript.Echo installer.ProductInfo(product, "VersionString")
End If
Next
Set products = Nothing
Set installer = Nothing
Wscript.Quit 0
This method enumerates all the products but be aware that you should also check the installstate because the installstate of a product also can be advertised.
You can also use powershell to enumerate the uninstall registry keys but you have take into account that the results may be different on a 64-bit Windows and the bitness of the powershell proces:
gci "hklm:\software\microsoft\windows\currentversion\uninstall" | foreach { gp $_.PSPath } | select DisplayVersion,DisplayName | where { $_.DisplayName -match "^EMET*" }
You can also install and use the
Windows Installer PowerShell Module and use this command:
get-msiproductinfo | where { $_.Name -like '*EMET*' } | select ProductName,ProductVersion | format-list
On the internet you can find a lot of information about your question. For instance I found these pages:
http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/15/use-powershell-to-find-installed-software.aspx
http://blogs.technet.com/b/alexshev/archive/2008/06/30/from-msi-to-wix-part-17-windows-installer-automation-interface-part-2.aspx
W. Spu

Is EMET Config XML the same as the GPO of EMET?

Hi,
I deployed EMET to our environment and used GPO to deploy settings. I can see that the GPO are applied and is protecting the computer by going to the registry of the computer. Ex. regedit --> HKLM --> Software --> Policies --> Microsoft
-> EMET.
Then I read on the link below that I have to import the XML, but the XML looks quite similar as the what was set on the GPO. My question is, do I still need to import the XML file if I am already implementing something via GPO?
If that is the case, then if I implement the XML and if something went wrong, I could not globally manage unlike the GPO.
http://blogs.technet.com/b/configmgrteam/archive/2012/05/15/deploying-and-configuring-the-enhanced-mitigation-experience-toolkit.aspx
On the other hand, what I noticed though is with the GPO enabled, I don't see a list of programs being protected under "configure apps". Instead I see what are being protected by going here regedit --> HKLM --> Software --> Policies -->
Microsoft -> EMET.
Am I configuring it correctly or do I need to do both?

Starting with EMET 5.0, EMET installs a service which imports group policy.
http://blogs.technet.com/b/srd/archive/2014/07/31/announcing-emet-v5.aspx - "We have added a new service, called EMET Service, which is taking in charge many duties that EMET Agent used to do in previous versions. The EMET Service, among other
things, takes care of evaluating the Certificate Trust rules, appropriately dispatching EMET Agents in every user’s instance, and automatically applying Group Policy settings pushed through the network. Also, a service offers more resiliency and better ability
to being monitored."
EMET does not currently have the ability to show the group policy application settings in the GUI. You can use the command line to see group policy settings however: emet_conf --list. Microsoft has indicated they are planning on adding that feature
to the GUI in future versions:
https://connect.microsoft.com/emet/Feedback/Details/905794.
You do not need to apply both the group policy and the local xml settings, just one or the other. You can also verify that the group policy settings are applied by looking in the GUI at the list of running applications and noting the green check mark
circle next to the ones that are configured for EMET.

Error installing EMET 5 on Windows 7 "key not valid for use in specified state"

No - those other references do not answer the question. However, this issue appears not to be EMET specific, but .MSI installer specific--i.e. other .MSI installs are failing on this machine with the same message...
All of the references I have been able to find involve SQL or code-signing--I need to fix this issue on an end-user laptop attempting to install properly signed code--EMET 5, for example!
Bill Sanderson
NEVER MIND: Found the answer:
C:\Users\xxx\AppData\Roaming\Microsoft\Crypto\RSA
Deleted content at the above location, and the problem is resolved.

Thank you !
I had to install some MSI's with services and got the same error. Found this post quite soon and this solution solved the problem immediately. Thanks !
Fixer

