Understanding Data Execution Prevention

by Barry Dysert
(last updated January 12, 2019)


Data Execution Prevention (DEP) is a security feature built into the Windows operating system. It is designed to close programs that it detects as viruses or other security threats. Depending upon your CPU, DEP runs in either a hardware-enhanced mode or a software-enhanced mode.

By default, DEP works on certain Windows programs and services. You can, however, customize DEP to have it monitor other programs as well. To do this (if you are using Windows 7), click the Start button, then right-click Computer and select Properties. If you are using Windows 10, navigate to the Control Panel, click System and Security and then click System. This brings up the following screen: (See Figure 1.)

Figure 1. The Computer Properties screen.

Click the Advanced System Settings link at the left of the screen, and Windows displays the Advanced tab of the System Properties dialog box. (See Figure 2.)

Figure 2. The Advanced tab of the System Properties dialog box.

In the Performance group, click Settings. Windows displays the Performance Options dialog box. Make sure the Data Execution Prevention tab is selected. (See Figure 3.)

Figure 3. The Data Execution Prevention tab of the Performance Options dialog box.

Note that this is showing the Data Execution Prevention tab, and as you can see, the default action is already selected. If you want to turn on DEP for all programs and services except those you specify, click the second radio button. This enables the Add button. When you click Add, a file browser opens to allow you to select which programs should not be checked by DEP. (You cannot add an essential Windows program or service to be precluded.) When you're satisfied when your selections, OK your way out.

 This tip (12480) applies to Windows 7 and 10.

Author Bio

Barry Dysert

Barry has been a computer professional for over 35 years, working in different positions such as technical team leader, project manager, and software developer. He is currently a software engineer with an emphasis on developing custom applications under Microsoft Windows. When not working with Windows or writing Tips, Barry is an amateur writer. His first non-fiction book is titled "A Chronological Commentary of Revelation." ...


Changing the Desktop Background

You can change the image that is displayed for your desktop background to a more aesthetically pleasing picture. There ...

Discover More

Removing Locations from the Search Index

You can fine-tune Indexed Searches by removing locations from the search index. This tip tells you how.

Discover More

Changing Control Panel Views

The Control Panel is an important "dashboard" that leads you to various system-related applications. There are a few ways ...

Discover More
More WindowsTips

Limiting the Number of Login Attempts

You probably don't want to allow someone to continually attempt to login to your system until they finally guess your ...

Discover More

Understanding Action Center

Action Center provides you with a quick overview of security and maintenance issues and allows you to drill down to the ...

Discover More

Logging In with Local vs. Microsoft Credentials

In Windows 10, you can choose to login using your local account or by using your Microsoft credentials. How to switch ...

Discover More

FREE SERVICE: Get tips like this every week in WindowsTips, a free productivity newsletter. Enter your address and click "Subscribe."

View most recent newsletter.


If you would like to add an image to your comment (not an avatar, but an image to help in making the point of your comment), include the characters [{fig}] in your comment text. You’ll be prompted to upload your image when you submit the comment. Maximum image size is 6Mpixels. Images larger than 600px wide or 1000px tall will be reduced. Up to three images may be included in a comment. All images are subject to review. Commenting privileges may be curtailed if inappropriate images are posted.

What is 0 + 4?

2016-12-19 07:12:47


what system services involved in Data Execution Prevention?

2015-07-20 10:55:59

Phil Rabichow

It's hard to give examples because, over time, each person's computer becomes very unique. IF DEP shuts down a particular program or service that you have, then you can research it on the web. If you've downloaded something from a reputable company & website, then you might add it as an exception.

For example, I have a hard drive health program that trips DEP (HDDHealthService), & so I added it as an exception.

If you download & run Sysinternals Autoruns, it will list all the processes running on your computer. It is a subsidiary of Microsoft. You can right click on any process & choose "Search online..." to find out it's purpose.

Bill, some sites that will give you information about various programs & services are:

Hope this helps you,

2015-07-20 09:36:41


Thanks for your great tips, Allen.
Similar to alligatorGreen's question. How do I know what programs to include/exclude. I find it difficult to determine the function and interactions of programs based solely on their names.
Perhaps a better question would be: how do I determine what a program does for me and/or my computer?

2015-07-20 06:56:55


If you're developing typical application software, you should leave this setting at its default. However if you're writing software that talks directly to the operating system or peripherals at specific addresses, you may want to turn DEP off for that program. The reason is that computer malware is sometimes written with malicious instructions placed in a program where data is supposed to live, and if this is detected Windows will shut the application down. However, writing system-level software often requires that you perform such unusual feats in your program.

2015-07-20 06:43:21


Good tip, but can we have some examples of programs that shouldn't be monitored by DEP and why they shouldnt? Thank you!

Newest Tips

FREE SERVICE: Get tips like this every week in WindowsTips, a free productivity newsletter. Enter your address and click "Subscribe."

(Your e-mail address is not shared with anyone, ever.)

View the most recent newsletter.