Dave-H Posted January 16, 2016 Author Share Posted January 16, 2016 I tried this "Easy Fix" before and I could not get it to work, even with EMET installed in its default location.I just get a message saying "The easy fix does not apply to your operating system or application version." Link to comment Share on other sites More sharing options...
heinoganda Posted January 16, 2016 Share Posted January 16, 2016 (edited) @Dave-H Hello, you make two files in the same Directory: First new Text file insert following code, save and rename to "Import.cmd" Spoiler @echo off SET EMETIMPORT=NA (FOR /F "tokens=2* delims= " %%a IN ('REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5AB8B1F5D7EB7D93AEC1A38D1FF813" /v "2BEF90A6C196B6549B28F2D6121B6920"') DO SET EMETIMPORT=%%b) >NUL 2>&1 IF "%EMETIMPORT%" == "NA" GOTO ERROR1 IF NOT EXIST "CertTrustUpd.xml" GOTO ERROR2 ECHO. "%EMETIMPORT%" --import "CertTrustUpd.xml" ECHO. PAUSE GOTO END :ERROR1 ECHO. ECHO EMET 4.1 not aviable! ECHO. PAUSE GOTO END :ERROR2 ECHO. ECHO CertTrustUpd.xml not found! ECHO. PAUSE :END next new Text file insert following code, save and rename to "CertTrustUpd.xml" Spoiler <?xml version="1.0"?> <!-- EMET default config of Certificate Trust Pinning for MS and 3rd party online services --> <EMET_Standard_Rules> <Pinning> <PinRules> <PinRule> <ID>{c899effc-4ea9-42ff-b930-163ab302d564}</ID> <Name>YahooCA</Name> <ReferencedCertificates> <UniqueCertificateIdentifier> <Issuer>CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US</Issuer> <SerialNumber>01A5</SerialNumber> <PublicKeyHash>A60C1D9F61FF0717B5BF3846DB4330D58EB05206</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US</Issuer> <SerialNumber>02AC5C266A0B409B8F0B79F2AE462577</SerialNumber> <PublicKeyHash>B13EC36903F8BF4701D498261A0802EF63642BC3</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Global CA, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>023456</SerialNumber> <PublicKeyHash>00F92AC34191B6C9C2B83E55F2C0971113A00720</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Global CA 2, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>01</SerialNumber> <PublicKeyHash>82F2E585DDEC84A454C24347F3D943043B1535F8</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>18ACB56AFD69B6153A636CAFDAFAC4A1</SerialNumber> <PublicKeyHash>2CD5504197158BF08F36615B4AFB6BD999C93392</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>15AC6E9419B2794B41F627A9C3180F1F</SerialNumber> <PublicKeyHash>C479CA8EA14E031D1CDC6BDB315B943E3F307F2D</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>01</SerialNumber> <PublicKeyHash>DABB2EAAB00CB8882651745C6D03D3C0D88F7AD6</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>00CDBA7F56F0DFE4BC54FE22ACB372AA55</SerialNumber> <PublicKeyHash>F3A27298EEB81B82801C4DB69A3027990A2F72E2</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>008B5B75568454850B00CFAF3848CEB1A4</SerialNumber> <PublicKeyHash>4304207D4CBD136E9B3647790080C6781109F541</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>00B92F60CC889FA17A4609B85B706C8AAF</SerialNumber> <PublicKeyHash>C0F1ED54ACF177E4F54F68AA5C798F470B4F0144</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>3C9131CB1FF6D01B0E9AB8D044BF12BE</SerialNumber> <PublicKeyHash>00D85A4C25C122E58B31EF6DBAF3CC5F29F10D61</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>6170CB498C5F984529E7B0A6D9505B7A</SerialNumber> <PublicKeyHash>FBA33B6EC137E95605DA491620A39E0AA16287C7</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>7DD9FE07CFA81EB7107967FBA78934C6</SerialNumber> <PublicKeyHash>4C5FA7361705E286612249398CB9A8E34AE0381A</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>009B7E0649A33E62B9D5EE90487129EF57</SerialNumber> <PublicKeyHash>F0115C20ABF0D0FE3D0842EF9571E372C11C1256</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>18DAD19E267DE8BB4A2158CDCC6B3B4A</SerialNumber> <PublicKeyHash>7FD365A7C2DDECBBF03009F34339FA02AF333133</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 