Notification from DEP?

  • Thread starter Thread starter Ray
  • Start date Start date
R

Ray

Is data execution protection supposed to notify me when it stops a
program from running? The only "notice" I get is that nothing happens
when I click a program's shortcut. Now that I've learned the signs (or
lack thereof) of DEP in action I know when to tell it to allow a
certain program, but it seems like it should let me know about the
problem.

--
Ray
(remove the Xs to reply)
 
Why is Windows closing my program?
http://windowshelp.microsoft.com/Windows/e...ae63cf1033.mspx

> Windows might close a program and then notify you if it determines that the program is either a
> security risk or incompatible with this version of Windows.
> When Windows closes a program because of a security risk, it is because some programs might use
> your computer's random access memory (RAM) in a way that could be exploited by a virus and harm
> your computer. Data Execution Prevention (DEP), a security feature of Windows, tracks how
> programs use memory. If DEP finds memory being used incorrectly, DEP will close the program and
> let you know. If you trust the program, you can add it to an exceptions list so that DEP won't
> close it, but you should first check with the manufacturer of the program to see if there is an
> updated, DEP-compatible version available.


Have the programs been added to the DEP exception list ? According to
the above one *should* be
notified if one hasn't added them to the exception list.

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



Ray wrote:

> Is data execution protection supposed to notify me when it stops a
> program from running? The only "notice" I get is that nothing happens
> when I click a program's shortcut. Now that I've learned the signs (or
> lack thereof) of DEP in action I know when to tell it to allow a
> certain program, but it seems like it should let me know about the
> problem.
>
 
For what it's worth, I've experienced inconsistent responses from DEP.
Sometimes a msg box states that DEP has prevented a program from running, yet
other times it happens as you described -- the exe doesn't run and nothing
displays to alert me to that fact. I've also learned to add them to the
exception list. The obvious danger with the latter is that we are
cicrcumventing the protection that DEP is supposed to be providing.

"Ray" wrote:

> Is data execution protection supposed to notify me when it stops a
> program from running? The only "notice" I get is that nothing happens
> when I click a program's shortcut. Now that I've learned the signs (or
> lack thereof) of DEP in action I know when to tell it to allow a
> certain program, but it seems like it should let me know about the
> problem.
>
> --
> Ray
> (remove the Xs to reply)
>
 
In message
JohnDavid wrote:

>For what it's worth, I've experienced inconsistent responses from DEP.
>Sometimes a msg box states that DEP has prevented a program from running, yet
>other times it happens as you described -- the exe doesn't run and nothing
>displays to alert me to that fact. I've also learned to add them to the
>exception list. The obvious danger with the latter is that we are
>cicrcumventing the protection that DEP is supposed to be providing.

The other interesting thing about DEP is that the exception list isn't
fully effective, one of the software components I support fails to run
under DEP. In the majority of cases, adding the executable to the DEP
exclusion list does the trick, but in a non-trivial number of cases, the
software still crashes randomly, without notice. Setting DEP to
AlwaysOff in boot.ini resolves the issue.

The problem only occurs on hardware which supports NX, the pure-software
DEP appears to exclude properly in all cases.
 
Yes, I've also experienced the (sometimes) ineffectiveness of the exclusion
list. I've wondered (but not researched) how DEP is trying to perform its
function: does it simply exclude the entered EXE does it try to relate the
entered EXE to other components of the application is the exclude feature
failing or is DEP invoked for a related EXE in the app or even for code
executed out of a DLL run by some other process.

Since my encounters with DEP are only in the home environment, my approach
has been that if I can't get the app past DEP after a few tweaks (of what to
exclude), then I just don't run the app -- luckily, no software I've paid
for so far.

"DevilsPGD" wrote:

> In message
> JohnDavid wrote:
>
> >For what it's worth, I've experienced inconsistent responses from DEP.
> >Sometimes a msg box states that DEP has prevented a program from running, yet
> >other times it happens as you described -- the exe doesn't run and nothing
> >displays to alert me to that fact. I've also learned to add them to the
> >exception list. The obvious danger with the latter is that we are
> >cicrcumventing the protection that DEP is supposed to be providing.
>
> The other interesting thing about DEP is that the exception list isn't
> fully effective, one of the software components I support fails to run
> under DEP. In the majority of cases, adding the executable to the DEP
> exclusion list does the trick, but in a non-trivial number of cases, the
> software still crashes randomly, without notice. Setting DEP to
> AlwaysOff in boot.ini resolves the issue.
>
> The problem only occurs on hardware which supports NX, the pure-software
> DEP appears to exclude properly in all cases.
>
 
"MowGreen [MVP]" wrote:

> Why is Windows closing my program?
> http://windowshelp.microsoft.com/Windows/e...e93886b9-292f-4
> 2e2-8702-512e67ae63cf1033.mspx
>
>> Windows might close a program and then notify you if it
>> determines that the program is either a security risk or
>> incompatible with this version of Windows. When Windows closes a
>> program because of a security risk, it is because some programs
>> might use your computer's random access memory (RAM) in a way
>> that could be exploited by a virus and harm your computer. Data
>> Execution Prevention (DEP), a security feature of Windows, tracks
>> how programs use memory. If DEP finds memory being used
>> incorrectly, DEP will close the program and let you know. If you
>> trust the program, you can add it to an exceptions list so that
>> DEP won't close it, but you should first check with the
>> manufacturer of the program to see if there is an updated,
>> DEP-compatible version available.
>
>
> Have the programs been added to the DEP exception list ? According
> to the above one *should* be
> notified if one hasn't added them to the exception list.

No, they haven't been added to the list, which is why they don't run.
But DEP has never notified me when it has stopped a program.
Fortunately I learned early on that if a program doesn't do anything
when I click its icon, then DEP is stopping it. Once the program is
added to the exception list, it works fine.

--
Ray
(remove the Xs to reply)
 
wrote:

> For what it's worth, I've experienced inconsistent responses from
> DEP. Sometimes a msg box states that DEP has prevented a program
> from running, yet other times it happens as you described -- the
> exe doesn't run and nothing displays to alert me to that fact.
> I've also learned to add them to the exception list. The obvious
> danger with the latter is that we are cicrcumventing the
> protection that DEP is supposed to be providing.

True, but in my case the programs I've had problems with are ones I've
used for years in earlier versions of Windows, so security isn't an
issue.

--
Ray
(remove the Xs to reply)
 
In message
JohnDavid wrote:

>Yes, I've also experienced the (sometimes) ineffectiveness of the exclusion
>list. I've wondered (but not researched) how DEP is trying to perform its
>function: does it simply exclude the entered EXE does it try to relate the
>entered EXE to other components of the application is the exclude feature
>failing or is DEP invoked for a related EXE in the app or even for code
>executed out of a DLL run by some other process.

I've tried adding DLLs to the exclusion list too, without any success.
However, that may or may not be supported, or even possible.

>Since my encounters with DEP are only in the home environment, my approach
>has been that if I can't get the app past DEP after a few tweaks (of what to
>exclude), then I just don't run the app -- luckily, no software I've paid
>for so far.

On my desktop, I tend to agree. However, we've got some fairly large
server packages where this isn't an option.

The software is mainly written in C++, but has a built-in AV feature (AV
definitions can actually contain scriptlets or even executable code in
some cases), plus some third party components in compiled PERL, none of
which is especially DEP friendly right now.

However, the vendor has a pretty strong security track record, both in
terms of overall vulnerabilities discovered, and rate of patching, so
the lack of DEP doesn't stress me much.
 
Back
Top