|libove||EMET and Sun/Oracle Java installer|
|17th Jun, 2011 09:36|
User Since: 12th Feb, 2008
System Score: N/A
This is just an FYI for anyone who has trouble installing or updating Sun/Oracle Java (whether manually or via PSI or other automated tools).
Some Java Runtime installers (for example, JRE 6u26 32-bit, but not JRE 6u26 64-bit) crash on systems with Microsoft's Enhanced Mitigation Experience Toolkit (EMET) with very little indication of why, and nothing logged to show you that EMET was involved. I've not debugged it all the way down to a specific EMET setting, but I think that the JRE installer trips on systemwide enforced DEP protection.
So, if you can't get Java to install/update, and your experience is that the Java installer simply stops (and then, maybe, you get a "This app might not have installed correctly" popup), check whether you have EMET installed on your system with mandatory enforcement of the various protections.
I'm conservative from a security point of view - meaning that I tend to prefer a little more security even in the face of some usability challenges (*some* challenges, not an unlimited quantity!). So I run EMET and I set it to be as locked down as it can be. This means that, irregularly but definitely on several Java versions/updates, I've hit this problem.
I hope that this entry helps someone who runs in to the Java installer EMET wall, and saves them some of the time that I've wasted more than once until I remembered the situation :-)
Jay Libove, CISSP, CIPP, CIPP/IT, CISM
|Anthony Wells||RE: EMET and Sun/Oracle Java installer|
|17th Jun, 2011 14:59|
User Since: 19th Dec 2007
System Score: N/A
Hello Jay ,
I was making sure that there were no problems using the PSI's prompted auto-update of JRE update 26 32 bit on my XP SP3 and the system "looped?!" out at "waiting to complete" ; so after some 24 hours and fiddling now and then I ran the manual update from the Java website successfully , but had to reset the PSI which had display problems , as per my first post here :-
I do not use EMET (atm) but I have DEP set to "all programmes and services" (my translation from French) . I don't know if that helps you with your research .
Thanks for the input , much appreciated in that even I could understand it :))
It always seems impossible until its done.
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.