Audit Square Advisory

Table of contents:

How to setup DEP configuration?

Permanent link:

https://auditsquare.com/advisory/windows/how-to-setup-dep

What is “DEP”?

DEP is an acronym for Data Execution Prevention and it is a security feature in Microsoft Windows operating system which prevents code execution from data pages i.e. default heap pages, stack pages and memory pool pages. It helps prevent damage to your computer from viruses and other security threats.

Why is it a security issue?

Default setting in Windows enables DEP only for operating system components, including the Windows kernel and drivers (OptIn attitude). We recommend being stricter and enabling DEP for the operating system and all processes, including the Windows kernel and drivers. However, administrators can disable DEP on selected executable files (Optout attitude).

How to fix it?

Using GUI (Windows XP)

  • Log in as administrator
  • Click Start menu, right-click on My Computer and Choose Properties from the context menu
  • On the System Properties window, click the Advanced tab
  • Click Settings button under Performance
  • Click the Data Execution Prevention tab

Disable DEP Windows XP

  • Choose Turn on DEP for all programs and services except those I select
  • Click Add to add the programs that you do not want to use the DEP feature (if you have some problem with any application)
  • Click OK twice and restart the computer for the changes to take effect

Using GUI (Windows 7 or Windows Vista)

  • Log in as administrator
  • Click Start menu, right-click on Computer
  • Choose Properties from the context menu
  • Choose Advanced system settings from under Tasks in the left pane
  • Approve the User Account Control query (you need administrator privileges for this action)
  • Click the button Settings in the Performance section.
  • Click the tab Data Execution Prevention

Disable DEP Windows XP

  • Choose Turn on DEP for all programs and services except those I select
  • Add to add the programs that you do not want to use the DEP feature (if you some problem with any application)
  • Click OK twice and restart the computer for the changes to take effect

NOTE: 64-bit versions of Windows automatically enforce DEP for all programs

Using BCDEdit command

  • Start command prompt (as administrator)
  • From command prompt windowm run: BCDEdit /set nx Optout
  • Restart the computer for the changes to take effect

WARNING: You will be asked for BitLocker password after restart, if you are using it for hard drive encryption. Make sure that you know the BitLocker Password before reboot.