Vista - Notification from DEP?

Is data execution protection supposed to notify me when it stops a
program from running? The only "notice" I get is that nothing happens
when I click a program's shortcut. Now that I've learned the signs (or
lack thereof) of DEP in action I know when to tell it to allow a
certain program, but it seems like it should let me know about the
problem.

--
Ray
(remove the Xs to reply)

Why is Windows closing my program?
http://windowshelp.microsoft.com/Win...e63cf1033.mspx
<snip>

Have the programs been added to the DEP exception list ? According to
the above one *should* be
notified if one hasn't added them to the exception list.

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



Ray wrote:

For what it's worth, I've experienced inconsistent responses from DEP.
Sometimes a msg box states that DEP has prevented a program from running, yet
other times it happens as you described -- the exe doesn't run and nothing
displays to alert me to that fact. I've also learned to add them to the
exception list. The obvious danger with the latter is that we are
cicrcumventing the protection that DEP is supposed to be providing.

"Ray" wrote:

In message <2EF9F2FB-EA19-4514-A301-EEE62BB85F27@xxxxxx>
JohnDavid <JohnDavid@xxxxxx> wrote:
The other interesting thing about DEP is that the exception list isn't
fully effective, one of the software components I support fails to run
under DEP. In the majority of cases, adding the executable to the DEP
exclusion list does the trick, but in a non-trivial number of cases, the
software still crashes randomly, without notice. Setting DEP to
AlwaysOff in boot.ini resolves the issue.

The problem only occurs on hardware which supports NX, the pure-software
DEP appears to exclude properly in all cases.

Yes, I've also experienced the (sometimes) ineffectiveness of the exclusion
list. I've wondered (but not researched) how DEP is trying to perform its
function: does it simply exclude the entered EXE; does it try to relate the
entered EXE to other components of the application; is the exclude feature
failing or is DEP invoked for a related EXE in the app or even for code
executed out of a DLL run by some other process.

Since my encounters with DEP are only in the home environment, my approach
has been that if I can't get the app past DEP after a few tweaks (of what to
exclude), then I just don't run the app -- luckily, no software I've paid
for so far.

"DevilsPGD" wrote:

"MowGreen [MVP]" <mowgreen@xxxxxx> wrote:
No, they haven't been added to the list, which is why they don't run.
But DEP has never notified me when it has stopped a program.
Fortunately I learned early on that if a program doesn't do anything
when I click its icon, then DEP is stopping it. Once the program is
added to the exception list, it works fine.

--
Ray
(remove the Xs to reply)

<JohnDavid@xxxxxx> wrote:
True, but in my case the programs I've had problems with are ones I've
used for years in earlier versions of Windows, so security isn't an
issue.

--
Ray
(remove the Xs to reply)

In message <C0BC5232-15B6-48D0-84EF-56D036D54B48@xxxxxx>
JohnDavid <JohnDavid@xxxxxx> wrote:
I've tried adding DLLs to the exclusion list too, without any success.
However, that may or may not be supported, or even possible.
On my desktop, I tend to agree. However, we've got some fairly large
server packages where this isn't an option.

The software is mainly written in C++, but has a built-in AV feature (AV
definitions can actually contain scriptlets or even executable code in
some cases), plus some third party components in compiled PERL, none of
which is especially DEP friendly right now.

However, the vendor has a pretty strong security track record, both in
terms of overall vulnerabilities discovered, and rate of patching, so
the lack of DEP doesn't stress me much.