I ran an XSL transform on the ADMX files to convert them to a more readable format and compared v3 vs. v4 using WinDiff - here is my impression:
- There are a few new policy settings (e.g. TrayIconMsg) that add entries to HKLM\Software\Policies\Microsoft\EMET\SysSettings, probably not impacting v3 since they will likely be ignored by v3.
- The "Default Protections for Microsoft Works[...]" policy setting was now displays as "Default Protections for Recommended Software". Same registry location however so probably not impacting v3.
- Note that Java7 and Acrobat/Reader11 are now included in the v4 admx file so you don't have to manually type those application paths in the Application Settings policy setting.
- For some of the "Default Protections" entries (e.g. "Default Protections for Recommended Software")
--the individual software program paths were renamed (e.g. "OFFICE10" and "OFFICE11" changed to "OFFICE1*")
--or had more compatible settings added (e.g. "chrome.exe" changed to "chrome.exe -SEHOP")
--or had more compatible settings removed (e.g. "OFFICE10" no longer uses "-DEP")
--or had a new ROP exclusion (e.g. "itunes.exe" changed to "itunes.exe -Caller")
--or were moved to other policy settings (e.g. Java was moved from "Default Protections for Popular Software" to "Default Protections for Recommended Software")
--or added/removed (e.g. "MOE.exe" and "SykDrive.exe").
So you may have different pieces of software protected after editing group policy using the v4 admx files, primarily if you didn't have all three of the "Default Protection" policy settings enabled before. And there
may or may not be an issue related to the itunes setting.
If the old policy created with v3 admx files enabled all three "Default Protections for Internet Explorer", "Default Protections for Recommended Software", and "Default Protections for Popular Software" settings, and you don't
run Office10, and if EMET v3 is OK with the new iTunes ROP entry (I have not tested), then the new policy created with v4 admx files doesn't appear functionally too different for EMET v3, but appears to be using some better settings.
Overall, it may impact your users, so you might want to keep the existing v3 GPO for EMET v3, and create a new v4 GPO using v4 admx/adml for EMET v4.