Difference between revisions of "Microsoft EMET"

From WPKG | Open Source Software Deployment and Distribution
Jump to: navigation, search
(Tidied up)
(Updated to EMET 5.1 with improved upgrade that allows for deploying new configuration without reinstalling the MSI)
 
Line 3: Line 3:
 
This is a silent installer to deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET), a toolkit for deploying and configuring security mitigation technologies.
 
This is a silent installer to deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET), a toolkit for deploying and configuring security mitigation technologies.
  
This installer will also load a custom policy as specified in %CONFIGPATH%. If you don't want to create a custom policy, EMET comes with sample policies in (for example) "%PROGRAMFILES(x86)%\EMET 4.1 Update 1\Deployment\Protection Policies".
+
This installer will also load a custom policy as specified in <code>%configpath%</code> and <code>%certconfigpath%</code>. If you don't want to create a custom policy, EMET comes with sample policies in <code>%PROGRAMFILES(x86)%\EMET 5.1\Deployment\Protection Policies</code>.
  
 
The EMET GUI is a 32-bit program that will work on 32-bit and 64-bit editions of Windows.
 
The EMET GUI is a 32-bit program that will work on 32-bit and 64-bit editions of Windows.
Line 11: Line 11:
 
==WPKG Package==
 
==WPKG Package==
  
===EMET 4.1 Update 1===
+
===EMET 5.1===
  
 
<source lang="xml">
 
<source lang="xml">
Line 17: Line 17:
 
<packages>
 
<packages>
  
<package id="emet" name="Microsoft" revision="7" reboot="false" priority="50">
+
<package id="emet" name="Microsoft EMET %PKG_VERSION%" revision="10" reboot="false" priority="50">
  
   <variable name="pkgstring" value="EMET 4.1 Update 1"/>
+
   <variable name="PKG_VERSION" value="5.1" />
  
   <variable name="pkgpath" value="EMET 4.1U1"/>
+
   <variable name="pkgstring" value="EMET 5.1"/>
  
   <variable name="pfpath" value="EMET 4.1"/>
+
   <variable name="pkgpath" value="EMET 5.1"/>
  
   <variable name="configpath" value="%SOFTWARE%\%pkgpath%\prod-20140521.xml"/>
+
  <variable name="pfpath" value="EMET 5.1"/>
 +
 
 +
  <!-- Path to your EMET rules -->
 +
   <variable name="configpath" value="%SOFTWARE%\%pkgpath%\prod-20150224.xml"/>
 +
 
 +
  <!-- Path to your certificate-pinning rules -->
 +
  <variable name="certconfigpath" value="%SOFTWARE%\%pkgpath%\prod-certtrust-20150122.xml"/>
  
  
Line 31: Line 37:
 
   <!-- N.B. this does not implement checking to see if your policy is loaded! -->
 
   <!-- N.B. this does not implement checking to see if your policy is loaded! -->
  
 +
  <install cmd='msiexec /qn /i "%SOFTWARE%\%pkgpath%\EMET 5.1 Setup.msi" '/>
  
   <install cmd='msiexec /qn /i "%SOFTWARE%\%pkgpath%\EMET Setup.msi" '/>
+
   <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
 +
  <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
 +
  <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
 +
  <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
  
   <install architecture="x64" cmd='%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe --import "%configpath%" '/>
+
   <upgrade cmd="msiexec /qn /i &quot;%SOFTWARE%\%pkgpath%\EMET %PKG_VERSION% Setup.msi&quot;">
 
+
    <check type="logical" condition="not">
  <install architecture="x86" cmd='%PROGRAMFILES%\%pfpath%\EMET_Conf.exe --import "%configpath%" '/>
+
      <check type="uninstall" condition="exists" path="%pkgstring%"/>
 
+
    </check>
 
+
  <upgrade cmd='msiexec /qn /i "%SOFTWARE%\%pkgpath%\EMET Setup.msi" '>
+
 
     <exit code="0" />
 
     <exit code="0" />
 
     <exit code="1638" />
 
     <exit code="1638" />
 
   </upgrade>
 
   </upgrade>
  
   <upgrade architecture="x86" cmd='%PROGRAMFILES%\%pfpath%\EMET_Conf.exe --import "%configpath%" '/>
+
   <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
 
+
  <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
   <upgrade architecture="x64" cmd='%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe --import "%configpath%" '/>
+
   <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
 
+
  <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
  
   <remove cmd="msiexec /qb /x{6A09FEB2-691C-456B-B982-2F6D21B19602}"/>
+
   <remove cmd="msiexec /qb /x{72e7ae20-5b12-4f27-af5e-da03e3c09466}"/>
  
 
</package>
 
</package>

Latest revision as of 17:52, 12 March 2015

Enhanced Mitigation Experience Toolkit

This is a silent installer to deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET), a toolkit for deploying and configuring security mitigation technologies.

This installer will also load a custom policy as specified in %configpath% and %certconfigpath%. If you don't want to create a custom policy, EMET comes with sample policies in %PROGRAMFILES(x86)%\EMET 5.1\Deployment\Protection Policies.

The EMET GUI is a 32-bit program that will work on 32-bit and 64-bit editions of Windows.

Download EMET and the User's Guide from http://www.microsoft.com/en-us/download/details.aspx?id=41138

WPKG Package

EMET 5.1

<?xml version="1.0" encoding="UTF-8"?>
<packages>

<package id="emet" name="Microsoft EMET %PKG_VERSION%" revision="10" reboot="false" priority="50">

   <variable name="PKG_VERSION" value="5.1" />

   <variable name="pkgstring" value="EMET 5.1"/>

   <variable name="pkgpath" value="EMET 5.1"/>

   <variable name="pfpath" value="EMET 5.1"/>

   <!-- Path to your EMET rules -->
   <variable name="configpath" value="%SOFTWARE%\%pkgpath%\prod-20150224.xml"/>

   <!-- Path to your certificate-pinning rules -->
   <variable name="certconfigpath" value="%SOFTWARE%\%pkgpath%\prod-certtrust-20150122.xml"/>


   <check type="uninstall" condition="exists" path="%pkgstring%"/>
   <!-- N.B. this does not implement checking to see if your policy is loaded! -->

   <install cmd='msiexec /qn /i "%SOFTWARE%\%pkgpath%\EMET 5.1 Setup.msi" '/>

   <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
   <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>

   <upgrade cmd="msiexec /qn /i &quot;%SOFTWARE%\%pkgpath%\EMET %PKG_VERSION% Setup.msi&quot;">
     <check type="logical" condition="not">
       <check type="uninstall" condition="exists" path="%pkgstring%"/>
     </check>
     <exit code="0" />
     <exit code="1638" />
   </upgrade>

   <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
   <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>

   <remove cmd="msiexec /qb /x{72e7ae20-5b12-4f27-af5e-da03e3c09466}"/>

</package>
</packages>
Retrieved from "https://wpkg.org/index.php?title=Microsoft_EMET&oldid=12385"