Microsoft EMET–Importing Configuration does not alter PINNING settings

Ran into this one today.   Incredibly odd (So I figure chalk this up to a “Bug”)

The normal process to obtain the configuration from the Microsoft Enhanced Mitigation Experience Toolkit is to run this command.

EMET_Conf.exe –export settings.xml

In doing so you will have an XML which contains all of the settings the application needs.  If you were to examine this file you would see the following line which indicates “Pinning is disabled” near the top

image

Then what you need to do on a workstation is to simply run this line to import the settings.

EMET_Conf.exe –import settings.xml

Seems simple right?  It is.  Except that if you were expecting the see the Pinning configuration carry over, well err… no such luck in version 5.1, at least not on a 64 bit version of Windows (I’ll test this on a 32bit version later)

If this is where you are in a pickle just add in this line after you update the settings to force the Pinning feature as off

EMET_Conf.exe –system Pinning=Disabled

Likewise if you were trying to force them to Enabled you can run this line for the opposite desired effect.

EMET_Conf.exe –system Pinning=Enabled

Now the other piece I have noticed is you might need to restart the service for some settings to take effect.   To make this all happen nicely you can use this little script to do the dirty work

EMET_Conf.exe –import settings.xml

EMET_Conf.exe –system Pinning=Disabled

NET STOP Emet_Service

NET START Emet_Service

In Windows PowerShell it would look like this

& ‘EMET_Conf.exe’ –import settings.xml

& ‘EMET_Conf.exe’ –system pinning=enabled

Restart-Service EMET_Service

 

Cheers !
Sean
The Energized Tech

Leave a Reply