JSI Tip 10035. How to Configure Memory Protection in Windows XP SP2?
January 8, 2006
Microsoft TechNet Article How to Configure Memory Protection in Windows XP SP2 contains the following introduction:
Microsoft Windows XP Service Pack 2 (SP2) helps protect your computer against the insertion of malicious code into areas of computer memory reserved for non-executable code by implementing a set of hardware and software-enforced technologies called Data Execution Prevention (DEP). Hardware-enforced DEP is a feature of certain processors that prevents the execution of code in memory regions that are marked as data storage. This feature is also known as No-Execute and Execution Protection. Windows XP SP2 also includes software-enforced DEP that is designed to reduce exploits of exception handling mechanisms in Windows.
Unlike an antivirus program, hardware and software-enforced DEP technologies are not designed to prevent harmful programs from being installed on your computer. Instead, they monitor your installed programs to help determine if they are using system memory safely. To monitor your programs, hardware-enforced DEP tracks memory locations declared as "non-executable". To help prevent malicious code, when memory is declared "non-executable" and a program tries to execute code from the memory, Windows will close that program. This occurs whether the code is malicious or not.
Note: Software-based DEP is part of Windows XP SP2 and is enabled by default, regardless of the hardware-enforced DEP capabilities of the processor. By default software-enforced DEP applies to core operating system components and services.
The default configuration of DEP is designed to protect your computer with minimal impact to application compatibility. However, depending on your DEP configuration, it is possible that some programs might not run correctly. You can use the tasks described in this document to configure DEP on your computer:
• | Enable DEP for all programs on your computer |
• | Add programs to the DEP exception list |
• | Disable DEP for your entire computer IMPORTANT: The instructions in this document were developed by using the Start menu that appears by default when you install your operating system. If you have modified your Start menu, the steps might differ slightly. |
For definitions of security-related terms, see the following:
• | "Microsoft Security Glossary" on the Microsoft Web site at http://go.microsoft.com/fwlink/?LinkId=35468 |
For more information regarding DEP, see the following:
• | Microsoft Knowledge Base Article 875352 on the Microsoft Help and Support Web site at http://go.microsoft.com/fwlink/?linkid=35494 |
About the Author
You May Also Like