Configure or disable the Data Execution Prevention (DEP)

December 2016




Since Windows XP SP2 (Vista included), a new memory management (mode No eXecute) was added, it allows AMD Athlon 64 processors to protect the system against attacks by buffer overflow. But applications may be incompatible with the data execution prevention (DEP) and do not function properly. However, you can define exceptions and off for specific applications.

So if you have any safety messages with Windows XP, as here:



It is recommended that you set the DEP as follows:
  • Under Windows XP:
    • Go to the Start menu.
    • Make a right-click My Computer and click Properties.
    • In the Performance tab, click on Settings.
  • Vista:
    • Go to the Start menu.
    • Make a right-click on Computer and click Properties.
    • In the left pane of the window that pops up, click Advanced system settings.
    • In the Performance section, click Settings.
  • Go to the tab Execution Prevention data.
  • Then select the option "Enable Data Execution Prevention for all programs and services except those I select."

Then click the Add button and browse your hard drive and search for the executable of the program incompatible with Data Execution Prevention. Then click the Open button.
Click on the OK button and restart your computer to apply the change.
  • Or completely disable the boot.ini as follows (this is valid only for Windows XP):
  • Right Click on My Computer and choose Properties.
  • Then open the Advanced tab and click the Settings button under Startup and Recovery.
  • In the Startup and Recovery window, click the Edit button in the Startup area of the system.
  • In Notepad, open the Edit menu, then click Search.

Type /noexecute, and then click Next. Then click Cancel.
  • Then replace the policy level, xxxx,of /noexecute=xxxx by Always off . Your switch should now be as follow:
    • /noexecute=AlwaysOff.
  • Close Notepad saving the boot.ini file and then click OK twice to close the open windows.
  • Finally, restart your computer.




However if you ever want to reactivate it, just start over and replace /noexecute=AlwaysOff by /noexecute=Optin.


Related :

This document entitled « Configure or disable the Data Execution Prevention (DEP) » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.