4 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>00ECA0A78B6E756A01CFC47CCC2F945ED7</SerialNumber> <PublicKeyHash>9D22D24BEF1576731E271C3404DA87A3C4E96570</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>401AC46421B31321030EBBE4121AC51D</SerialNumber> <PublicKeyHash>B677FA6948479F5312D5C2EA07327607D1970719</PublicKeyHash> </UniqueCertificateIdentifier> </ReferencedCertificates> <Expiration>09/01/2017 12:00:00</Expiration> <PublicKeyMatch>True</PublicKeyMatch> </PinRule> <PinRule> <ID>{732d40e4-6459-4b98-94b7-75ac426fa8b7}</ID> <Name>FacebookCA</Name> <ReferencedCertificates> <UniqueCertificateIdentifier> <Issuer>CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US</Issuer> <SerialNumber>02AC5C266A0B409B8F0B79F2AE462577</SerialNumber> <PublicKeyHash>B13EC36903F8BF4701D498261A0802EF63642BC3</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>OU=Equifax Secure Certificate Authority, O=Equifax, C=US</Issuer> <SerialNumber>35DEF4CF</SerialNumber> <PublicKeyHash>0F348320A1DA3FD1CB84DC48CBA4D5E19E66841E</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US</Issuer> <SerialNumber>01</SerialNumber> <PublicKeyHash>5D84A6BD204071ABC92A7CC57C8ED4A8938BFADF</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Global CA, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>023456</SerialNumber> <PublicKeyHash>00F92AC34191B6C9C2B83E55F2C0971113A00720</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Global CA 2, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>01</SerialNumber> <PublicKeyHash>82F2E585DDEC84A454C24347F3D943043B1535F8</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>18ACB56AFD69B6153A636CAFDAFAC4A1</SerialNumber> <PublicKeyHash>2CD5504197158BF08F36615B4AFB6BD999C93392</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>15AC6E9419B2794B41F627A9C3180F1F</SerialNumber> <PublicKeyHash>C479CA8EA14E031D1CDC6BDB315B943E3F307F2D</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>01</SerialNumber> <PublicKeyHash>DABB2EAAB00CB8882651745C6D03D3C0D88F7AD6</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>E=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, S=Western Cape, C=ZA</Issuer> <SerialNumber>36122296C5E338A520A1D25F4CD70954</SerialNumber> <PublicKeyHash>2063A03873C99EA466DD4176520131AF26C71402</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US</Issuer> <SerialNumber>344ED55720D5EDEC49F42FCE37DB2B6D</SerialNumber> <PublicKeyHash>7B5B45CFAFCECB7AFD31921A6AB6F346EB574850</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US</Issuer> <SerialNumber>600197B746A7EAB4B49AD64B2FF790FB</SerialNumber> <PublicKeyHash>AD6CAA94609CEDE4FFFA3E0A742B6303F7B659BF</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>E=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, S=Western