Header Ads

Disable and Turn Off (or Enable or Turn On) Data Execution Prevention (DEP) in Windows


Data Execution Prevention (DEP) is security feature that first introduced in Windows XP Service Pack 2 (SP2) and is included in Windows XP Tablet PC Edition 2005, Windows Server 2003 Service Pack 1 (SP1) and Windows Vista, plus future operating system such as Windows 7, Windows 8, Windows 8.1 and Windows 10. DEP is intended to prevent an application or service from executing code from a non-executable memory region. DEP is enforced by hardware technology that detects code that is running from the default heap and the stack and raises an exception to terminate the process when execution occurs, and software-enforcer that prevent malicious code from taking advantage of exception-handling mechanisms in Windows. In short, DEP perform additional checks on memory to prevent malicious code or exploits from running on the system by shut down the process once detected.
However, Data Execution Prevention may accidentally shut down legitimate process from valid applications or services, particularly third-party installers used by software developers that release their products for download through the Web, or software programs that are less commonly used. To make thing worse, DEP normally does not or fails to display or show any warning or information or acknowledgment message prompt that can let you know that DEP has shut down a process, thus causing you unaware of the reason why your setup file cannot run, or why your computer cannot start a service and etc.

Good news is that you can disable or turn off Data Execution Prevention (DEP) globally in Windows operating system. To stop the DEP protection, launch an elevated command prompt shell with administrative privileges and credentials (log on to Windows with a user account with administrator rights, and then right click on Command Prompt (cmd) icon and select Run as Administrator, or turn off UAC), or through WinX Power Users menu for Windows 8 or later OS. Then execute the following command:


bcdedit.exe /set {current} nx AlwaysOff
 
If you regret your decision and now wants to enable or turn back on the DEP protection for your Windows, simply use the following command instead:


bcdedit.exe /set {current} nx OptIn 

Or (above is the default setting on Windows, and below command will apply DEP to all processes):

bcdedit.exe /set {current} nx AlwaysOn

How to Verify the Status of DEP
Run the Command Prompt as Administrator, the run the following command:
wmic OS Get DataExecutionPrevention_SupportPolicy A status code will be returned. The status of the DEP is corresponding with the code listed in table below:

Code NumberFlagStatus
0AlwaysOffDEP is disabled for all processes.
1AlwaysOnDEP is enabled for all processes.
2OptInDEP is enabled for essentials Windows programs and services only. Default setting.
3OptOutDEP is enabled for all processes except for excluded programs and services.
 

No comments