Understanding Data Execution Prevention

Data Execution Prevention (DEP) is a security feature built into the Windows operating system. It is designed to close programs that it detects as viruses or other security threats. Depending upon your CPU, DEP runs in either a hardware-enhanced mode or a software-enhanced mode.

By default, DEP works on certain Windows programs and services. You can, however, customize DEP to have it monitor other programs as well. To do this, click the Start button, then right-click Computer and select Properties. This brings up the following screen. (See Figure 1.)

Figure 1. The Computer Properties screen.

Click the Advanced System Settings link at the left of the screen, and Windows displays the Advanced tab of the System Properties dialog box. (See Figure 2.)

Figure 2. The Advanced tab of the System Properties dialog box.

In the Performance group, click Settings. Windows displays the Performance Options dialog box. Make sure the Data Execution Prevention tab is selected. (See Figure 3.)

Figure 3. The Data Execution Prevention tab of the Performance Options dialog box.

Note that this is showing the Data Execution Prevention tab, and as you can see, the default action is already selected. If you want to turn on DEP for all programs and services except those you specify, click the second radio button. This enables the Add button. When you click Add, a file browser opens to allow you to select which programs should not be checked by DEP. (You cannot add an essential Windows program or service to be precluded.) When you're satisfied when your selections, OK your way out.

Like us on Facebook