Cape, C=ZA</Issuer> <SerialNumber>34A4FFF630AF4CA53C331742A1946675</SerialNumber> <PublicKeyHash>F18AB43C6A02BFD8228C7965CF88F4ABBC180AA6</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>3C9131CB1FF6D01B0E9AB8D044BF12BE</SerialNumber> <PublicKeyHash>00D85A4C25C122E58B31EF6DBAF3CC5F29F10D61</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>7DD9FE07CFA81EB7107967FBA78934C6</SerialNumber> <PublicKeyHash>4C5FA7361705E286612249398CB9A8E34AE0381A</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>009B7E0649A33E62B9D5EE90487129EF57</SerialNumber> <PublicKeyHash>F0115C20ABF0D0FE3D0842EF9571E372C11C1256</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>18DAD19E267DE8BB4A2158CDCC6B3B4A</SerialNumber> <PublicKeyHash>7FD365A7C2DDECBBF03009F34339FA02AF333133</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>401AC46421B31321030EBBE4121AC51D</SerialNumber> <PublicKeyHash>B677FA6948479F5312D5C2EA07327607D1970719</PublicKeyHash> </UniqueCertificateIdentifier> </ReferencedCertificates> <Expiration>09/01/2017 12:00:00</Expiration> <PublicKeyMatch>True</PublicKeyMatch> </PinRule> <PinRule> <ID>{359c0bcd-0481-4235-ae8a-78ad027dcb57}</ID> <Name>MicrosoftAccoutCA</Name> <ReferencedCertificates> <UniqueCertificateIdentifier> <Issuer>CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE</Issuer> <SerialNumber>020000B9</SerialNumber> <PublicKeyHash>E59D5930824758CCACFA085436867B3AB5044DF0</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>18DAD19E267DE8BB4A2158CDCC6B3B4A</SerialNumber> <PublicKeyHash>7FD365A7C2DDECBBF03009F34339FA02AF333133</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE</Issuer> <SerialNumber>040000000001154B5AC394</SerialNumber> <PublicKeyHash>607B661A450D97CA89502F7D04CD34A8FFFCFD4B</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US</Issuer> <SerialNumber>01A5</SerialNumber> <PublicKeyHash>A60C1D9F61FF0717B5BF3846DB4330D58EB05206</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=Verizon Global Root CA, OU=OmniRoot, O=Verizon Business, C=US</Issuer> <SerialNumber>01</SerialNumber> <PublicKeyHash>4C3811B898005B5A2B703EAA78E4D5676767A77E</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=Cybertrust Global Root, O="Cybertrust, Inc"</Issuer> <SerialNumber>0400000000010F85AA2D48</SerialNumber> <PublicKeyHash>B6087B0D7ACCAC204C8656325ECFAB6E852D7057</PublicKeyHash> </UniqueCertificateIdentifier> </ReferencedCertificates> <Expiration>09/01/2017 12:00:00</Expiration> </PinRule> <PinRule> <ID>{4a5c0a79-ac90-456b-a357-67f8174c549c}</ID> <Name>TwitterCA</Name> <ReferencedCertificates> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Global CA, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>023456</SerialNumber> <PublicKeyHash>00F92AC34191B6C9C2B83E55F2C0971113A00720</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Global CA 2, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>01</SerialNumber> <PublicKeyHash>82F2E585DDEC84A454C24347F3D943043B1535F8</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>18ACB56AFD69B6153A636CAFDAFAC4A1</SerialNumber> <PublicKeyHash>2CD5504197158BF08F36615B4AFB6BD999C93392</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>15AC6E9419B2794B41F627A9C3180F1F</SerialNumber> <PublicKeyHash>C479CA8EA14E031D1CDC6BDB315B943E3F307F2D</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>01</SerialNumber> <PublicKeyHash>DABB2EAAB00CB8882651745C6D03D3C0D88F7AD6</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=GeoTrust Universal CA 2, O=GeoTrust