EMET konfiguration

Velkommen til Emet..... Gui'en

Emet

Default System Konfiguration

system

Fra Gui man man også konfigure alle de apps, som EMET skal overvåge....

Apps

Dog kan gui'en kun tilføje 1 program af gange, derfor har jeg lavet nedenstående bat file, som gøre akurat det samme.....

REM Adobe Apps..
"%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Adobe\Reader 9.0\Reader\AcroRd32.exe"
"%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Google\Chrome\Application\chrome.exe"
"%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Internet Explorer\iexplore.exe"
"%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Java\jre6\bin\java.exe"

REM Office 2007 Suite.
if exist "%programfiles%\Microsoft Office\Office12" Call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office\Office12\OUTLOOK.EXE"
if exist "%programfiles%\Microsoft Office\Office12" Call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office\Office12\WINWORD.EXE"
if exist "%programfiles%\Microsoft Office\Office12" Call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office\Office12\EXCEL.EXE"
if exist "%programfiles%\Microsoft Office\Office12" Call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office\Office12\POWERPNT.EXE"
if exist "%programfiles%\Microsoft Office\Office12" Call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office\Office12\ONENOTE.EXE"

REM Office 2010 Suite.
if exist "%programfiles%\Microsoft Office\Office14" Call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office\Office14\OUTLOOK.EXE"
if exist "%programfiles%\Microsoft Office\Office14" Call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office\Office14\WINWORD.EXE"
if exist "%programfiles%\Microsoft Office\Office14" Call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office\Office14\EXCEL.EXE"
if exist "%programfiles%\Microsoft Office\Office14" Call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office\Office14\POWERPNT.EXE"
if exist "%programfiles%\Microsoft Office\Office14" Call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office\Office14\ONENOTE.EXE"

REM LiveMeeting + MOCC.
if exist "%programfiles%\Microsoft Office\Office14\PWConsole.exe" call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office\Office14\PWConsole.exe"
if exist "%programfiles%\Microsoft Office\Office12\PWConsole.exe" call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office\Office12\PWConsole.exe"
if exist "%programfiles%\Microsoft Office Communicator\communicator.exe" call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft Office Communicator\communicator.exe"

if exist ""%programfiles%\Windows Live\Messenger\msnmsgr.exe" call "%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Windows Live\Messenger\msnmsgr.exe"

REM RemoteManagement Apps.
"%programfiles%\EMET\EMET_Conf.exe" --add "%programfiles%\Microsoft SharedView\SharedView.exe"

Efter en boot vil man begynde at se apps, som er beskyttet af EMET.

Emet running

13.04.2013

Siden emet 3.0 har man kunne køre denne kommando, som importere fra en predifineret file lavet af microsoft.

"C:\Program Files (x86)\EMET>EMET_Conf.exe" --import ".\Deployment\Protection Profiles\All.xml"

30.11.2013

Emet er nu nået til version 4.1

EMET konfiguration

Main Menu