DEP, or Data Execution Prevention in Spanish, is a system that takes advantage of software and hardware functionalities to provide the computer with an additional security layer so that no process or program can load malicious code into memory. This system is also in charge of controlling everything that is executed in the most sensitive areas of the memory so that, if there is some unrecognized code running in these parts, what it does is block it directly and show us a security warning so that we can take measures.
This security feature comes enabled by default and it has been present in the Microsoft operating system since Windows XP. And it still is in the latest Windows 11. Usually, when there used to be problems, it was in the past, but nowadays certain problems can also appear if, for example, we try to run very old programs that do not work correctly in the latest versions of Windows. It is also very common with bad 32-bit games, and even with old drivers for outdated hardware.
Therefore, if we have a problem with a program, then we will explain how we can deactivate this security measure.
Disable DEP
Being a security measure, Windows does not allow us to deactivate it. At least easily. For this, it is necessary to have administrator permissions in the system. We open a CMD window, with administrator permissions, and we will have to execute the following command to deactivate this function:
BCDEDIT /SET {CURRENT} NX ALWAYSOFF
After running the command, DEP will be completely disabled from Windows. We will simply have to restart the computer so that, when it starts up, this function is no longer activated on the PC. From this moment on, the data execution prevention system will no longer be monitoring our PC, so we may be exposed to possible computer attacks. For this reason, it is advisable to exercise extreme precautions, not to execute anything of which we are not 100% sure, and, in addition, to have a good security suite that allows us to monitor the presence of malicious software on the PC.
enable DEP
If for some reason we have deactivated it manually, or this security measure was not working correctly on the PC, we can activate it manually just as we have deactivated it before. To do this, what we have to do is open a CMD window, with administrator permissions, and execute the following command:
BCDEDIT /SET {CURRENT} NX ALWAYSON
Likewise, we will have to restart the computer to be able to apply the changes and, when Windows starts up again, DEP will be protecting our system. Of course, by default, it will only protect the system kernel and essential programs. If we want greater protection, it is necessary to carry out one more step.
Activate full protection
In Windows 11, DEP does not control everything that we run on the computer, so this can pose a security problem, since it allows malicious programs (exploits) to take advantage of flaws to inject code into memory without DEP being able to. realize it. By default, this security measure will only be triggered in the event that the attack is carried out against the Windows Kernel and basic and essential programs and services on the PC.
To activate DEP protection for all system programs and processes, what we must do is enter the advanced system settings. For this, the best way is open the Settings panel Windows, and go to the System> Information section, and there we will find an access to the Advanced system settings.
In Windows 10 we can also find this access in Settings> System> About, in the links that appear at the end, or in the right part of the window, depending on its size.
Once we do this, we will see a new system properties window. The tab that interests us is the “Advanced Options” tab. And, specifically, the “Performance” section.
We click on the “Settings” button and we can see a new window like the following. In it we select the tab «Data Execution Prevention«.
Here we can see the option to activate DEP only for essential Windows programs and services, or activate it for all PC programs and services. The mode that interests us is the second. We mark it, apply the changes and that’s it. After restarting the PC we can begin to enjoy all the advantages of this security measure.
Furthermore, if we have a problem with a specific program, we can add it to the exclusion list so that this program is not controlled and, therefore, does not give us problems.
Activate and deactivate with a shortcut
If we find ourselves in the rare situation where we need to turn this security measure on and off often (for example, to use a particular program), another way to do it is directly with a shortcut.
To do this, we will place ourselves in the directory where we want to have this shortcut, and we click with the right mouse button to select New > Shortcut.
We follow the steps that the wizard will indicate, and when we reach the point where we must enter the program or command that we want to execute from the shortcut, the one we have to enter is the following:
windir%/system32/systempropertiesdataexecutionprevention.exe
Of course, we have to change the bars for counterbars to make it work. Once this is done, we only have to give it the name we want (DEP, for example), and that’s it. We will now have a direct access with which, with a simple double click, we will be able to open the configuration window of this security measure and change the type of protection we want.