EMET GPO Default Protects for Recommended Software conflicting with Application Configuration GPO

Similar Messages

• EMET group policy preference "application configuration" vs "default protection for popular software"

  Hello,
  Trying to implement EMET 4.1 update 1 in a VDI environment using group policy. When all default protections are enabled (IE, recommended and popular) EMET is blocking the startup of windows media player within citrix session as caller
  mitigation. At this time I wanted to use the GPO "Application Configuration" to specify an exception as "wmplayer.exe -Caller". Even tried "*\Windows Media Player\wmplayer.exe -Caller" but startup would still get blocked. When
  using emet_conf --list I would see three entries for wmplayer and the only way to remove Caller is to disable policy "default protection for popular software". Shouldn't settings in Application Configuration take priority as being the exception to
  the rule? Alternative is to turn off the "default protection for popular software and list all of them one by one (or use XML file)
  here is part of the output of emet_conf --list
  all policies:
  wmplayer.exe           *\Windows Media Player       DEP SEHOP NullPage HeapSpray
   EAF MandatoryASLR BottomUpASLR LoadLib MemProt SimExecFlow StackPivot
  wmplayer.exe                                        DEP SEHOP
  NullPage HeapSpray
   EAF MandatoryASLR BottomUpASLR LoadLib MemProt SimExecFlow StackPivot
  wmplayer.exe           *\Windows Media Player       DEP NullPage HeapSpray Botto
  mUpASLR LoadLib MemProt Caller SimExecFlow StackPivot
  without "default protection for popular software" (much less applications listed)
  wmplayer.exe                           DEP SEHOP NullPage HeapSpray EAF Mandator
  yASLR BottomUpASLR LoadLib MemProt SimExecFlow StackPivot
  wmplayer.exe  *\Windows Media Player   DEP SEHOP NullPage HeapSpray EAF Mandator
  yASLR BottomUpASLR LoadLib MemProt SimExecFlow StackPivot
  Thank you

  if I understood correctly from talking to EMET feedback team last time, they said  App Config settings don't actually override any the default app or popular or IE protection profiles. (it really seems like App config settings override the other profiles
  from the manual, hey? I thought so as well) 
  Sooo, it sounded like we'd need to extract the recommended or popular app list, convert it to the path + mitigation not included format for the app config GPO and then just use app config to manage it. 
  Needless to say it sounded surprising and laborious and not management by exception at all. 
  Rinse repeat for new versions of emet and XML policy files . 
  p.s what would be really helpful in the admin guide is some real world examples of contoso.local where they apply the recommended apps + a few exceptions for all + custom exceptions for a separate class of  machines or groups of users. hmeh.

• FCP 5.03 won't launch/software conflicts with Avid?

  Hi,
  I just purchased FCP Studio and a new dual 2.3 G5. Installation ran fine. All other apps open (ie: soundtrack, dvd studio, motion, compressor, etc.).
  When I try to open FCP 5.03, it starts to open - anotherwords the rectangular box with FCP and my name and the serial number comes up like it's going to launch, but then the box goes away and no application. The finder then becomes active.
  I'm running on and OS 10.4.2 and QT 7.0.1 and would rather not go to 10.4.3 or a higher version of QT as I need this OS and QT for my Avid Xpress application. Plus I do not suspect that the OS or QT version is the problem, as we know FCP has launched on OS 10.4.2 and QT 7.0.1. All other software is up to date.
  Possibly there are software conflicts with Avid? The only other software I have installed on this machine is that which was packaged with Avid Xpress Pro v.4.8.1 which is as follows:
  Avid Xpress Pro v4.8.1 (which includes)
  Avid ALE
  Avid EDL Manager
  Avid FilmScribe
  Avid MetaSync Manager
  Avid MetaSync Publisher
  ...and also:
  Boris FX 6.1 LTD
  Bors Graffitt 2.1 LTD
  ATTO ExpressStripe
  Factory Floor
  Sonic Fire Pro v.3
  Sorenson Squeeze
  Any insight on how to launch FCP would be very much appreciated. Thank you.
  Michael.
  Powermac G5 2.3 GHz   Mac OS X (10.4.2)   4.5 GB RAM 2x500 GB HDs

  I've run 4.5 and Avid Express on the same system. And 5.0.3 (haven't cranked up the Avid software since installing 5.0.3). My first suspect would be some kind of Audio plugin.
  Use the Console program to inspect the logs. You might learn something that way. (/Applications/Utilities/Console).
  Patrick

• ALV Grid default values for new rows added with Add/Insert buttons

  Hi!
  Help, please,  to find a way how to set default values for new rows added with Add/Insert buttons in
  ALV Grid.

