APP: Data Execution Prevention (DEP)


DATA EXECUTION PREVENTION: DEP



Description: Data Execution Prevention, commonly known as DEP, is Microsoft’s software implementation that takes advantage of hardware NX or XD support. This functionality marks physical memory locations as being used for executable or non-executable code. If a piece of code is attempted to execute from a memory location that is marked as No-Execute, DEP will step in and prevent this by crashing the application. By default, Windows operates under the following settings:
















Type of OS Boot.ini Setting Meaning
Server Optout All applications and services are monitored
Client Optin Only Microsoft applications and services are monitored


 


Scoping the Issue:  When an application crashes due to DEP, you will see a dialog box titled Data Execution Prevention that says Windows has closed the program to protect your computer. If the application is one that you trust, you can add it to the DEP exclusion list under system Performance Options. Limited DEP options are also available for configuration within the registry or from the Application Compatibility Toolkit.


 


Data Gathering:  In all instances, collecting either MPS Reports with the General, Internet and Networking, Business Networks and Server Components diagnostics, or a Performance-oriented MSDT manifest must be done.  In addition, back up and export the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\AppCompatFlags\Layers and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\AppCompatFlags\Layers


 


Troubleshooting / Resolution:  If a third-party application is triggering a DEP fault, the vendor of the application should be contacted to debug the application failure. If you are the vendor of a faulting application, it is best to open a case with our Developer Support Group for the product with which the application was written. If a Microsoft process triggers DEP (this should be very rare), then of course we (or the team that owns the faulting component) can investigate as needed.


 


Additional Resources: