How to opt applications out of DEP (DEPOptOut)
06/03/2018 Stuart Moore
Applications written with Visual Studio 2008, or earlier, are incompatible with operating systems enabled with Data Execution Prevention (DEP), this includes
- Systems configured with Secure Boot
- Default policies on Windows 10
- Windows running the Enhanced Mitigation Experience Threat (EMET) toolkit
This is because they can force DEP to be enabled for an application.
Cloudhouse have provided a means for a customer's application to opt out of DEP, so that it can run on the Server or Desktop without changing the configuration of EMET, or the default policies that are applied to application within their organisation. For applications running in a Container, the DEPOptOut feature will resolve memory access violations by changing the memory address location to an executable part of memory.
Identifying problems with DEP
Internet Explorer 11 crashes with the following error dialog, stating exception code C0000005, which means ACCESS_DENIED, if the 1st parameter of the exception is 8, Exception Data then it’s a DEP Violation.
Identifying problems with DEP on Windows 10
On Windows 10 the dialog doesn’t show the exception details, and you will need to refer to Window's application event log.
Error Event 1000 will report the Exeption code: C0000005
Info Event 10001 will report the Exception Data in the Problem signature: 00000008
- Edit AppAcceleratorV.clc
- Uncomment the following feature