locked
DEP Opt Out Issue RRS feed

  • Question

  • Using EMET 3.5 on Windows 7x64 bit – currently have DEP set to Opt Out – SEHOP to Opt Out and ASLR to Opt In. I tried experimenting by setting EMET to 'Maximum Security Settings' to see whether this would cause any problems with my programs – I then discovered that DEP on my system appears to be 'locked' at Opt Out. Cannot change it no matter what I try. (neither Opt In nor Always On)

    I have uninstalled 3.5 – installed version 3 – re-installed 3.5 – (tried manually purging Registry each time) but with no apparent change.


    Any ideas on how I can 'unlock' DEP Opt Out?


    • Edited by Rebbeck497 Monday, January 14, 2013 11:39 AM
    Sunday, January 13, 2013 5:09 AM

Answers

  • Not set by group policy - (I don't have the key in HKLM)

    I figured that the setting was in in the boot config (hidden 100MB partition?) but not sure how to go about changing the value as I get "The boot configuration data store could not be opened. The system cannot find the file specified." - message when trying to use the BCDedit command.

    I did see a post in this forum on assigning a drive letter to the hidden partition to make it visible.

    I suppose I need some kind of tool to access the boot data? Or is there an easier way?

    Edit:

    Ok, have found info on how to go about this - thanks for your input!

    • Edited by Rebbeck497 Wednesday, January 16, 2013 10:14 AM
    • Marked as answer by Rebbeck497 Wednesday, January 16, 2013 10:14 AM
    Wednesday, January 16, 2013 5:31 AM

All replies

  • Here are a couple ideas:

    Is it set in group policy on your system?  To verify, see if the following value is set:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\DEP
    If it is set by group policy, you might not be able to configure it in the GUI.

    If you do change it in group policy, remember to run the emet_conf --refresh command afterwards.

    The system-wide DEP change itself appears to make a change to the system's boot configuration data, and if EMET is removed from the system, it might be possible to remove the DEP change using bcdedit, as EMET modifies the "nx" value there.

    Tuesday, January 15, 2013 7:43 PM
  • Not set by group policy - (I don't have the key in HKLM)

    I figured that the setting was in in the boot config (hidden 100MB partition?) but not sure how to go about changing the value as I get "The boot configuration data store could not be opened. The system cannot find the file specified." - message when trying to use the BCDedit command.

    I did see a post in this forum on assigning a drive letter to the hidden partition to make it visible.

    I suppose I need some kind of tool to access the boot data? Or is there an easier way?

    Edit:

    Ok, have found info on how to go about this - thanks for your input!

    • Edited by Rebbeck497 Wednesday, January 16, 2013 10:14 AM
    • Marked as answer by Rebbeck497 Wednesday, January 16, 2013 10:14 AM
    Wednesday, January 16, 2013 5:31 AM
  • Hello!

    I don't have an answer, but the very same question!

    My computers all receive an image upon entering my home.  Where might this be coming from?  How do I ID the master computer or simply block the transmission?

    Angel

    PS In plain speak, please.


    None

    Sunday, April 27, 2014 11:14 PM