Difference between revisions of "Microsoft EMET"

From WPKG | Open Source Software Deployment and Distribution
Jump to: navigation, search
(Update for 4.1 U1)
(Updated to EMET 5.1 with improved upgrade that allows for deploying new configuration without reinstalling the MSI)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Enhanced Mitigation Experience Toolkit 4.1 Update 1 ==
+
== Enhanced Mitigation Experience Toolkit ==
  
This is a silent installer to deploy EMET 4.1 Update 1 and load a custom policy as specified in %configpath%. If you don't want to create a custom policy, EMET comes with sample policies in %PROGRAMFILES(x86)%\EMET 4.1 Update 1\Deployment\Protection Policies.
+
This is a silent installer to deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET), a toolkit for deploying and configuring security mitigation technologies.
  
The EMET GUI is a 32-bit program, but EMET itself works on 32- and 64-bit machines.
+
This installer will also load a custom policy as specified in <code>%configpath%</code> and <code>%certconfigpath%</code>. If you don't want to create a custom policy, EMET comes with sample policies in <code>%PROGRAMFILES(x86)%\EMET 5.1\Deployment\Protection Policies</code>.
  
Download EMET and its user's guide at http://www.microsoft.com/en-us/download/details.aspx?id=41138
+
The EMET GUI is a 32-bit program that will work on 32-bit and 64-bit editions of Windows.
 +
 
 +
Download EMET and the User's Guide from http://www.microsoft.com/en-us/download/details.aspx?id=41138
 +
 
 +
==WPKG Package==
 +
 
 +
===EMET 5.1===
  
 
<source lang="xml">
 
<source lang="xml">
Line 11: Line 17:
 
<packages>
 
<packages>
  
<package id="emet" name="Microsoft EMET 4.1 Update 1" revision="5" reboot="false" priority="50">
+
<package id="emet" name="Microsoft EMET %PKG_VERSION%" revision="10" reboot="false" priority="50">
 +
 
 +
  <variable name="PKG_VERSION" value="5.1" />
 +
 
 +
  <variable name="pkgstring" value="EMET 5.1"/>
 +
 
 +
  <variable name="pkgpath" value="EMET 5.1"/>
 +
 
 +
  <variable name="pfpath" value="EMET 5.1"/>
 +
 
 +
  <!-- Path to your EMET rules -->
 +
  <variable name="configpath" value="%SOFTWARE%\%pkgpath%\prod-20150224.xml"/>
 +
 
 +
  <!-- Path to your certificate-pinning rules -->
 +
  <variable name="certconfigpath" value="%SOFTWARE%\%pkgpath%\prod-certtrust-20150122.xml"/>
  
  <variable name="pkgstring" value="EMET 4.1 Update 1"/>
 
  <variable name="pkgpath" value="EMET 4.1U1"/>
 
  <variable name="configpath" value="%SOFTWARE%\%pkgpath%\prod-20140521.xml"/>
 
  
 
   <check type="uninstall" condition="exists" path="%pkgstring%"/>
 
   <check type="uninstall" condition="exists" path="%pkgstring%"/>
 
   <!-- N.B. this does not implement checking to see if your policy is loaded! -->
 
   <!-- N.B. this does not implement checking to see if your policy is loaded! -->
  
   <install cmd="msiexec /qn /i &quot;%SOFTWARE%\%pkgpath%\EMET Setup.msi&quot;"/>
+
   <install cmd='msiexec /qn /i "%SOFTWARE%\%pkgpath%\EMET 5.1 Setup.msi" '/>
  <install architecture="x64" cmd="%PROGRAMFILES(x86)%\%pkgpath%\EMET_Conf.exe --import &quot;%configpath%&quot;"/>
+
  <install architecture="x86" cmd="%PROGRAMFILES%\%pkgpath%\EMET_Conf.exe --import &quot;%configpath%&quot;"/>
+
  
   <upgrade architecture="x86" cmd="%PROGRAMFILES%\%pkgpath%\EMET_Conf.exe --import &quot;%configpath%&quot;"/>
+
   <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <upgrade architecture="x64" cmd="%PROGRAMFILES(x86)%\%pkgpath%\EMET_Conf.exe --import &quot;%configpath%&quot;"/>
+
   <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
 +
  <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
 +
  <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
  
   <remove cmd="msiexec /qb /x{6A09FEB2-691C-456B-B982-2F6D21B19602}"/>
+
   <upgrade cmd="msiexec /qn /i &quot;%SOFTWARE%\%pkgpath%\EMET %PKG_VERSION% Setup.msi&quot;">
 +
    <check type="logical" condition="not">
 +
      <check type="uninstall" condition="exists" path="%pkgstring%"/>
 +
    </check>
 +
    <exit code="0" />
 +
    <exit code="1638" />
 +
  </upgrade>
  
</package>
+
  <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
 +
  <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
 +
  <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
 +
  <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
  
</packages>
+
  <remove cmd="msiexec /qb /x{72e7ae20-5b12-4f27-af5e-da03e3c09466}"/>
  
 +
</package>
 +
</packages>
 
</source>
 
</source>
  
 
[[category:Silent Installers]]
 
[[category:Silent Installers]]
 
[[category:Microsoft software]]
 
[[category:Microsoft software]]

Latest revision as of 17:52, 12 March 2015

Enhanced Mitigation Experience Toolkit

This is a silent installer to deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET), a toolkit for deploying and configuring security mitigation technologies.

This installer will also load a custom policy as specified in %configpath% and %certconfigpath%. If you don't want to create a custom policy, EMET comes with sample policies in %PROGRAMFILES(x86)%\EMET 5.1\Deployment\Protection Policies.

The EMET GUI is a 32-bit program that will work on 32-bit and 64-bit editions of Windows.

Download EMET and the User's Guide from http://www.microsoft.com/en-us/download/details.aspx?id=41138

WPKG Package

EMET 5.1

<?xml version="1.0" encoding="UTF-8"?>
<packages>

<package id="emet" name="Microsoft EMET %PKG_VERSION%" revision="10" reboot="false" priority="50">

   <variable name="PKG_VERSION" value="5.1" />

   <variable name="pkgstring" value="EMET 5.1"/>

   <variable name="pkgpath" value="EMET 5.1"/>

   <variable name="pfpath" value="EMET 5.1"/>

   <!-- Path to your EMET rules -->
   <variable name="configpath" value="%SOFTWARE%\%pkgpath%\prod-20150224.xml"/>

   <!-- Path to your certificate-pinning rules -->
   <variable name="certconfigpath" value="%SOFTWARE%\%pkgpath%\prod-certtrust-20150122.xml"/>


   <check type="uninstall" condition="exists" path="%pkgstring%"/>
   <!-- N.B. this does not implement checking to see if your policy is loaded! -->

   <install cmd='msiexec /qn /i "%SOFTWARE%\%pkgpath%\EMET 5.1 Setup.msi" '/>

   <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
   <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>

   <upgrade cmd="msiexec /qn /i &quot;%SOFTWARE%\%pkgpath%\EMET %PKG_VERSION% Setup.msi&quot;">
     <check type="logical" condition="not">
       <check type="uninstall" condition="exists" path="%pkgstring%"/>
     </check>
     <exit code="0" />
     <exit code="1638" />
   </upgrade>

   <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
   <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>

   <remove cmd="msiexec /qb /x{72e7ae20-5b12-4f27-af5e-da03e3c09466}"/>

</package>
</packages>
Retrieved from "https://wpkg.org/index.php?title=Microsoft_EMET&oldid=12385"