Among the security features brought to the recent versions of Windows, Data Execution Prevention (‘DEP’) will block specific programs especially if they are found to be running from the system memory. So how can you set DEP Attributes on 64-Bit Executables?
You will need to add the program in the Windows settings so that DEP doesn’t apply to it. You may also have to reset the program that is causing errors especially if it is a Windows default program.
Let’s look at what DEP is, how you can fix this error message, and what to do with changing settings so that you can get your computer back to running programs that you know aren’t malicious. DEP is a very important security feature so you shouldn’t just turn it off.
What Does “You Can Not Set DEP Attributes on 64-Bit Executables” Mean?
This issue can be seen when you try to add an executable such as a dllhost, and you will get a message saying that the COM surrogate has stopped working. It can happen with any executable that is being run via system memory.
DEP is a Microsoft security technology that prevents malicious code located in system memory locations. It does this by doing several checks to prevent unwanted actions taking place and to stop malware from executing.
The source of this issue is that hardware-enforced DEP can’t be disabled, as it is always applied to 64-bit processes and kernel memory spaces and there are no system configuration settings to disable it.
How to Fix “You Can Not Set DEP Attributes on 64-Bit Executables”?
DEP is enabled by default. It applies to all essential Windows operating system programs and services.
If the program is one that you know is fine and legitimate, then it is just a matter of adding it to the exceptions in the Windows settings under the DEP part.
Generally, you won’t need many reasons to disable it but see below for some methods for getting around this restriction.
Add Exceptions to the DEP
To make any changes to this, you must be logged on as an administrator or a member of the Administrators group. Network policy settings may also prevent you from doing this, so contact your system administrator to discuss changing this.
To change DEP, click Start and right click on Computer, and select Properties. Click on Advanced System Settings, then click the Advanced Tab and then in the Performance section, click Settings.
Select the Data Execution Protection tab, and then click ‘Turn on DEP for all programs and services except those I select’ option.
Now you need to make exceptions for the 64-Bit Executables that you want to modify, so click the Add button, and then browse to the file path where it is and add it.
Click OK on the warning message and then hit Apply/OK.
Reset Programs
Sometimes plugins can become corrupted or incompatible, particularly in default Windows programs like Microsoft Edge.
You’ll need to reset the program back to default. For Edge, go to the top right corner and click on Microsoft Edge’s main menu button, represented by three horizontal dots.
Tap on Settings and on the left side of the window, click on Reset Settings. In the main window, it should have an option that says Restore settings to their default values, click on this and try again.
Use CMD to Turn Off DEP
Open a CMD window as an Administrator. You can type CMD in the search bar and then click on Run as Administrator.
Once the CMD line comes up, type in ‘bcdedit.exe /set {current} nx AlwaysOff’ and hit Enter.
You should see ‘The operation completed successfully’ underneath once complete. DEP is now completely off on your computer. From a security point of view, this is not recommended and you should just add individual exceptions in.
However, if you’re finding that the individual exceptions are not working, turning DEP off completely can help you diagnose whether you are selecting the wrong executable for the exception or something else is going on.
If you want to enable DEP again, type ‘bcdedit.exe /set {current} nx AlwaysOn’ in the CMD prompt again.