CYBER SECURITY ENTHUSIAST

This post is also available in: Danish

Data Execution Prevention (DEP) is a Microsoft security technology (for Windows operating systems) that prevents malicious code from being executed from system memory locations. By using a set of hardware and software technologies DEP is performing additional checks in memory to help protect against exploits.

Malware may be executing malicious code from memory locations that ought to only be utilized by Windows or other accepted programs. If DEP detects an application on your computer that is improperly utilizing memory, it will terminate the program and notify you.

How Data Execution Prevention Works

DEP isn’t like a firewall or antivirus program and therefore doesn’t help prevent harmful programs from being installed on your computer. What Data Execution Prevention does is to carefully monitor your programs to see if they’re using the system memory safely, by marking specific memory locations as “non-executable”, and monitoring programs that are attempting to run malicious code from a protected location.

Let’s say that an application attempts to run malicious code from a protected page. in this case, the application will receive an exception having the status code STATUS_ACCESS_VIOLATION, this can be happening because your DEP application is configured to start at the system boot in line with the no-execute page protection policy setting within the boot configuration data and counting on the policy setting, a particular application can change the DEP setting for this process.

DEP is enforced by hardware and by software:

Hardware-enforced DEP

Marks all memory locations during a process as non-executable unless the placement explicitly contains executable code, therefore helping prevent specific attacks by intercepting them and raising an exception.

Relying on processor hardware to mark memory with an attribute indicating that code shouldn’t be executed from that memory, it functions by changing a bit within the page table entry to create a mark on the particular memory page.

The actual hardware implementation of Data Execution Prevention and marking of the virtual memory page varies by processor architecture, but processors that support hardware-enforced DEP are capable of raising an exception when code is executed from a page marked with the suitable attribute set.

Software-enforced DEP

Windows has added an extra set of data execution prevention security checks, also called software-enforced DEP, designed to mitigate exploits of exception handling mechanisms in Windows. Software-enforced DEP can run on any processor capable of running Windows XP SP2 and above.

Should You Disable Data Execution Prevention?

It isn’t recommended to have DEP turned off, as this automatically monitors essential Windows programs and services.

You can increase your protection by having DEP monitor all programs, therefore you ought to keep in mind that disabling Data Execution Prevention or adding exclusions may allow malicious scripts to execute and cause severe damage to Windows which can leave your PC permanently unstable and/or unusable state.

If you switch off Data Execution Prevention for a particular program, it would become prone to attack. A successful attack could then spread to other programs on your computer, to your contacts, and will damage your files. If you believe that a program doesn’t run correctly when DEP is turned on, check for a DEP-compatible version or update from the software publisher before you modify any Data Execution Prevention settings.

How To Configure Data Execution Prevention

DEP is enabled by default for essential Windows operating system programs and services.

You must be logged on as an administrator or a member of the Administrators group to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure.

1. Open the Control Panel.

Enable DEP step 1

2. Click System and Security > System > Advanced System Settings.

Enable DEP step 1

Enable DEP step 2

 

Enable DEP step 2

3. Once you are on the Advanced tab click Settings.

Enable DEP step 3

4. Click the tab called Data Execution Prevention.

Enable DEP step 4

5. Select Turn on DEP for essential Windows programs and services only.

Enable DEP step 5

6. Click OK. Make sure to restart your system in order to enable the change.

Enable DEP step 6.

How to check from CMD if DEP is enabled

1. Open CMD ().

How to check from CMD if DEP is enabled 1

2. Type the following command, then press ENTER:

wmic OS Get DataExecutionPrevention_Available

 

If the output is “TRUE,” hardware-enforced DEP is available.

How to check from CMD if DEP is enabled 2

Heimdal Official Logo
Simple standalone security solutions are no longer enough.

HEIMDAL™ ENDPOINT PREVENTION - DETECTION AND CONTROL

Is an innovative multi-layered security approach to organizational defense.
  • Next-gen Antivirus & Firewall which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Privileged Access Management and Application Control, all in one unified dashboard
Try it for FREE today Offer valid only for companies.

Wrapping Up

Data execution prevention is one of the foremost basic protections a Windows-based system can have, and unless necessary, it must always remain active. If you’re using programs that are developed to be used on a 64-bit OS, most are created with DEP in mind and will be fine. However, if you’re required to use legacy code, you’ll need to create an exception for that specific program.

In any case, Data Execution Prevention should be treated with caution — keeping it as default unless there’s a valid reason to alter it. While DEP is vital, it’s just one aspect of infosec when discussing about Windows 10.

How to Remove Malware from Your PC [Guide 2021]

Roadmapping Privilege Escalation in Windows Systems

Windows 7 End of Support: What Does It Mean for Your Organization?

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP