Notification from DEP?

  • Thread starter Thread starter Ray
  • Start date Start date
R

Ray

Is data execution protection supposed to notify me when it stops a
program from running? The only "notice" I get is that nothing happens
when I click a program's shortcut. Now that I've learned the signs (or
lack thereof) of DEP in action I know when to tell it to allow a
certain program, but it seems like it should let me know about the
problem.
 
Why is Windows closing my program?
http://windowshelp.microsoft.com/Windows/en-US/Help/e93886b9-292f-42e2-8702-512e67ae63cf1033.mspx
Windows might close a program and then notify you if it determines that the program is either a
security risk or incompatible with this version of Windows.
When Windows closes a program because of a security risk, it is because some programs might use
your computer's random access memory (RAM) in a way that could be exploited by a virus and harm
your computer. Data Execution Prevention (DEP), a security feature of Windows, tracks how
programs use memory. If DEP finds memory being used incorrectly, DEP will close the program and
let you know. If you trust the program, you can add it to an exceptions list so that DEP won't
close it, but you should first check with the manufacturer of the program to see if there is an
updated, DEP-compatible version available.
<snip>

Have the programs been added to the DEP exception list ? According to
the above one *should* be
notified if one hasn't added them to the exception list.

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
 
For what it's worth, I've experienced inconsistent responses from DEP.
Sometimes a msg box states that DEP has prevented a program from running, yet
other times it happens as you described -- the exe doesn't run and nothing
displays to alert me to that fact. I've also learned to add them to the
exception list. The obvious danger with the latter is that we are
cicrcumventing the protection that DEP is supposed to be providing.
 
In message <[email protected]>
JohnDavid said:
For what it's worth, I've experienced inconsistent responses from DEP.
Sometimes a msg box states that DEP has prevented a program from running, yet
other times it happens as you described -- the exe doesn't run and nothing
displays to alert me to that fact. I've also learned to add them to the
exception list. The obvious danger with the latter is that we are
cicrcumventing the protection that DEP is supposed to be providing.

The other interesting thing about DEP is that the exception list isn't
fully effective, one of the software components I support fails to run
under DEP. In the majority of cases, adding the executable to the DEP
exclusion list does the trick, but in a non-trivial number of cases, the
software still crashes randomly, without notice. Setting DEP to
AlwaysOff in boot.ini resolves the issue.

The problem only occurs on hardware which supports NX, the pure-software
DEP appears to exclude properly in all cases.
 
Yes, I've also experienced the (sometimes) ineffectiveness of the exclusion
list. I've wondered (but not researched) how DEP is trying to perform its
function: does it simply exclude the entered EXE; does it try to relate the
entered EXE to other components of the application; is the exclude feature
failing or is DEP invoked for a related EXE in the app or even for code
executed out of a DLL run by some other process.

Since my encounters with DEP are only in the home environment, my approach
has been that if I can't get the app past DEP after a few tweaks (of what to
exclude), then I just don't run the app -- luckily, no software I've paid
for so far.
 
MowGreen said:
Why is Windows closing my program?
http://windowshelp.microsoft.com/Windows/en-US/Help/e93886b9-292f-4
2e2-8702-512e67ae63cf1033.mspx

<snip>

Have the programs been added to the DEP exception list ? According
to the above one *should* be
notified if one hasn't added them to the exception list.

No, they haven't been added to the list, which is why they don't run.
But DEP has never notified me when it has stopped a program.
Fortunately I learned early on that if a program doesn't do anything
when I click its icon, then DEP is stopping it. Once the program is
added to the exception list, it works fine.
 
For what it's worth, I've experienced inconsistent responses from
DEP. Sometimes a msg box states that DEP has prevented a program
from running, yet other times it happens as you described -- the
exe doesn't run and nothing displays to alert me to that fact.
I've also learned to add them to the exception list. The obvious
danger with the latter is that we are cicrcumventing the
protection that DEP is supposed to be providing.

True, but in my case the programs I've had problems with are ones I've
used for years in earlier versions of Windows, so security isn't an
issue.
 
In message <[email protected]>
JohnDavid said:
Yes, I've also experienced the (sometimes) ineffectiveness of the exclusion
list. I've wondered (but not researched) how DEP is trying to perform its
function: does it simply exclude the entered EXE; does it try to relate the
entered EXE to other components of the application; is the exclude feature
failing or is DEP invoked for a related EXE in the app or even for code
executed out of a DLL run by some other process.

I've tried adding DLLs to the exclusion list too, without any success.
However, that may or may not be supported, or even possible.
Since my encounters with DEP are only in the home environment, my approach
has been that if I can't get the app past DEP after a few tweaks (of what to
exclude), then I just don't run the app -- luckily, no software I've paid
for so far.

On my desktop, I tend to agree. However, we've got some fairly large
server packages where this isn't an option.

The software is mainly written in C++, but has a built-in AV feature (AV
definitions can actually contain scriptlets or even executable code in
some cases), plus some third party components in compiled PERL, none of
which is especially DEP friendly right now.

However, the vendor has a pretty strong security track record, both in
terms of overall vulnerabilities discovered, and rate of patching, so
the lack of DEP doesn't stress me much.
 
Back
Top