How To 

How to Manage DEP In Windows 10


Enabled by default, Data Execution Prevention (DEP) is a Windows’ built-in security tool that adds an extra layer of security to your PC by preventing any unrecognized scripts from loading into the reserved areas of memory.

By default DEP is enabled globally, i.e. for all Windows’ services and programs. However, if you want, you can disable DEP – which is never suggested nor is it encouraged, or you can exclude some programs from being scanned by DEP during their execution.

Programs that you may want to exclude from DEP scanning list can also be some device drivers that Windows may consider malicious due to their digital signature status, but are safe to run on your PC.

Here’s how you can disable DEP and add programs to its exclusion list:

WARNING: Disabling DEP or adding exclusions may allow malicious scripts to execute and cause severe damage to Windows which may leave your PC in permanently unstable and/or unusable state. If you’re unsure or don’t have enough experience in handling viruses or suspicious scripts, you are strongly suggested NOT to disable DEP or add any exclusions to it.
DISCLAIMER: Neither Tom’s Hardware, nor any of its direct or indirect associates, author of this tutorial, or any other direct or indirect personnel associated, or by any means related to this tutorial or forum should be held responsible for any damage caused to your computer due to disabling DEP or adding exclusions to it. If you wish to follow the procedure given in this tutorial, do so at your own risk.
Disable DEP
    Launch elevated command window
    Type CMD in the Cortana search box, right-click Command Prompt from the Best match list, click Run as administrator, and click Yes in the User Account Control confirmation box. This launches the elevated Command Prompt window. Since this window gives you unrestricted access to your PC, you can execute the commands to make major changes to system settings.
    FvOkE5n.png

    4r710zq.png

    Disable DEP
    Type BCDEDIT /SET {CURRENT} NX ALWAYSOFF in the elevated Command Prompt window, and press Enter. This executes the command on your PC. Upon successful execution, the command window displays a confirmation message.
    xkRtWuX.jpg

    Restart the PC

Click Start, click the Power icon, and click Restart. This restarts your computer. Upon restart, DEP in your Windows gets disabled.
Note: DEP won’t get disabled until you restart your computer.
5QyHp76.png

Check DEP State
    Get to the System Properties box
    Type VIEW ADVANCED SYSTEM SETTINGS in the Cortana search box, and click View advanced system settings from the Best match list. This opens the System Properties box with the Advanced tab selected.
    XKzHqnn.png

    Confirm DEP state

Click Settings from the Performance section, and click Data Execution Prevention tab from the Performance Options box. This takes you to the DEP interface. Here you can notice that all the options present in the interface are grayed out, and you cannot make any changes to the DEP settings.
C9UkcUW.jpg

vElunZX.jpg

OukapwP.jpg

Enable DEP
    Launch elevated command window
    Follow the procedure in the first point of the Disable DEP section. This again opens the elevated Command Prompt window.
    Enable DEP
    Type BCDEDIT /SET {CURRENT} NX ALWAYSOFF in the elevated Command Prompt window, and press Enter. This executes the command on your PC. Upon successful execution, the command window displays a confirmation message.
    M2ZvIwV.jpg

    ■Restart your PC to allow DEP to again start preventing any malicious scripts from executing and loading files into the reserved areas of the memory.

Add Exclusions to DEP
    Get to the DEP interface
    Follow the procedure given in the Confirm DEP State section. This takes you to the Data Execution Prevention tab. Here you can notice that the DEP options are no longer grayed out, and the settings can be configured now. Also notice that by default DEP is enabled for all Windows services and programs.
    EIMbcQq.jpg

    Add DEP exclusions
    Click to select the Turn on DEP for all programs and services except those I select radio button, click Add from the bottom, add a program you don’t want DEP to scan upon its execution, and click OK. This adds the program to the DEP exclusion list, and even if it contains malicious script, DEP would allow it to execute flawlessly.
    vylyW2z.jpg

    ucFCioJ.jpg

    3JCy0kN.jpg

    FkHaNjK.jpg

    ■Restart Windows to make the changes effective.

 
Status
Not open for further replies.
Status
Not open for further replies.