  I have found salution:
  ALV Grid u2013 Insert row function
  Sometimes we need to assign some default values when we create a new row in a grid using standard ALV Append row button. In our scenario we will see how to assign default values to Airline Code (CARRID), Flight Connection Number (CONNID) and Flight date (FLDATE) when a new row is created. To do that we need to handle DATA_CHANGED event in the program like mentioned below.
  Definition of a class:
  Code:
        CLASS lcl_event_receiver DEFINITION
  CLASS LCL_EVENT_RECEIVER DEFINITION.
    PUBLIC SECTION.
  METHODS:
       handle_data_changed
       FOR EVENT data_changed OF cl_gui_alv_grid
       IMPORTING er_data_changed
                         e_ucomm.
  ENDCLASS.                    "lcl_event_receiver DEFINITION
  Implementation of a class:
  Code:
  CLASS LCL_EVENT_RECEIVER IMPLEMENTATION.
    METHOD HANDLE_DATA_CHANGED.
      DATA: dl_ins_row TYPE lvc_s_moce.   " Insert Row
        FIELD-SYMBOLS: <fs> TYPE table.    " Output table
  Loop at the inserted rows table and assign default values
      LOOP AT er_data_changed->mt_inserted_rows INTO dl_ins_row.
        ASSIGN er_data_changed->mp_mod_rows->* TO <fs>.
        loop at <fs> into ls_outtab.
          ls_outtab-carrid  = 'LH'.
          ls_outtab-connid  = '400'.
          ls_outtab-fldate  = sy-datum.
          MODIFY <fs> FROM ls_outtab INDEX sy-tabix.
        endloop.
      endloop.
    ENDMETHOD.                    "handle_data_changed
  ENDCLASS.                    "lcl_event_receiver IMPLEMENTATION
  Register the events to trigger DATA_CHANGED event when a new row is created.
  Code:
      CALL METHOD OBJ_GRID->REGISTER_EDIT_EVENT
        EXPORTING
          I_EVENT_ID = CL_GUI_ALV_GRID=>MC_EVT_ENTER.
      CALL METHOD OBJ_GRID->REGISTER_EDIT_EVENT
        EXPORTING
          I_EVENT_ID = CL_GUI_ALV_GRID=>MC_EVT_MODIFIED.

• HT1222 If i do the update for the software would the application will be deleted?

  If i do the update for the software would the application will be deleted?

  Usually an update specifically linked to a software item will only modify that item ... and do as it says ... update it.

• This is an message when I open up CS4 in Illustrator.  "Some plugins in additional plugins folder are conflicting with application or user plugins.  It will skip loading plugins from additional plug-ins folder?  What does this mean and how can I fix it.

  This is an message when I open up CS4 in Illustrator.  "Some plugins in additional plugins folder are conflicting with application or user plugins.  It will skip loading plugins from additional plug-ins folder?  What does this mean and how can I fix it?

  Thanks Larry.  I thought so.  I will do this weekend.  Again, I appreciate your help.
  Trying to get updated software – I am not a fan of the cloud stuff.  Nothing I can do about it.
  Thanks again Larry!

• Unknown structure ID 0 for flexfield code GL# with application ID 101

  Hi Experts,
  I am working on Report builder 6i, EBS 11i, and data base 9i. I have standard report, when i am running it, it's giving below error.
  ERROR: APP-FND-01016: Routine FDFRKS: Unknown structure ID 0 for flexfield code GL# with application ID 101.
  It's calling below thing in Before Report Trigger.
  begin
  SRW.USER_EXIT('FND FLEXSQL CODE="GL#" NUM=":P_ACCT_STRUCT_NUM"
  APPL_SHORT_NAME="SQLGL" OUTPUT="P_acct_flex"
  MODE="SELECT" DISPLAY="ALL" TABLEALIAS="GCC"');
  exception when srw.user_exit_failure then
  srw.message(3,'Failed in GL#/Select');
  raise;
  end;
  Could somebody help me what could be the reason for this error.
  Thanks.

  Hi,
  Is the error still ocurring ? Is yes, please refer the below note in Metalink. This should resolve the issue.
  http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=227438.1
  -Sailaja.

