Difference between revisions of "Microsoft EMET"

From WPKG | Open Source Software Deployment and Distribution
Jump to: navigation, search
(fixed upgrade process and path weirdness)
(Updated to EMET 5.1 with improved upgrade that allows for deploying new configuration without reinstalling the MSI)
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
== Enhanced Mitigation Experience Toolkit 4.1 Update 1 ==
+
== Enhanced Mitigation Experience Toolkit ==
  
This is a silent installer to deploy EMET 4.1 Update 1 and load a custom policy as specified in %configpath%. If you don't want to create a custom policy, EMET comes with sample policies in %PROGRAMFILES(x86)%\EMET 4.1 Update 1\Deployment\Protection Policies.
+
This is a silent installer to deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET), a toolkit for deploying and configuring security mitigation technologies.
  
The EMET GUI is a 32-bit program, but EMET itself works on 32- and 64-bit machines.
+
This installer will also load a custom policy as specified in <code>%configpath%</code> and <code>%certconfigpath%</code>. If you don't want to create a custom policy, EMET comes with sample policies in <code>%PROGRAMFILES(x86)%\EMET 5.1\Deployment\Protection Policies</code>.
  
Download EMET and its user's guide at http://www.microsoft.com/en-us/download/details.aspx?id=41138
+
The EMET GUI is a 32-bit program that will work on 32-bit and 64-bit editions of Windows.
 +
 
 +
Download EMET and the User's Guide from http://www.microsoft.com/en-us/download/details.aspx?id=41138
 +
 
 +
==WPKG Package==
 +
 
 +
===EMET 5.1===
  
 
<source lang="xml">
 
<source lang="xml">
Line 11: Line 17:
 
<packages>
 
<packages>
  
<package id="emet" name="Microsoft EMET 4.1 Update 1" revision="7" reboot="false" priority="50">
+
<package id="emet" name="Microsoft EMET %PKG_VERSION%" revision="10" reboot="false" priority="50">
 +
 
 +
  <variable name="PKG_VERSION" value="5.1" />
 +
 
 +
  <variable name="pkgstring" value="EMET 5.1"/>
 +
 
 +
  <variable name="pkgpath" value="EMET 5.1"/>
 +
 
 +
  <variable name="pfpath" value="EMET 5.1"/>
 +
 
 +
  <!-- Path to your EMET rules -->
 +
  <variable name="configpath" value="%SOFTWARE%\%pkgpath%\prod-20150224.xml"/>
 +
 
 +
  <!-- Path to your certificate-pinning rules -->
 +
  <variable name="certconfigpath" value="%SOFTWARE%\%pkgpath%\prod-certtrust-20150122.xml"/>
  
  <variable name="pkgstring" value="EMET 4.1 Update 1"/>
 
  <variable name="pkgpath" value="EMET 4.1U1"/>
 
  <variable name="pfpath" value="EMET 4.1"/>
 
  <variable name="configpath" value="%SOFTWARE%\%pkgpath%\prod-20140521.xml"/>
 
  
 
   <check type="uninstall" condition="exists" path="%pkgstring%"/>
 
   <check type="uninstall" condition="exists" path="%pkgstring%"/>
 
   <!-- N.B. this does not implement checking to see if your policy is loaded! -->
 
   <!-- N.B. this does not implement checking to see if your policy is loaded! -->
  
   <install cmd="msiexec /qn /i &quot;%SOFTWARE%\%pkgpath%\EMET Setup.msi&quot;"/>
+
   <install cmd='msiexec /qn /i "%SOFTWARE%\%pkgpath%\EMET 5.1 Setup.msi" '/>
  <install architecture="x64" cmd="%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe --import &quot;%configpath%&quot;"/>
+
  <install architecture="x86" cmd="%PROGRAMFILES%\%pfpath%\EMET_Conf.exe --import &quot;%configpath%&quot;"/>
+
  
   <upgrade cmd="msiexec /qn /i &quot;%SOFTWARE%\%pkgpath%\EMET Setup.msi&quot;">
+
  <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
 +
  <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
 +
  <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
 +
  <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
 +
 
