Hey I've obviously come very late to the party, but I had a similar problem but was able to fix it.
My system was a hardened Server 2012, which pushed out EMET policy via Group Policy. My settings were:
- Default Action and Mitigation Settings: Enabled
- Deep Hooks: Enabled
- Anti Detours: Enabled
- Banned Functions: Enabled
- Exploit Action: Stop Program
- Default Protections for Internet Explorer: Enabled
- Default Protections for Popular Software: Enabled
- Default Protections for Recommended Software: Enabled
- EMET Agent Visibility: Enabled
- Start Agent Hidden: Disabled
- Reporting: Enabled
- Event Log: Enabled
- Tray Icon: Enabled
- Early Warning: Disabled
- System ASLR: Enabled
- ASLR Setting: Application Opt-In
- System DEP: Enabled
- DEP Setting: Always On
- System SEHOP: Enabled
- SEHOP Setting: Application Opt-Out
My symptoms were that when installing Kiwi Syslog as an Application, the program would crash on start, giving me two mysterious errors in the Application Event Log "Event 1000, Application Error". When installed as a service, the service would not start on completion of installation and attempts to manually install it would fail, "Error 1067: The process terminated unexpectedly."
The error was in the System DEP mitigation. I added, under the Application Configuration object, a rule that would remove DEP from syslogd_service.exe. Quite an easy step, but things that I found out on the way:
- If System DEP is already configured, simply removing it from the GPO will not necessarily remove it from your system.
- You must first run gpupdate /force on your server, and then, from a command line within the EMET installation folder, run the command emet_conf -refresh in order to update EMET itself.
For non-GPO implementation, you can do all this via the EMET GUI of course. You'll probably need to add the service manually, as it wont let it run in the first place and appear in the list of running processes. Then it should be pretty straight forward to manually disable DEP for syslogd_service.exe.
I hope this helps someone out and saves them all the time I've spent on this.