• EDI output message for Outbound Deliv send with application own transaction

  Dear All,
  I encountering a problem with the output message "WSOR" via EDI.
  What i want:
         I would to configure this message output without the Dispatch time " 3: Send with application own transaction".
  What is encountering now:
        I have done the setting in "VV22" or VV21, with the conbination of Delivery type and Shipping point. and the setting is EDI with dispatch time 3: Send with application own transaction.
  But When i use ME2O to create the outbound delivery for subcontractor, the message output "WSOR" process automatically and the dispatch time is 4: Send immediately (When application save).
  Can anyone please advice me what are the setting or area that i need to check!!
  Thank you very much,
  Regards,
  Chee Wee

  Hi
  Try here...
  Logistics Execution -> Shipping -> Basic Shipping Functions -> Output Control -> Output Determination -> Maintain Output Determination for Outbound Deliveries
  Regards
  Eduardo

• Looking For Recommendation - Software/Service to Print Payroll Checks

  My company is looking to replace our payroll check printing software.  The vendor no longer exists and 3rd party support is troublesome.  Can anyone recommend a good vendor, with or without online features?  We are using Oracle 11i HRMS, and don't have plans to move to a newer version any time soon.  Any suggestions, leads, or testimonials would be greatly appreciated. 

  Hello!
  Thank you for using MOS Communities! I will move your question to the Oracle HRMS community for targeted assistance.
  Have a great day,
  Danielle

• Protection for demo software

  dear sir,
  i am using labview 7.0 with dsc module. Now  i had done coding according to my applicaton in softawre. I want to give my software exe cd to customer to observe the software. Now i want that the software exe will not run after 5 days from installation from his pc. After five days if he want to run the software he has to install the exe again. is it possible with labview. If yes please help me.
  falgandha

  Hello,
  A simple protection it's by creating a file with a strange name on c:\windows. In this file you put the installation date and then every time you run the .exe, the first thing that you do it's checking how many days passed. If the TotalDays > 5 then exit.
  All depends on the level of protection.
  Other ideas are:
  - use one entry on the registry
  - verify if the user changes the clock (if don't do that he can always move back and use it)
  If you wanna prevent the user rewind the clock, when you create the file with initialDate, create another with currentDate. Then every time you run the exe you verify this date. If the user moved back this date you exit the program. If this value it's greater than the older you should update.
  Software developer
  www.mcm-electronics.com
  PS: Don't forget to rate a good anwser ; )
  Currently using Labview 2011
  PORTUGAL

• TS4123 LSP vendor software conflicts with iTunes

  The suggestion is for me to call these LSP vendors to resolve conflicts between their software and itunes? I want listen to music not become a software engineer. This is not helpful.Please wave the magic wand and make it all better.
  I'm using a network attached hard drive, attached to Airport Extreme. Works fine with Macbook Pro. Seconds go by just clicking on the next tune to play.

  Sorry, I meant to add that it works fine with MBP but not in Surface Pro 2 Windows 8.1. Wellk, it works but it is very slow.

• Any known software conflicts with Leopard

  I am really frustrated. I've been an exclusive mac user since 87. I have had major problems with leopard that remind me of the pre-OSX days. Apps hanging, crashing, not shutting down (and I'm talking Apple apps like Safari). My computer hangs on shut down while Updating Boot Caches (I've let the thing run over night hoping I was just being impatient.). I have even had some kernel panics. I've run disk utility, TechTool Pro, and DiskWarrior. When I run these apps, some times they find problems and sometimes they don't. The hardware checks are okay. I have done a clean install of Leopard. And of course, everything is up to date. I have even had trouble syncing with dotmac with the syncs getting out of sync and constantly asking me which one I want to keep.
  I never, ever had these problems with Tiger.
  My final guess is that maybe there is some rouge piece of software that doesn't work well with Tiger.
  Is there a list.
  Any help?
  Ever so frustrated,
  Paul

  What you did was an erase and install.
  Check with each application vendor for software compatibility. The way you can tell if an application is compatible is if the actual update is said to be compatible.
  I.e, when it says:
  10.4.x and above means 10.4.0 and 10.4.1 compatible.
  10.4.x and 10.5.x and above it means 10.4.0 - 10.4.11, and 10.5.0, and 10.5.1 compatible. No assurance though exists for Intel compatibility, unless it says Application Universal in the Finder menu -> Get Info information about the application. Rosetta applications are typically PowerPC compatible, with dependence on PowerPC drivers and may not always work with Intel Macs.
  10.4.x and 10.5.0 to 10.5.2 it means it is compatible with the most recent release. The Intel Mac disclaimer applies here as well.
  10.4.x and 10.5.0 to 10.5.2 PowerPC and Universal means it will work with PowerPC and Intel Macs running Tiger and Leopard to present day.
  10.3.x and above does not mean 10.4.x compatible, nor does it mean 10.5.x compatible. There are some exceptions if the software was developed within the framework of Rosetta.
  Visit http://www.macupdate.com/ and http://www.versiontracker.com/ for the most current info on application compatibility. If there are any applications you are uncertain about their compatibility and want to make sure you remove them entirely, use http://www.appzapper.com/