Inc., C=US</Issuer> <SerialNumber>01</SerialNumber> <PublicKeyHash>76F355E1FAA436FBF09F5C6271ED3CF44738102B</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>00CDBA7F56F0DFE4BC54FE22ACB372AA55</SerialNumber> <PublicKeyHash>F3A27298EEB81B82801C4DB69A3027990A2F72E2</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>008B5B75568454850B00CFAF3848CEB1A4</SerialNumber> <PublicKeyHash>4304207D4CBD136E9B3647790080C6781109F541</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>00B92F60CC889FA17A4609B85B706C8AAF</SerialNumber> <PublicKeyHash>C0F1ED54ACF177E4F54F68AA5C798F470B4F0144</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>3C9131CB1FF6D01B0E9AB8D044BF12BE</SerialNumber> <PublicKeyHash>00D85A4C25C122E58B31EF6DBAF3CC5F29F10D61</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>6170CB498C5F984529E7B0A6D9505B7A</SerialNumber> <PublicKeyHash>FBA33B6EC137E95605DA491620A39E0AA16287C7</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>7DD9FE07CFA81EB7107967FBA78934C6</SerialNumber> <PublicKeyHash>4C5FA7361705E286612249398CB9A8E34AE0381A</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>009B7E0649A33E62B9D5EE90487129EF57</SerialNumber> <PublicKeyHash>F0115C20ABF0D0FE3D0842EF9571E372C11C1256</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>18DAD19E267DE8BB4A2158CDCC6B3B4A</SerialNumber> <PublicKeyHash>7FD365A7C2DDECBBF03009F34339FA02AF333133</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Class 4 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>00ECA0A78B6E756A01CFC47CCC2F945ED7</SerialNumber> <PublicKeyHash>9D22D24BEF1576731E271C3404DA87A3C4E96570</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Issuer> <SerialNumber>401AC46421B31321030EBBE4121AC51D</SerialNumber> <PublicKeyHash>B677FA6948479F5312D5C2EA07327607D1970719</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US</Issuer> <SerialNumber>083BE056904246B1A1756AC95991C74A</SerialNumber> <PublicKeyHash>03DE503556D14CBB66F0A3E21B1BC397B23DD155</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US</Issuer> <SerialNumber>02AC5C266A0B409B8F0B79F2AE462577</SerialNumber> <PublicKeyHash>B13EC36903F8BF4701D498261A0802EF63642BC3</PublicKeyHash> </UniqueCertificateIdentifier> <UniqueCertificateIdentifier> <Issuer>CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US</Issuer> <SerialNumber>0CE7E0E517D846FE8FE560FC1BF03039</SerialNumber> <PublicKeyHash>45EBA2AFF492CB82312D518BA7A7219DF36DC80F</PublicKeyHash> </UniqueCertificateIdentifier> </ReferencedCertificates> <Expiration>09/01/2017 12:00:00</Expiration> <PublicKeyMatch>True</PublicKeyMatch> </PinRule> </PinRules> <PinnedSites> <PinnedSite> <Domain>login.microsoftonline.com</Domain> <PinRuleMember>{359c0bcd-0481-4235-ae8a-78ad027dcb57}</PinRuleMember> <Active>True</Active> </PinnedSite> <PinnedSite> <Domain>secure.skype.com</Domain> <PinRuleMember>{359c0bcd-0481-4235-ae8a-78ad027dcb57}</PinRuleMember> <Active>True</Active> </PinnedSite> <PinnedSite> <Domain>www.facebook.com</Domain> <PinRuleMember>{732d40e4-6459-4b98-94b7-75ac426fa8b7}</PinRuleMember> <Active>True</Active> </PinnedSite> <PinnedSite> <Domain>login.yahoo.com</Domain> <PinRuleMember>{c899effc-4ea9-42ff-b930-163ab302d564}</PinRuleMember> <Active>True</Active> </PinnedSite> <PinnedSite> <Domain>login.live.com</Domain> <PinRuleMember>{359c0bcd-0481-4235-ae8a-78ad027dcb57}</PinRuleMember> <Active>True</Active> </PinnedSite> <PinnedSite> <Domain>login.skype.com</Domain> <PinRuleMember>{359c0bcd-0481-4235-ae8a-78ad027dcb57}</PinRuleMember> <Active>True</Active> </PinnedSite> <PinnedSite> <Domain>twitter.com</Domain> <PinRuleMember>{4a5c0a79-ac90-456b-a357-67f8174c549c}</PinRuleMember> <Active>True</Active> </PinnedSite> </PinnedSites> </Pinning> </EMET_Standard_Rules> then run the "Import.cmd". Code for "CertTrustUpd.xml" updated / Expires 09/01/2017 Edited March 14, 2016 by heinoganda Link to comment Share on other sites More sharing options...
