Microsoft EMET

From WPKG | Open Source Software Deployment and Distribution
Jump to: navigation, search

Enhanced Mitigation Experience Toolkit[edit]

This is a silent installer to deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET), a toolkit for deploying and configuring security mitigation technologies.

This installer will also load a custom policy as specified in %configpath% and %certconfigpath%. If you don't want to create a custom policy, EMET comes with sample policies in %PROGRAMFILES(x86)%\EMET 5.1\Deployment\Protection Policies.

The EMET GUI is a 32-bit program that will work on 32-bit and 64-bit editions of Windows.

Download EMET and the User's Guide from http://www.microsoft.com/en-us/download/details.aspx?id=41138

WPKG Package[edit]

EMET 5.1[edit]

<?xml version="1.0" encoding="UTF-8"?>
<packages>

<package id="emet" name="Microsoft EMET %PKG_VERSION%" revision="10" reboot="false" priority="50">

   <variable name="PKG_VERSION" value="5.1" />

   <variable name="pkgstring" value="EMET 5.1"/>

   <variable name="pkgpath" value="EMET 5.1"/>

   <variable name="pfpath" value="EMET 5.1"/>

   <!-- Path to your EMET rules -->
   <variable name="configpath" value="%SOFTWARE%\%pkgpath%\prod-20150224.xml"/>

   <!-- Path to your certificate-pinning rules -->
   <variable name="certconfigpath" value="%SOFTWARE%\%pkgpath%\prod-certtrust-20150122.xml"/>


   <check type="uninstall" condition="exists" path="%pkgstring%"/>
   <!-- N.B. this does not implement checking to see if your policy is loaded! -->

   <install cmd='msiexec /qn /i "%SOFTWARE%\%pkgpath%\EMET 5.1 Setup.msi" '/>

   <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
   <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>

   <upgrade cmd="msiexec /qn /i &quot;%SOFTWARE%\%pkgpath%\EMET %PKG_VERSION% Setup.msi&quot;">
     <check type="logical" condition="not">
       <check type="uninstall" condition="exists" path="%pkgstring%"/>
     </check>
     <exit code="0" />
     <exit code="1638" />
   </upgrade>

   <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
   <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>

   <remove cmd="msiexec /qb /x{72e7ae20-5b12-4f27-af5e-da03e3c09466}"/>

</package>
</packages>