Skip to content

Instantly share code, notes, and snippets.

@p0w3rsh3ll
Created April 13, 2015 21:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save p0w3rsh3ll/9a0641b73f34ea4a4b8c to your computer and use it in GitHub Desktop.
Save p0w3rsh3ll/9a0641b73f34ea4a4b8c to your computer and use it in GitHub Desktop.
#Requires -Version 4.0
#Requires -RunAsAdministrator
Configuration DeployEMET52 {
Param
(
[string[]]$NodeName = 'localhost'
)
Node $NodeName
{
# Step1: Download
Script DownloadEMET52 {
GetScript = {
@{
GetScript = $GetScript
SetScript = $SetScript
TestScript = $TestScript
Result = $(Test-Path (Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath 'EMET 5.2 Setup.msi'));
}
}
SetScript = {
try {
$tmpfile = [System.IO.Path]::GetTempFileName()
$null = Invoke-WebRequest -Uri 'http://download.microsoft.com/download/7/0/A/70AF5150-10DD-4838-ACFC-C4390B05620A/EMET%205.2%20Setup.msi' `
-OutFile $tmpfile -ErrorAction Stop
Write-Verbose -Message 'Sucessfully downloaded EMET 5.2 MSI Package'
Unblock-File -Path $tmpfile -ErrorAction Stop
$package = Join-Path -Path (Split-Path -Path $tmpfile -Parent) -ChildPath 'EMET 5.2 Setup.msi' -ErrorAction SilentlyContinue
if (Test-Path $package) {
Remove-Item -Path $package -Force -ErrorAction Stop
}
$tmpfile | Rename-Item -NewName 'EMET 5.2 Setup.msi' -Force -ErrorAction Stop
} catch {
Write-Verbose -Message "Something went wrong $($_.Exception.Message)"
}
}
TestScript = {
$MSI = Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath 'EMET 5.2 Setup.msi' -ErrorAction SilentlyContinue
if (-not(Test-Path -Path $MSI -PathType Leaf)) {
return $false
}
if(
(Get-FileHash -Path $MSI -Algorithm SHA256).Hash -eq '7125CA4ACC33BDDF46657039277D8FDE752618A00B51604D2890E9E429EA4DD3' -and
(Get-AuthenticodeSignature -FilePath $MSI).Status.value__ -eq 0 # Valid
) {
Write-Verbose -Message 'Successfully found a valid signed EMET 5.2 package'
return $true
} else {
Write-Verbose -Message 'A valid signed package of EMET 5.2 was not found'
return $false
}
}
}
# Step2: Install
Package InstallEMET52msi {
Name = 'EMET 5.2';
Path = 'C:\Windows\Temp\EMET 5.2 Setup.msi';
ProductId = '{F4DCB44D-F072-43A1-B4A5-57619C7B22D2}';
Arguments = '/qn /norestart';
Ensure = 'Present';
LogPath = 'C:\windows\temp\EMET 5.2 Setup.log';
DependsOn = "[Script]DownloadEMET52"
}
# Step3: Configure
File EMETconfigXML {
DestinationPath = 'C:\windows\temp\polEMET52.xml'
Ensure = 'Present';
Force = $true
Contents= @'
<EMET Version="5.2.5546.26803">
<Settings>
<ExploitAction Value="StopProgram" />
<AdvancedSettings DeepHooks="True" AntiDetours="True" BannedFunctions="True" />
<Reporting Telemetry="False" TrayIcon="True" EventLog="True" />
<SystemSettings DEP="Application Opt In" SEHOP="Application Opt In" ASLR="Application Opt In" Pinning="Enabled" />
</Settings>
<EMET_Apps>
<AppConfig Path="*\Adobe\Acrobat*\Acrobat" Executable="Acrobat.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="true">
<eaf_modules>AcroRd32.dll;Acrofx32.dll;AcroForm.api</eaf_modules>
</Mitigation>
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\Adobe\Reader*\Reader" Executable="AcroRd32.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="true">
<eaf_modules>AcroRd32.dll;Acrofx32.dll;AcroForm.api</eaf_modules>
</Mitigation>
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="EXCEL.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="true">
<asr_modules>flash*.ocx</asr_modules>
</Mitigation>
</AppConfig>
<AppConfig Path="*\Internet Explorer" Executable="iexplore.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="true">
<eaf_modules>mshtml.dll;flash*.ocx;jscript*.dll;vbscript.dll;vgx.dll</eaf_modules>
</Mitigation>
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="true">
<asr_modules>npjpi*.dll;jp2iexp.dll;vgx.dll;msxml4*.dll;wshom.ocx;scrrun.dll;vbscript.dll</asr_modules>
<asr_zones>1;2</asr_zones>
</Mitigation>