 +
   <upgrade cmd="msiexec /qn /i &quot;%SOFTWARE%\%pkgpath%\EMET %PKG_VERSION% Setup.msi&quot;">
 +
    <check type="logical" condition="not">
 +
      <check type="uninstall" condition="exists" path="%pkgstring%"/>
 +
    </check>
 
     <exit code="0" />
 
     <exit code="0" />
 
     <exit code="1638" />
 
     <exit code="1638" />
 
   </upgrade>
 
   </upgrade>
  <upgrade architecture="x86" cmd="%PROGRAMFILES%\%pfpath%\EMET_Conf.exe --import &quot;%configpath%&quot;"/>
 
  <upgrade architecture="x64" cmd="%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe --import &quot;%configpath%&quot;"/>
 
  
 +
  <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
 +
  <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
 +
  <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
 +
  <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
  
   <remove cmd="msiexec /qb /x{6A09FEB2-691C-456B-B982-2F6D21B19602}"/>
+
   <remove cmd="msiexec /qb /x{72e7ae20-5b12-4f27-af5e-da03e3c09466}"/>
  
 
</package>
 
</package>
 
 
</packages>
 
</packages>
 
 
</source>
 
</source>
  
 
[[category:Silent Installers]]
 
[[category:Silent Installers]]
 
[[category:Microsoft software]]
 
[[category:Microsoft software]]

Latest revision as of 17:52, 12 March 2015

Enhanced Mitigation Experience Toolkit

This is a silent installer to deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET), a toolkit for deploying and configuring security mitigation technologies.

This installer will also load a custom policy as specified in %configpath% and %certconfigpath%. If you don't want to create a custom policy, EMET comes with sample policies in %PROGRAMFILES(x86)%\EMET 5.1\Deployment\Protection Policies.

The EMET GUI is a 32-bit program that will work on 32-bit and 64-bit editions of Windows.

Download EMET and the User's Guide from http://www.microsoft.com/en-us/download/details.aspx?id=41138

WPKG Package

EMET 5.1

<?xml version="1.0" encoding="UTF-8"?>
<packages>

<package id="emet" name="Microsoft EMET %PKG_VERSION%" revision="10" reboot="false" priority="50">

   <variable name="PKG_VERSION" value="5.1" />

   <variable name="pkgstring" value="EMET 5.1"/>

   <variable name="pkgpath" value="EMET 5.1"/>

   <variable name="pfpath" value="EMET 5.1"/>

   <!-- Path to your EMET rules -->
   <variable name="configpath" value="%SOFTWARE%\%pkgpath%\prod-20150224.xml"/>

   <!-- Path to your certificate-pinning rules -->
   <variable name="certconfigpath" value="%SOFTWARE%\%pkgpath%\prod-certtrust-20150122.xml"/>


   <check type="uninstall" condition="exists" path="%pkgstring%"/>
   <!-- N.B. this does not implement checking to see if your policy is loaded! -->

   <install cmd='msiexec /qn /i "%SOFTWARE%\%pkgpath%\EMET 5.1 Setup.msi" '/>

   <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <install architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
   <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <install architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>

   <upgrade cmd="msiexec /qn /i &quot;%SOFTWARE%\%pkgpath%\EMET %PKG_VERSION% Setup.msi&quot;">
     <check type="logical" condition="not">
       <check type="uninstall" condition="exists" path="%pkgstring%"/>
     </check>
     <exit code="0" />
     <exit code="1638" />
   </upgrade>

   <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <upgrade architecture="x86" cmd='"%PROGRAMFILES%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>
   <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%configpath%"'/>
   <upgrade architecture="x64" cmd='"%PROGRAMFILES(x86)%\%pfpath%\EMET_Conf.exe" --import "%certconfigpath%"'/>

   <remove cmd="msiexec /qb /x{72e7ae20-5b12-4f27-af5e-da03e3c09466}"/>

</package>
</packages>
Retrieved from "https://wpkg.org/index.php?title=Microsoft_EMET&oldid=12385"