Configure or Turn Off DEP (Data Execution Prevention) in Windows

Data Execution Prevention, otherwise known as DEP, is a set of technologies incorporated into Windows XP SP2 and later that prevents code from being run in certain regions of memory that are not authorized.

This helps to prevent all kinds of attacks and exploits, that normally would be able to run freely, from executing. Data Execution Prevention comes in two flavors, hardware-enforced DEP and software-enforced DEP.

Most users will never need to worry about DEP because it works in the background and normally only protects Windows system binaries or programs that “opt-in”. However, if DEP is turned on for all programs, it can cause issues with certain programs.

DEP will sometimes shut down a program or process without any notification if it violates DEP. Normally, these are third-party or older programs not written properly for Windows.

You can turn off Data Execution Prevention for a particular program in Windows by following the steps below. Note that you can turn off DEP globally for the entire system, but it’s not recommended as it makes your computer less secure.

Enable/Disbable DEP

Step 1: Right-click on My Computer and choose Properties. Then click on the Advanced tab and then Settings under Performance.

turn off dep

In Windows 8 or Windows 10, you right-click on This PC, choose Properties and then click on the Advanced system settings link.

advanced system settings

Step 2: Now click on the Data Execution Prevention tab and you’ll see two radio buttons:

disable data execution prevention

Step 3: Here is where it can be a bit tricky. By default, DEP should be set to the first radio button and therefore only protect essential Windows programs and services. If the second radio button is selected, it will turn on DEP for ALL processes, not just Windows processes.

If you’re having issues with a program, go ahead and try to select the first radio button, restart your computer and see if that fixes the issue. If not, you can go ahead and click the Turn on DEP for all programs and services except those I select button and then add the program that is having problems. Make sure to check the box also.

disable DEP

However, DEP is now turned on for every other program in Windows and you might end up having the same problem with other programs. In that case, you have to manually each program to the exception list.

Step 4: Click the Add button and browse to the location of the executable for the program you want to remove from DEP protection.

It’s also worth noting that you might get an error message stating You can not set DEP attributes on 64-bit executables when adding a 64-bit executable to the exception list. This is OK because it means that your computer is 64-bit and that your processor already supports hardware-based DEP.

hardware based dep

This means that all 64-bit processes are always protected. The only way to prevent DEP from protecting a 64-bit application is to turn it off completely. However, in order to turn off DEP completely, you have to use the command line.

Turn DEP Always On/Always Off

In addition to the two settings you see in the Data Execution Prevention tab above, there are two more settings you can configure for DEP.

Always On - DEP will be on for all processes in Window and you cannot exempt any process or program from protection
Always Off - DEP will be completely turned off and no process or program, including Windows processes, will be protected.

To do this, open the command prompt by clicking on Start, typing in CMD, right-clicking on the first item and choosing Run as administrator.

run cmd administrator

Now to turn DEP to always on, copy and paste the following command:

bcdedit.exe /set {current} nx AlwaysOn

To always turn off DEP, type the following command:

bcdedit.exe /set {current} nx AlwaysOff

turn on off dep

Note that you only need to run one of these commands, not both like shown above. You’ll also need to restart your computer after any change you make to DEP.

Once you have made the changes, you’ll notice that the Windows interface for changing DEP settings has been disabled, so only use the command line options if necessary. One option gives you absolutely no protection and one gives you complete protection.

DEP disabled

The default and ideal option is to have the first radio button checked, which will  only protect essential Windows programs and services. If you have any questions, feel free to comment. Enjoy!

Leave a Reply

Your email address will not be published. Required fields are marked *