Dave-H Posted January 16, 2016 Author Share Posted January 16, 2016 Thanks so much heinoganda! In fact I've now found that I can extract those files from the Easy Fix package using Universal Extractor.Still strange that the package won't work as it stands, but I guess it's only intended for EMET 5 and later. BTW, did you see that I resolved the Trust button crash problem? Link to comment Share on other sites More sharing options...
jaclaz Posted January 16, 2016 Share Posted January 16, 2016 Only to make things easier.Get the MicrosoftEasyFix51012.msi.Use UNiextract on it, selecting to expand the archive in a subfolder, either "MSIx" or "LessMSI" or "MSI TC Packer extraction" will do to get the original import.cmd and the CertTrustUpd.xml.If you use the MSIx the files are inside the "Cabfile" (which you can open with 7zip) The batch file is ridiculous , just like making people download 1.2 Mb to get 30 kb of data (that can easily be compressed to 4 Kb) but you know, this is Microsoft. jaclaz Link to comment Share on other sites More sharing options...
heinoganda Posted January 16, 2016 Share Posted January 16, 2016 (edited) @Dave-H The Fixit package is definitely for Emet Version 4 and 4.1. The problem with the Trusted Button crash I can not tell me that think because the Fixit package also has no effect. The Import.cmd I have so modified that here a corresponding registry key that is entered by Emet setup where the Emet tool "EMET_Conf.exe" is read with path. Original Code from "Import.cmd" file: Spoiler if exist "%ProgramFiles(x86)%\EMET 4.0\EMET_Conf.exe" ("%ProgramFiles(x86)%\EMET 4.0\EMET_Conf.exe" --import "%TEMP%\Fixit_51012\CertTrustUpd.xml"exit) if exist "%ProgramFiles(x86)%\EMET 4.1\EMET_Conf.exe" ("%ProgramFiles(x86)%\EMET 4.1\EMET_Conf.exe" --import "%TEMP%\Fixit_51012\CertTrustUpd.xml"exit) if exist "%ProgramFiles%\EMET 4.0\EMET_Conf.exe" ("%ProgramFiles%\EMET 4.0\EMET_Conf.exe" --import "%TEMP%\Fixit_51012\CertTrustUpd.xml"exit) if exist "%ProgramFiles%\EMET 4.1\EMET_Conf.exe" ("%ProgramFiles%\EMET 4.1\EMET_Conf.exe" --import "%TEMP%\Fixit_51012\CertTrustUpd.xml"exit) @jaclaz Moreover you have to really laugh, then not even a simple query where correct EMET is installed. Edited March 14, 2016 by heinoganda Link to comment Share on other sites More sharing options...
Dave-H Posted January 16, 2016 Author Share Posted January 16, 2016 (edited) Thanks guys!I could see too why the Import.cmd file included with the patch won't work unless EMET is installed in its default location, as it contains absolute paths ("%ProgramFiles(x86)%\EMET 4.1\EMET_Conf.exe"). Rather stupid when the EMET installer actually does allow you to install it wherever you like! %ProgramFiles(x86)% doesn't exist in Windows XP either as far as I'm aware, unless you have the x64 version presumably!That probably explains why the patch wouldn't work for me even when EMET was in its default location! Unfortunately, heinoganda's version of import.cmd doesn't work for me either, although the registry entry quoted in it is present and correct.I just get "EMET 4.1 not aviable!" (sic) It does look as if the easiest way of doing it is to extract the CertTrustUpd.xml file from the patch, and just run<path>\EMET_Conf.exe --import <path>\CertTrustUpd.xml. It does look as if I was up to date anyway! Edited January 16, 2016 by Dave-H Link to comment Share on other sites More sharing options...
heinoganda Posted January 16, 2016 Share Posted January 16, 2016 (edited) @Dave-H Have you copy and paste? Behind the delims= is a tab! Download: Trusted expired! Have it tested on different drives and directories. Edited January 31, 2016 by heinoganda Link to comment Share on other sites More sharing options...
jaclaz Posted January 16, 2016 Share Posted January 16, 2016 Well, the idea about making something simple is that it should be actually simple. What is needed is to run:EMET_Conf.exe --import <somepath>CertTrustUpd.xml It's really not rocket science (nor brain surgery) to find the EMET_conf.exe on your system and run the above. jaclaz Link to comment Share on other sites More sharing options...
