-
What is the difference between DEP always
on ("/NoExecute=AlwaysOn" in boot.ini) and DEP opt-out
( "/NoExecute=OptOut" in boot.ini) with no exceptions?"no exceptions" = empty list of programs for which DEP does not apply.
DEP = Data Execution Prevention (hardware).One would expect it to work the same way, but it makes a
difference for some applications:E.g. for all versions
of UltraEdit 14 (14.2). It crashes at startup for DEP
always on, at least on Microsoft Windows XP Professional
Edition x64 edition. (Update 2010-03-11: this problem has been
fixed with UltraEdit 15.2 and later.)Update 2010-07-12: Mozilla Thunderbird 2.0.0.19 also crashes
at startup for DEP set to the highest level (as UltraEdit used to do). -
Is there a difference between Windows XP, Windows Vista and
Windows 7? -
Is there a difference between 32 bit and 64 bit versions of
Windows?
Windows: what is the difference between DEP always on and DEP opt-out with no exceptions
windowswindows 7windows-vistawindows-xp
Related Topic
- java – Difference Between java.exe and javaw.exe
- Windows – the difference between hosts and lmhosts files
- What exceptions should Windows Firewall have to allow network discovery
- Samba between Ubuntu server 10.10 and Windows Vista, Windows 7
- What are the differences between Windows EVT and EVTX log files
- Windows – the difference between kill and taskkill commands in Windows Server
Best Answer
Configuration Description
OptIn This setting is the default configuration. On systems with processors that can implement hardware-enforced DEP, DEP is enabled by default for limited system binaries and programs that "opt-in." With this option, only Windows system binaries are covered by DEP by default.
OptOut DEP is enabled by default for all processes. You can manually create a list of specific programs that do not have DEP applied by using the System dialog box in Control Panel. Information technology (IT) professionals can use the Application Compatibility Toolkit to "opt-out" one or more programs from DEP protection. System compatibility fixes, or shims, for DEP do take effect.
AlwaysOn This setting provides full DEP coverage for the whole system. All processes always run with DEP applied. The exceptions list to exempt specific programs from DEP protection is not available. System compatibility fixes for DEP do not take effect. Programs that have been opted-out by using the Application Compatibility Toolkit run with DEP applied.
AlwaysOff This setting does not provide any DEP coverage for any part of the system, regardless of hardware DEP support. The processor does not run in PAE mode unless the /PAE option is present in the Boot.ini file.