What Is Data Execution Prevention? How to Enable or Disable DEP? [Updated 2023]

Aaron Paul updated on Dec 08, 2022 to Knowledge Center

A windows operating system requires a variety of services to hold everything together. These services work in coordination with one another so that we can know how to transfer files from PC to PC, or do pretty much everything else we are able to with a computer.

One such service is Data Execution Prevention. It's been around for a few years, but not many people know what it is. So, what exactly is it? And how does it work? On top of that, how do you enable it on your computer? Let's find out.

What is Data Execution Prevention? 

Data Execution Prevention (DEP) is a security feature built into Windows to help prevent code from executing in areas of memory that are not executable. It prevents the execution of code in memory areas marked as non-executable.

This is done by the processor and not by the software running on the system. However, the processor is indeed prompted by the Windows/operating system to do this. Moreover, DEP can be configured to mark some regions as read-only or no-execute, depending on the desired level of protection.

It does this by creating a routine that allows the computer to scan the memory on a schedule. Unless the user has made some exceptions, this scan usually encompasses the entire memory heaps, including stacks.

So, the technology allows the operating system to avoid any code exploits that might originate from the memory. One example of such an exploit is a buffer overflow, which is thoroughly and easily prevented by the use of DEP. 

How Does Data Execution Prevention Work?

There are many sorts of prevention on a computer. One example is a firewall, which detects malicious activities and prevents the program from sourcing or accessing specific areas of a computer—such as memory or network.

On the other hand, DEP's prevention criteria are a bit different. Instead of preventing malware or software from getting installed on your PC, it monitors their activity. This monitoring allows Data Execution Prevention to prevent a program from hogging all the memory or using it unsafely.

So, how does it do that? There are a few key factors, such as:

  • DEP marks various memory locations as non-executable, preventing programs from employing that area.
  • Non-executable memory prevents the code from accessing it.
  • Any sort of malicious code/exploit cannot access this memory section.
  • If the code or exploit tries to access the memory region once more, the user is notified—thus allowing the firewall or anti-virus to take over.

Hence, DEP prevents any sort of memory exploits or malicious software that might try to access your computer. This way, it doesn't let any malware hinder performance or monopolize the memory bandwidth.

Types of Data Execution Prevention

DEP or Data Execution Protocols differ and vary according to computers. DEP is enforced by a blend of software and hardware in most consumer-level devices. However, sometimes they are enforced separately. So, the two types of DEP include:

  • Hardware-Enforced Data Execution Prevention: The computer's processor and BIOS must be DEP compatible.
  • Software-Enforced Data Execution Prevention: This requires the memory protection protocol created by Windows operating system. It's found in all the Windows after Windows XP Service Pack 2.

These two types of DEP are the main way of implementing DEP. On top of that, it also requires a processor from Intel and AMD, which is DEP compatible. So, make sure you check whether DEP is available on your PC or not. But that shouldn't be a problem as they have made DEP-compatible processors for many generations now.

How to Find & Enable Data Execution Prevention In Windows?

Finding and enabling DEP is a very convenient and easy procedure in Windows. In order to Enable Data Execution Prevention in Windows, you will have to go to Windows settings. So, here's how you can do that:

Step 1. Press the Start button and type View advanced system settings, then open it.

View advanced system settings

Step 2. In advanced system settings, head into the Settings tab under the Performance section.

head into the Settings tab

Step 3. Under Performance options, head into the Data Execution Prevention tab.

click Data Execution Prevention

Step 4. In the DEP section, select "Turn on DEP for essential Windows programs and services only."

Turn on DEP

Step 5. Or, select "Turn on DEP for all programs and services except those I select" if you wish to prevent specific programs and services from accessing this feature.

This will enable DEP on your PC. However, in most modern PCs from the last 6-7 years, this will be enabled by default.

Conclusion

These are some of the key essentials and aspects of DEP in today's world. It's important to understand that DEP requires compatible software and hardware. But, as mentioned before, it shouldn't be a for any computer from the past 5-10 years.

Was This Page Helpful?