EMET App Deployment

I am trying to install EMET 5.0 by deploying it via SCCM App Deployment. I followed the
guidelines provided. However, I am unclear why it does not install. It shows up in "software center", and fails to install. I even tried to
install it manually,
msiexec /i "\\Server\Sources\EMET\5.0\EMET Setup.msi" /qn /norestart
it fails as well, saying the cab file is corrupted with event id 11335. I don't think the file is corrupted.
APPEnforce.log
Starting Install enforcement for App DT "EMET 5.0 - Windows Installer (*.msi file)" ApplicationDeliveryType - ScopeId_1800435A-AD61-4561-814C-4442F922187A/DeploymentType_bba187a2-b5ac-4772-8951-669a78684598, Revision - 1, ContentPath - C:\Windows\ccmcache\3k,
Execution Context - System]LOG]!><time="21:44:43.054+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240" file="appprovider.cpp:1643">
<![LOG[ A user is logged on to the system.]LOG]!><time="21:44:43.056+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240" file="appprovider.cpp:2014">
<![LOG[ Performing detection of app deployment type EMET 5.0 - Windows Installer (*.msi file)(ScopeId_1800435A-AD61-4561-814C-4442F922187A/DeploymentType_bba187a2-b5ac-4772-8951-669a78684598, revision 1) for system.]LOG]!><time="21:44:43.061+240"
date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240" file="appprovider.cpp:2079">
<![LOG[+++ MSI application not discovered [MSI Product Code: {55369C02-4ABB-4632-85D2-37FAFB5684E9}, MSI Product version: ]]LOG]!><time="21:44:43.062+240" date="04-29-2014" component="AppEnforce" context=""
type="1" thread="4240" file="msihandler.cpp:131">
<![LOG[ App enforcement environment:
Context: Machine
Command line: msiexec /i "EMET Setup.msi" /qn /norestart
Allow user interaction: No
UI mode: 0
User token: null
Session Id: 2
Content path: C:\Windows\ccmcache\3k
Working directory: ]LOG]!><time="21:44:43.063+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240" file="appcontext.cpp:84">
<![LOG[ Prepared working directory: C:\Windows\ccmcache\3k]LOG]!><time="21:44:43.064+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240" file="appcontext.cpp:188">
<![LOG[Found executable file msiexec with complete path C:\Windows\system32\msiexec.exe]LOG]!><time="21:44:43.066+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240"
file="executility.cpp:188">
<![LOG[ Prepared command line: "C:\Windows\system32\msiexec.exe" /i "EMET Setup.msi" /qn /norestart /qn]LOG]!><time="21:44:43.067+240" date="04-29-2014" component="AppEnforce" context=""
type="1" thread="4240" file="appcontext.cpp:337">
<![LOG[Valid MSI Package path = C:\Windows\ccmcache\3k\EMET Setup.msi]LOG]!><time="21:44:43.068+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240" file="appcontext.cpp:746">
<![LOG[ Advertising MSI package [C:\Windows\ccmcache\3k\EMET Setup.msi] to the system.]LOG]!><time="21:44:43.069+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240"
file="appcommon.cpp:125">
<![LOG[ Executing Command line: "C:\Windows\system32\msiexec.exe" /i "EMET Setup.msi" /qn /norestart /qn with user context]LOG]!><time="21:44:43.429+240" date="04-29-2014" component="AppEnforce"
context="" type="1" thread="4240" file="appexcnlib.cpp:201">
<![LOG[ Working directory C:\Windows\ccmcache\3k]LOG]!><time="21:44:43.429+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240" file="appexcnlib.cpp:215">
<![LOG[ Post install behavior is BasedOnExitCode]LOG]!><time="21:44:43.433+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240" file="appcommon.cpp:1093">
<![LOG[ Waiting for process 1132 to finish. Timeout = 120 minutes.]LOG]!><time="21:44:43.436+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240"
file="appexcnlib.cpp:1951">
<![LOG[ Process 1132 terminated with exitcode: 1603]LOG]!><time="21:44:44.721+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240" file="appexcnlib.cpp:1960">
<![LOG[ Looking for exit code 1603 in exit codes table...]LOG]!><time="21:44:44.722+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240" file="appexcnlib.cpp:505">
<![LOG[ Unmatched exit code (1603) is considered an execution failure.]LOG]!><time="21:44:44.722+240" date="04-29-2014" component="AppEnforce" context="" type="2" thread="4240"
file="appexcnlib.cpp:591">
<![LOG[++++++ App enforcement completed (1 seconds) for App DT "EMET 5.0 - Windows Installer (*.msi file)" [ScopeId_1800435A-AD61-4561-814C-4442F922187A/DeploymentType_bba187a2-b5ac-4772-8951-669a78684598], Revision: 1,
User SID: ] ++++++]LOG]!><time="21:44:44.724+240" date="04-29-2014" component="AppEnforce" context="" type="1" thread="4240" file="appprovider.cpp:2366">

Concur with the above. A couple of additional comments also:
- EMET 5 is a technology preview. Not saying you shouldn't test with it, but for production deployment you should be using 4.1 at this time as 5.0 may have issues (like this one).
- To diagnose 1603 Windows Installer errors, you should add verbose logging to the command-line (using the /l*v option) and examine the resulting verbose log file (specifically looking for the phrase "return value 3").
Jason | http://blog.configmgrftw.com

EMET 4.1 Installation

Similar Messages

Maybe you are looking for