In message <
[email protected]>
JohnDavid said:
Yes, I've also experienced the (sometimes) ineffectiveness of the exclusion
list. I've wondered (but not researched) how DEP is trying to perform its
function: does it simply exclude the entered EXE; does it try to relate the
entered EXE to other components of the application; is the exclude feature
failing or is DEP invoked for a related EXE in the app or even for code
executed out of a DLL run by some other process.
I've tried adding DLLs to the exclusion list too, without any success.
However, that may or may not be supported, or even possible.
Since my encounters with DEP are only in the home environment, my approach
has been that if I can't get the app past DEP after a few tweaks (of what to
exclude), then I just don't run the app -- luckily, no software I've paid
for so far.
On my desktop, I tend to agree. However, we've got some fairly large
server packages where this isn't an option.
The software is mainly written in C++, but has a built-in AV feature (AV
definitions can actually contain scriptlets or even executable code in
some cases), plus some third party components in compiled PERL, none of
which is especially DEP friendly right now.
However, the vendor has a pretty strong security track record, both in
terms of overall vulnerabilities discovered, and rate of patching, so
the lack of DEP doesn't stress me much.