Professional Documents
Culture Documents
TechNet Home | TechCenters | Downloads | TechNet Program | Subscriptions | Security Bulletins | Archive
Search for
TechNet Home > TechNet Security > Guidance > Windows XP
Go
How to Configure Memory Protection in Windows XP SP2
TechNet Security
Published: December 9, 2004
Security Bulletin Search
Products On This Page
Guidance
Introduction
Tools
Before You Begin
Understanding Security
Enabling DEP for all Programs on Your Computer
Partners
Downloads Enabling the DEP Exception List
Unlike an antivirus program, hardware and software-enforced DEP technologies are not
designed to prevent harmful programs from being installed on your computer. Instead, they
monitor your installed programs to help determine if they are using system memory safely.
To monitor your programs, hardware-enforced DEP tracks memory locations declared as
"non-executable". To help prevent malicious code, when memory is declared
"non-executable" and a program tries to execute code from the memory, Windows will close
that program. This occurs whether the code is malicious or not.
Note: Software-based DEP is part of Windows XP SP2 and is enabled by default, regardless
of the hardware-enforced DEP capabilities of the processor. By default software-enforced
DEP applies to core operating system components and services.
The default configuration of DEP is designed to protect your computer with minimal impact
to application compatibility. However, depending on your DEP configuration, it is possible
that some programs might not run correctly. You can use the tasks described in this
document to configure DEP on your computer:
IMPORTANT: The instructions in this document were developed by using the Start menu
that appears by default when you install your operating system. If you have modified your
Start menu, the steps might differ slightly.
1 of 11 9/6/2007 9:44 PM
How to Configure Memory Protection in Windows XP SP2 http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnf...
• Microsoft Knowledge Base Article 875352 on the Microsoft Help and Support Web site at
http://go.microsoft.com/fwlink/?linkid=35494
Top of page
Top of page
2 of 11 9/6/2007 9:44 PM
How to Configure Memory Protection in Windows XP SP2 http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnf...
3 of 11 9/6/2007 9:44 PM
How to Configure Memory Protection in Windows XP SP2 http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnf...
7. Select Turn on DEP for all programs and services except for those I select .
8. Click Apply, and then click OK. A dialog box appears and informs you that you must
restart your computer for the setting to take effect. Click OK.
6. Verify that Turn on DEP for all programs and services except for those I select
is selected and then click OK to close Performance Settings.
Top of page
4 of 11 9/6/2007 9:44 PM
How to Configure Memory Protection in Windows XP SP2 http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnf...
If DEP causes a problem with your applications, a dialog box appears to let you know.
In cases where DEP causes application failures, Microsoft strongly recommends that you
contact the application vendor to determine if a DEP-compatible update is available.
Installing such an update is the preferred solution for application compatibility issues with
DEP.
If no update is available for your application, follow these steps to access and to configure
the Exception List. The Exception List is the list of applications that are excluded from DEP.
Note: The DEP exception list functionality is only available if the DEP configuration is set to
protect all programs and services. If you configure your computer to protect only essential
Windows components and services, the exception list is unavailable.
5 of 11 9/6/2007 9:44 PM
How to Configure Memory Protection in Windows XP SP2 http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnf...
6 of 11 9/6/2007 9:44 PM
How to Configure Memory Protection in Windows XP SP2 http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnf...
7. Click Add.
8. Locate and select the executable for the application that is failing, and then click
Open.
9. In the warning box, click OK. The selected program now appears in the DEP program
area.
10. Click Apply, and then click OK. A dialog box appears and informs you that you must
restart your computer for the setting to take effect. Click OK.
6. Verify that the exception list contains the desired programs and then click OK to close
PerformanceSettings.
7 of 11 9/6/2007 9:44 PM
How to Configure Memory Protection in Windows XP SP2 http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnf...
Top of page
• /noexecute =Policy_level
IMPORTANT: After making any changes in the boot.ini file, you must restart your
computer.
WARNING: Microsoft recommends that you do NOT disable software-enforced DEP globally.
To do this would make your computer less secure. Hardware-enforced DEP cannot be
manually disabled.
4. Click the Advanced tab, and in the Startup and Recovery area, click Settings.
8 of 11 9/6/2007 9:44 PM
How to Configure Memory Protection in Windows XP SP2 http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnf...
9. Replace the policy_level (for example, "OptOut") with "AlwaysOff” (without the
quotes).
/noexecute=AlwaysOff
9 of 11 9/6/2007 9:44 PM
How to Configure Memory Protection in Windows XP SP2 http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnf...
6. Verify that the DEP settings are unavailable and then click OK to close
PerformanceSettings.
Top of page
Related Information
For more information about Windows XP SP2 memory protection, see the following:
For more information about Windows XP SP2 security, see the following:
• "Windows XP Security Guide v2 updated for Service Pack 2" on the Microsoft Download
Center Web site at http://go.microsoft.com/fwlink/?linkid=35309
Top of page
10 of 11 9/6/2007 9:44 PM
How to Configure Memory Protection in Windows XP SP2 http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnf...
1 2 3 4 5
Poor Outstanding
© 2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
11 of 11 9/6/2007 9:44 PM