(I can't post links yet, sorry).
I talked to 3 Microsoft Tech helpers and none could help me, even with remote connections.
I've been re-installing Windows 7 on numerous spare drives and I noticed that I can only enable DEP if I encrypt my drive with BitLocker (because then BitLocker's "protection" will be active and EMET will be able to suspend it).
What I tried so far:
- bcdedit.exe /set {current} nx AlwaysOn
- EMET_Conf.exe --system --force dep=ApplicationOptOut
- I also edited the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\EnableUnsafeSettings registry KEY, with no avail.
Is there a way to trick EMET I have BitLocker running?
EDIT: After rebooting, I could see that the command given to me by the last MS technician was correct, I just needed to reboot.
What solved to me:
- Open CMD as Administrator.
If you want DEP to always on, paste the following command (without quotes): "bcdedit.exe /set {current} nx AlwaysOn"
If you want DEP to Application Opt Out, paste the following command (without quotes): "bcdedit.exe /set {current} nx OptOut"
Then reboot.
If you open EMET now, you'll see that the selected option is correct to what you specified on CMD before rebooting.
If you want to change DEP settings again, do the same thing via CMD, then reboot. Don't try to change it via EMET GUI otherwise you'll still get that error.
Hope this helps :)