Understanding Data Execution Prevention
Data Execution Prevention (DEP) helps prevent damage from viruses and other
security threats that attack by running (executing) malicious code from memory
locations that only Windows and other programs should use. This
type of threat causes damage by taking over one or more memory locations in use
by a program. Then it spreads and harms other programs, files, and even your
Unlike a firewall or antivirus program, DEP does not help prevent harmful
programs from being installed on your computer. Instead, it monitors your
programs to determine if they use system memory safely. To do this, DEP software
works alone or with compatible microprocessors to mark some memory locations as
"non-executable". If a program tries to run codeómalicious or notófrom a
protected location, DEP closes the program and notifies you.
DEP can take advantage of software and hardware support. To use DEP, your
computer must be running XOX
or later, or Windows Server 2003 Service Pack 1 or later. DEP software
alone helps protect against certain types of malicious code attacks but to take
full advantage of the protection that DEP can offer, your processor must support
"execution protection". This is a hardware-based technology designed to mark
memory locations as non-executable. If your processor does not support
hardware-based DEP, it's a good idea to upgrade to a processor that offers
execution protection features.
Is it safe to run
a program again if DEP has closed it?
Yes, but only if you leave DEP turned on for that program.
Windows can continue to detect attempts to execute code from
protected memory locations and help prevent attacks. In cases where a program
does not run correctly with DEP turned on, you can reduce security risks by
getting a DEP-compatible version of the program from the software publisher. For
more information about what to do after DEP closes a program, click Related
How can I tell if
DEP is available on my computer?
- Click the Advanced tab and, under Performance, click
- Click the Data Execution Prevention tab.
- By default, DEP is only turned on for essential Windows
operating system programs and services. To help protect more programs with
DEP, select Turn on DEP for all programs and services except those I