• Setting default value for form field assoc with a table column

  On a "Create Record" situation I was trying to set the default values of some form fields using a page level "Process". These form fields have Source Type = Database Column. It wasn't working, I could only set non-db assoc form field values no matter when the "Process" was set to exec. From some other posts it seems that this is by design, ie. not being able to programatically set the initial values of form fields that are sourced to db columns. I was hoping to have just one "Process" that would exec to set these initial values in one place rather than scattered about for each field that needed a default value. These particular default values come from ref tables and may be different for each user.
  So, it looks like I have to use a "Default Value" plsql chunk for each field on the form itself or else set their value on the calling form's Redirect in the "Set these Items" area.
  Is this correct?

  You could define a database function which accepts the name of the item and the user ID of the user running the application. Based on the item name and the user ID have the function return the appropriate initial value. Invoke this function in a "Default Value" PL/SQL block.
  Does that help in centralizing your initial values? You could have one function per page or one function per application. I would do one function per application.

• Setting english as the default language for a new document with arabic version of CC apps

  first off, appologies for the screen name, the name i'm sure i had registered before with account was suppose dot be looged in as was barred, so i used this in frustration.  Read the book, The Etymologicon to learn more.
  and another note.  why is the font size in the subject on this form gigantic? intentional of cockup?
  Now, to the point.
  Please please enlighten me, I'm sure it's simple but i can't find the answer and have been haphazardly ploughing the net for half the night.
  I have installed the Arabic langauge version of CC software becuase i need to do a lot of bilingual layouts.
  But
  I generally use, and start with english, but the defualt new document is always set to all the arabic settings, which is a nightmare.
  How do i make english the defualt type (and all the paragraph and language options) while retaining the functionaility of arabic version. 
  I've found instructions for CS2-6 but nothing remotely sensible about CC, and presume i'm missing something really really obvious.

  Hi,
  Here you have some interesting tutos about foreign languages in LV :
  Localizing Your LabVIEW Application to Different Languages
  Localize LabVIEW Applications in Multiple Languages
  Let me know what happens.
  Regards,
  Message Edité par Steve Mohamed le 02-27-2009 09:02 AM
  Steve M.
  National Instruments France
  #adMrkt{text-align: center;font-size:11px; font-weight: bold;} #adMrkt a {text-decoration: none;} #adMrkt a:hover{font-size: 9px;} #adMrkt a span{display: none;} #adMrkt a:hover span{display: block;}
  >> Vidéo-t'chats de l'été : présentations techniques et ingénieurs pour répondre à vos questions

• QuarkXPress 7.5 Crashes on Opening- Software Conflict with OS 10.6.3? HELP

  Hi All,
  I'm a graphic designer who knows her way around a Mac fairly well but I'm having problems with running my version of QuarkXPress (7.5) on my new MacBook Pro (OS 10.6.3). I installed everything correctly- when it asked for all my serial numbers and validation codes- they seemed to go through no problem. When all was said and done, I went to launch Quark and it crashed right after the first little splash page comes up. I can't get it to work. I read a thread on Quark's site where a guy tried everything and ended up having to return his brand new MacBook Pro he ordered online (like me- fully loaded) in return for a MacBook Pro at the Apple store and then when he reinstalled, Quark worked. I'd hate to do that- I love my new customized MBP and have all my stuff on it already. Yeah, I use InDesign, but I need Quark as well.
  Is there a fix? An update? Could this be more of a Mac problem than a Quark problem? I'm hoping it's Quark and not my new Mac.
  Any advice would be greatly appreciated! I need this software to work soon!
  Thanks!!!

  We have 2 computers in the studio running Snow Leopard (the remaining 3 still on Leopard) and neither of them will run QuarkXPress 7.
  - MacBook Pro appeared to install and register okay about a year ago, but the boss who uses the machine only complained to me this week that it won't let him save, and it crashes immediately after printing. I'm thinking the registration never completed properly and it's running in demo mode.
  - iMac (latest generation) has the issue others have mentioned that is crashes after displaying the splash screen. I've tried the "fix" of removing the preferences folder, but then get the message that the application needs to be re-installed. Tried re-installation, and it went smoothly, but got exactly the same crash on launch.
  Is there anyone out there who is actually running QuarkXPress 7 successfully on Snow Leopard? If yes, how did you get it to work?!!