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="INFOPATH.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\Java\jre6\bin" Executable="java.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="false" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\Java\jre7\bin" Executable="java.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="false" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\Java\jre1.8*\bin" Executable="java.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="false" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\Java\jre6\bin" Executable="javaw.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="false" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\Java\jre7\bin" Executable="javaw.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="false" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\Java\jre1.8*\bin" Executable="javaw.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="false" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\Java\jre6\bin" Executable="javaws.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="false" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\Java\jre7\bin" Executable="javaws.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="false" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\Java\jre1.8*\bin" Executable="javaws.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="false" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="LYNC.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="MSACCESS.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="MSPUB.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="OIS.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="OUTLOOK.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="POWERPNT.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="true">
<asr_modules>flash*.ocx</asr_modules>
</Mitigation>
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="PPTVIEW.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="VISIO.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="VPREVIEW.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="WINWORD.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="true">
<asr_modules>flash*.ocx</asr_modules>
</Mitigation>
</AppConfig>
<AppConfig Path="*\Windows NT\Accessories" Executable="wordpad.exe">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="false" />
</AppConfig>
</EMET_Apps>
<Pinning>
<PinRules />
<PinnedSites />
</Pinning>
</EMET>
'@
}
Script ConfigureEMET52 {
GetScript = {
@{
GetScript = $GetScript
SetScript = $SetScript
TestScript = $TestScript
Result = ([xml](Get-Content -Path C:\Windows\temp\polEMETexport.xml)).InnerXML
}
}
SetScript = {
try {
Start-Process -FilePath "C:\Program Files (x86)\EMET 5.2\EMET_Conf.exe" `
-ArgumentList @('--delete_all') -PassThru -NoNewWindow -ErrorAction Stop | Wait-Process
Write-Verbose -Message 'Successfully deleted local EMET config'
Start-Process -FilePath "C:\Program Files (x86)\EMET 5.2\EMET_Conf.exe" `
-ArgumentList @('--import C:\windows\temp\polEMET52.xml') -PassThru -NoNewWindow -ErrorAction Stop| Wait-Process
Write-Verbose -Message 'Successfully imported local EMET config'
} catch {
Write-Verbose -Message "The import of the EMET config went wrong because $($_.Exception.Message)"
}
}
TestScript = {
if (Test-Path "C:\Program Files (x86)\EMET 5.2\EMET_Conf.exe") {
# 1. Export the config
Start-Process -FilePath "C:\Program Files (x86)\EMET 5.2\EMET_Conf.exe" `
-ArgumentList @('--export C:\Windows\temp\polEMETexport.xml') `
-PassThru -NoNewWindow -ErrorAction SilentlyContinue | Wait-Process
if (Test-Path -Path C:\Windows\temp\polEMETexport.xml -PathType Leaf) {
# 2. Compare
if (
Compare-Object -ReferenceObject ([xml](Get-Content -Path C:\Windows\temp\polEMETexport.xml -Encoding Ascii)).InnerXML `
-DifferenceObject ([xml](Get-Content -Path C:\windows\temp\polEMET52.xml -Encoding UTF8 )).InnerXml
) {
Write-Verbose -Message "Current EMET config dump does NOT match"
return $false
} else {
Write-Verbose -Message "Current EMET config dump does match"
return $true
}
} else {
Write-Verbose -Message "The XML dump of the EMET config was not found"
return $false
}
} else {
throw "Someting is wrong with the local EMET installation"
}
}
DependsOn = "[File]EMETconfigXML","[Package]InstallEMET52msi"
}
}
}
if (-not(test-path -Path C:\DSC -PathType Container)){
mkdir C:\DSC
}
# Compile the configuration file to a MOF format
DeployEMET52 -OutputPath C:\DSC
# Run the configuration on localhost
Start-DscConfiguration -Path C:\DSC -ComputerName localhost -Verbose -Force -Wait
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment