91
edits
Changes
Updated to EMET 5.1 with improved upgrade that allows for deploying new configuration without reinstalling the MSI
This is a silent installer to deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET), a toolkit for deploying and configuring security mitigation technologies.
This installer will also load a custom policy as specified in <code>%CONFIGPATHconfigpath%</code> and <code>%certconfigpath%</code>. If you don't want to create a custom policy, EMET comes with sample policies in (for example) "<code>%PROGRAMFILES(x86)%\EMET 45.1 Update 1\Deployment\Protection Policies"</code>.
The EMET GUI is a 32-bit program that will work on 32-bit and 64-bit editions of Windows.
==WPKG Package==
===EMET 45.1 Update 1===
<source lang="xml">
<packages>
<package id="emet" name="MicrosoftEMET %PKG_VERSION%" revision="710" reboot="false" priority="50">
<variable name="pkgstringPKG_VERSION" value="EMET 45.1 Update 1"/>
<variable name="pkgpathpkgstring" value="EMET 45.1U11"/>
<variable name="pfpathpkgpath" value="EMET 45.1"/>
<variable name="pfpath" value="EMET 5.1"/> <!-- Path to your EMET rules --> <variable name="configpath" value="%SOFTWARE%\%pkgpath%\prod-2014052120150224.xml"/> <!-- Path to your certificate-pinning rules --> <variable name="certconfigpath" value="%SOFTWARE%\%pkgpath%\prod-certtrust-20150122.xml"/>
<!-- N.B. this does not implement checking to see if your policy is loaded! -->
<install cmd='msiexec /qn /i "%SOFTWARE%\%pkgpath%\EMET 5.1 Setup.msi" '/>
<install architecture="x64" cmd='msiexec "%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/qn > <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/i > <install architecture="x86" cmd='"%SOFTWAREPROGRAMFILES%\%pkgpathpfpath%\EMET SetupEMET_Conf.msiexe" --import "%configpath%"'/> <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%" '/>
<install architectureupgrade cmd="x64" cmd='msiexec /qn /i "%PROGRAMFILES(x86)SOFTWARE%\%pfpathpkgpath%\EMET_Conf.exe --import "EMET %configpathPKG_VERSION%Setup.msi"" '/> <check type="logical" condition="not"> <install architecturecheck type="x86uninstall" cmdcondition="exists" path='%PROGRAMFILES%\%pfpath%\EMET_Conf.exe --import "%configpathpkgstring%" '/> <upgrade cmd='msiexec /qn /i "%SOFTWARE%\%pkgpath%\EMET Setup.msi" 'check>
<exit code="0" />
<exit code="1638" />
</upgrade>
<upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe " --import "%configpath%" '/> <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/> <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe " --import "%configpath%" '/> <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
<remove cmd="msiexec /qb /x{6A09FEB272e7ae20-691C5b12-456B4f27-B982af5e-2F6D21B19602da03e3c09466}"/>
</package>