Dave-H Posted January 16, 2016 Author Share Posted January 16, 2016 (edited) @heinogandaThat archive won't extract for me. WinRAR is reporting - ! C:\Temp Folder\Trusted.7z: Unknown method in Import.cmd! C:\Temp Folder\Trusted.7z: Unknown method in CertTrustUpd.xml! C:\Temp Folder\Trusted.7z: Error - operation failed Edited January 16, 2016 by Dave-H Link to comment Share on other sites More sharing options...
Dave-H Posted January 16, 2016 Author Share Posted January 16, 2016 Well, the idea about making something simple is that it should be actually simple. What is needed is to run:EMET_Conf.exe --import <somepath>CertTrustUpd.xml It's really not rocket science (nor brain surgery) to find the EMET_conf.exe on your system and run the above. jaclazAs I said, I'm glad you agree.It really is that simple! Link to comment Share on other sites More sharing options...
heinoganda Posted January 16, 2016 Share Posted January 16, 2016 @Dave-H Sorry, what's going on with you because for a film that is defenitiv not normal. Have downloaded "Trusted.7z" unpacked with WinRAR (v4.20) and could easily do the "Import.cmd". Link to comment Share on other sites More sharing options...
Dave-H Posted January 16, 2016 Author Share Posted January 16, 2016 (edited) I just downloaded it again as I thought that maybe the download was corrupted.Same result. My version of WinRAR is old (3.60) but usually works OK.I've also tried with Universal Extractor to extract the files, and that fails as well, with a similar error report - 7-Zip 4.57 Copyright © 1999-2007 Igor Pavlov 2007-12-06Processing archive: C:\Temp Folder\Trusted.7zSkipping Import.cmd Unsupported MethodSkipping CertTrustUpd.xml Unsupported MethodSub items Errors: 2 The downloaded Trusted.7z file is 2.97 KB, does that sound right? Edited January 16, 2016 by Dave-H Link to comment Share on other sites More sharing options...
Acheron Posted January 16, 2016 Share Posted January 16, 2016 Just for reference I am running EMET 5.0 without any issues on my system. Why don't you upgrade to this version instead of using old EMET 4.1? Link to comment Share on other sites More sharing options...
heinoganda Posted January 16, 2016 Share Posted January 16, 2016 @Dave-H Since we have the problem, far too old Packer not knowing the a recent 7zip pack method (LZMA2)! I work here with 7z version 9.20.You need a newer Version of WinRAR or 7Zip. Link to comment Share on other sites More sharing options...
Dave-H Posted January 16, 2016 Author Share Posted January 16, 2016 Just for reference I am running EMET 5.0 without any issues on my system. Why don't you upgrade to this version instead of using old EMET 4.1? I did have some problems with versions later than 4.1, and the departed hmuellers did warn that versions later than 4.1 might have problems under XP.The main issues were the Trust button not working, which I've since fixed, and the tray icon not working, which is important as it provides error popups if the program detects a problem.Now I've fixed the former problem I might try version 5.0 again (later versions had other issues). @Dave-H Since we have the problem, far too old Packer not knowing the a recent 7zip pack method (LZMA2)! I work here with 7z version 9.20.You need a newer Version of WinRAR or 7Zip. Thanks, that probably explains it!I have an up-to-date version of 7-ZIP installed on Windows 8.1, so I'll try extracting the files with that, which I'm sure will work. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now