TDS-3 Update.exe Fails Under Data Execution Protection

Discussion in 'Trojan Defence Suite' started by DEPAlert, Aug 31, 2004.

Thread Status:
Not open for further replies.
  1. DEPAlert

    DEPAlert Guest

    The TDS-3 update executable (update.exe) fails when Data Execution Protection in Windows XP Pro SP2 is set to cover all applications and services except those that the user specifically excludes (by default, XP turns DEP on only for Windows Programs and Services).

    DEP is set under:

    System -> Advanced -> Performance-Settings -> Data Execution Protection

    By the way, of approx. 70 apps on my current PC, only 3 caused issues:

    TDS-3 Update
    Prime95
    eXtendia AVK Pro (severe / also caused issues with Outlook 2003 via AVK plug-in module)

    TDS-3 Update and Prime 95 were easily fixed by adding the single, offending file to the exceptions list. eXtendia AVK required more effort.

    For those interested in seeing info regarding eXtendia AVK and the issues I
    had with it and DEP, see here:

    http://www.abxzone.com/forums/showthread.php?p=860114#post860114
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks DeEPalert, On my updated XP Pro SP2 this was not turned on by default as I believe it may be CPU sensitive?

    Your post will alert users that have this feature enabled this - Thankyou. Pilli

    Here is an extract from the SP2 help file that describes DEP in mor detail.

    Data Execution Prevention (DEP) helps prevent damage from viruses and other security threats that attack by running (executing) malicious code from memory locations that only Windows and other programs should use. This type of threat causes damage by taking over one or more memory locations in use by a program. Then it spreads and harms other programs, files, and even your e-mail contacts.

    Unlike a firewall or antivirus program, DEP does not help prevent harmful programs from being installed on your computer. Instead, it monitors your programs to determine if they use system memory safely. To do this, DEP software works alone or with compatible microprocessors to mark some memory locations as "non-executable". If a program tries to run code—malicious or not—from a protected location, DEP closes the program and notifies you.

    DEP can take advantage of software and hardware support. To use DEP, your computer must be running Microsoft Windows XP Service Pack 2 (SP2) or later, or Windows Server 2003 Service Pack 1 or later. DEP software alone helps protect against certain types of malicious code attacks but to take full advantage of the protection that DEP can offer, your processor must support "execution protection". This is a hardware-based technology designed to mark memory locations as non-executable. If your processor does not support hardware-based DEP, it's a good idea to upgrade to a processor that offers
     
  3. DEPAlert

    DEPAlert Guest

    Update:

    Sorry, I did not thoroughly test all the modules in TDS-3 as some I rarely, if ever use.

    As it turns out (and this is almost a brain-teaser in the way it sounds), Execution Protection in TDS-3 causes an issue with DATA Execution Protection in Windows XP SP2.

    Pilli,

    As I said in my first post, DEP is turned on to cover only Windows programs and services by default. And even this default behavior (which I didn't mention) may be somewhat different depending on processor. AMD64 processors are fully compatible with DEP, which is what I use.

    Thanks.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks for the clarification DEP :)
     
Thread Status:
Not open for further replies.