I am controlling EMET settings with GPO. I used the EMET GPO templates from the Deployment folder and am using GPO to create a task which runs emet_config.exe --refresh. This all seems to run great but I have a few questions.
I have Popular and Recommended Software Protection profiles Enabled. Consider a situation where I want to omit certain mitigations from being enabled for Microsoft Access.
I go to the Application configuration option to append the exceptions. So question 1, does this menu just want the name of the executable or the path too? So which one of these is the correct format?
1. MSACCESS.exe -Caller -LoadLib
2. *\OFFICE1*\MSACCESS.EXE -Caller -LoadLib
Next, since MSAccess is already defined under the Recommended Software profile, will my custom entry override that? After I run emet_config --refresh then emet_config --list, I see BOTH the entry from the Recommended Software Profile and the one from my custom entry.