Understanding Data Execution Prevention

by Barry Dysert
(last updated July 20, 2015)


Data Execution Prevention (DEP) is a security feature built into the Windows operating system. It is designed to close programs that it detects as viruses or other security threats. Depending upon your CPU, DEP runs in either a hardware-enhanced mode or a software-enhanced mode.

By default, DEP works on certain Windows programs and services. You can, however, customize DEP to have it monitor other programs as well. To do this, click the Start button, then right-click Computer and select Properties. This brings up the following screen. (See Figure 1.)

Figure 1. The Computer Properties screen.

Click the Advanced System Settings link at the left of the screen, and Windows displays the Advanced tab of the System Properties dialog box. (See Figure 2.)

Figure 2. The Advanced tab of the System Properties dialog box.

In the Performance group, click Settings. Windows displays the Performance Options dialog box. Make sure the Data Execution Prevention tab is selected. (See Figure 3.)

Figure 3. The Data Execution Prevention tab of the Performance Options dialog box.

Note that this is showing the Data Execution Prevention tab, and as you can see, the default action is already selected. If you want to turn on DEP for all programs and services except those you specify, click the second radio button. This enables the Add button. When you click Add, a file browser opens to allow you to select which programs should not be checked by DEP. (You cannot add an essential Windows program or service to be precluded.) When you're satisfied when your selections, OK your way out.

 This tip (12480) applies to Windows 7.

Author Bio

Barry Dysert

Barry has been a computer professional for over 35 years, working in different positions such as technical team leader, project manager, and software developer. He is currently a software engineer with an emphasis on developing custom applications under Microsoft Windows. When not working with Windows or writing Tips, Barry is an amateur writer. His first non-fiction book is titled "A Chronological Commentary of Revelation." ...


Changing the Default Program for a File

Files are opened by programs depending upon the file's type. If you want to change this association so that a different ...

Discover More

M8 Free Clipboard

If you've ever found it tedious to do copy/paste with one piece of information at a time, you'll really like M8 Free ...

Discover More

Using the FOR Statement

In another tip we were introduced to the various FOR loops that exist in Windows. The actual use of these loops was left ...

Discover More
More WindowsTips

Changing User Permissions for an Entire Drive

All objects on your computer (e.g., disk drives) have permissions that allow or deny various types of access. This tip ...

Discover More

Limiting the Number of Login Attempts

You probably don't want to allow someone to continually attempt to login to your system until they finally guess your ...

Discover More

Easily Running a Program as the Administrator

In order to run some programs properly in the Windows environment, you'll need to do so using administrator privileges. ...

Discover More

FREE SERVICE: Get tips like this every week in WindowsTips, a free productivity newsletter. Enter your address and click "Subscribe."

View most recent newsletter.


If you would like to add an image to your comment (not an avatar, but an image to help in making the point of your comment), include the characters [{fig}] in your comment text. You’ll be prompted to upload your image when you submit the comment. Maximum image size is 6Mpixels. Images larger than 600px wide or 1000px tall will be reduced. Up to three images may be included in a comment. All images are subject to review. Commenting privileges may be curtailed if inappropriate images are posted.

What is 9 - 6?

2016-12-19 07:12:47


what system services involved in Data Execution Prevention?

2015-07-20 10:55:59

Phil Rabichow

It's hard to give examples because, over time, each person's computer becomes very unique. IF DEP shuts down a particular program or service that you have, then you can research it on the web. If you've downloaded something from a reputable company & website, then you might add it as an exception.

For example, I have a hard drive health program that trips DEP (HDDHealthService), & so I added it as an exception.

If you download & run Sysinternals Autoruns, it will list all the processes running on your computer. It is a subsidiary of Microsoft. You can right click on any process & choose "Search online..." to find out it's purpose.

Bill, some sites that will give you information about various programs & services are:

Hope this helps you,

2015-07-20 09:36:41


Thanks for your great tips, Allen.
Similar to alligatorGreen's question. How do I know what programs to include/exclude. I find it difficult to determine the function and interactions of programs based solely on their names.
Perhaps a better question would be: how do I determine what a program does for me and/or my computer?

2015-07-20 06:56:55


If you're developing typical application software, you should leave this setting at its default. However if you're writing software that talks directly to the operating system or peripherals at specific addresses, you may want to turn DEP off for that program. The reason is that computer malware is sometimes written with malicious instructions placed in a program where data is supposed to live, and if this is detected Windows will shut the application down. However, writing system-level software often requires that you perform such unusual feats in your program.

2015-07-20 06:43:21


Good tip, but can we have some examples of programs that shouldn't be monitored by DEP and why they shouldnt? Thank you!

Newest Tips

FREE SERVICE: Get tips like this every week in WindowsTips, a free productivity newsletter. Enter your address and click "Subscribe."

(Your e-mail address is not shared with anyone, ever.)

View the most recent newsletter.