Help‎ > ‎Windows‎ > ‎

DEP

About DEP

Although DEP can occasionally can cause problems with some normal software packages.  DEP is actually designed to protect your computer from malicious data.  This specially designed data exploits your computer via a common problem known as a "buffer overflow" and attempts to run malicious code on your computer.  When this happens DEP is designed to block the attempt and contain it.  For this reason is it important to leave DEP enabled.  Obviously it would be best to leave DEP at its default settings, but when you can not do this for one reason or another this document will explain how to set DEP to only protect essential operating system files or exempt a specific process from DEP protection.


Disclaimer

All rights reserved. No part of this work may be reproduced or transmitted, including copying, or other 
methods of transmission without the prior written permission of the author.

THIS DOCUMENT IS THE PERSONAL VIEWPOINT OF THE AUTHOR AND IS GIVEN AS SUCH.  THERE 
IS NO WARRANTY FOR THE INFORMATION CONTAINED IN THIS MANUAL TO THE EXTENT 
PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE 
COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THIS INFORMATION “AS IS” WITHOUT 
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE 
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE 
ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE INFORMATION IS WITH YOU. 
SHOULD THIS INFORMATION PROVE INCORRECT OR BAD PRACTICE, YOU ASSUME THE COST OF 
DAMAGES AND ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY 
COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THIS 
INFORMATION AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR 
INABILITY TO USE THIS INFORMATION (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA 
BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE 
OF THE PROCESS DESCRIBED TO FUNCTION WITH ANY OTHER PROGRAMS), EVEN IF SUCH 
HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

More Info on DEP

I highly recommend reading the following documents before making ANY change to DEP.  It is vitally important that you understand the ramifications of changing the settings of this process.
http://support.microsoft.com/kb/875352
http://en.wikipedia.org/wiki/Data_Execution_Prevention



Changing DEP in the GUI
(to protect only essential operating system files)



Screenshot 1
Log in to your server



Screenshot 2
Click on the "Start" Menu, Right Click on "My Computer", Select "Properties"


Screenshot 3
Click on the "Advanced" Tab


Screenshot 4
Under "Performance", Click "Settings"


Screenshot 5
Click on the "Data Execution Prevention"


Screenshot 6
From this screen you can ether select the programs that need to be exempted from DEP or set DEP to only protect essential Windows Programs.
It is always better to allow DEP to protect as many processes as possible.  So the fewer processes you can exempt, the better. 

In other words, it would be better to specify the programs that need exemptions rather than selecting the "Turn on DEP for essential Windows programs and services only".
Just as it is better not to completely disable the service.

Remember, any program you exempt from DEP protection could cause significant problems with your computer if it ever was exploited.  Your machine could become infected with Viruses, Spyware, and other Malware because DEP was disabled for a specific process.

More information about changing DEP settings, including how to change the settings in the BOOT.INI file are provided by Microsoft at: http://support.microsoft.com/kb/875352

Comments