Smart Scan - Data Execution Prevention recommendation

Hi,

Smart Scan recommending me turn on “Data Execution Prevention”. I use default settings in Windows so not all options are enabled.

I think it has some reason, because it can probably cause problems.

What exactly this recommendation change? What problems it can create?

There should be more deeply explained what this “Avast fix” do and what it can cause.

Windows 10 22h2 64bit
Avast Free 23.8.

Don’t pay much attention to SmartScan.
You may not have DEP fully enabled. Yes, this reduces security, but if you turn on DEP completely, unstable operation of some applications is possible.
Run cmd as the administrator and run the command:
wmic OS Get DataExecutionPrevention_SupportPolicy
If the answer is:
0 – DEP is disabled for all processes.
1 – DEP is enabled for all processes.
2 – DEP is enabled for only Windows system components and services. (Default)
3 – DEP is enabled for all processes.

If it can cause problems, it should not be recommended by Smart Scan.

Avast recommends something that improves security. Problems are possible with older applications. And old applications are known to reduce security. If they have already started blocking the old drivers, then what can we say about applications. They are not interested in old applications. Outdated software is an enemy of security, but many users need it.

You appear to have completely disabled DEP, when the Default is just for Windows system components and services. (as Nom mentioned).

I’m sure that the Smart Scan wouldn’t be mentioning DEP at all if it were on that Default setting.
I have to say I’m somewhat surprised you even run the Smart Scan.

The word “smart” is confusing for beginners. Everyone thinks that “smart” is cool and powerful. I also launched it once. ;D In fact, boot scanning is cool and powerful. And smart scan gives only recommendations for improving security. You need to understand what it is, why and what will come of it. These measures will make someone better, and someone worse. Some may be erroneous. There was already such a question in the Russian topic. The person had DEP enabled by default, but smartscan issued a similar warning.
For example. Here I have avast counted 37 old drivers. And claims that this leads to performance problems. But I have old hardware and, accordingly, an old operating system. If I install new software, I will really have performance problems. In addition, my old drivers have been working stably for many years. Where is the guarantee that there are no new bugs and vulnerabilities in the new drivers? And where is the guarantee that new drivers improve performance? In life, the new is not always better than the old. Everything has its pros and cons. As an experienced engineer, I understand this well. But marketers say that the new is always better, even if it is worse. ;D To buy new hardware and software just for avast to tell me that I’m perfect man, I think it’s stupid. ;D

@ Nom
I generally prefix it with (Not So) Smart Scan.

I generally only run a not so Smart Scan as a result of a question in the forums.

Why, for the most part it isn’t telling me anything that I don’t already know about and either have it covered or I’m unconcerned by it. However, for the most part I find it a vehicle for promoting other Avast paid products.

I absolutely agree. There is nothing interesting for me in SmartScan. And I also have thoughts about “not so”. But someone may find his information useful for self-education.

You are wrong, i use Windows default settings.

I believe I had the default settings for DEP (I can’t recall ever having changed them) and I have never seen this.

I just checked and it is set to 2 (not the Default 3), I can’t recall ever having changed them.

So that is clearly why I’m not getting it, apologies for the misinformation.

I will leave it that way for now, it certainly hasn’t been an issue for me in that condition.

What is the difference between 1 and 3?
The description for both is the same in Nom’s reply#1 list above (or have I missed something).

What is the difference between 1 and 3?

There is little written about it anywhere. If memory does not fail me, 1 - allows you to set exceptions for applications, 3 - does not allow.

There are only 2 options, partially enabled (default) and fully enabled. No option turn it off.

bcdedit.exe/set {current} nx AlwaysOff

It’s the other way around:

See:

How to determine that hardware DEP is available
and configured on your computer

https://learn.microsoft.com/en-us/troubleshoot/windows-client/performance/determine-hardware-dep-available

@waking
That is a very old Article 03/24/2022

I doubt that the meaning and use of the DEP settings has changed in the interim.

After agreeing to turn on this amazing option on Windows 11 now most of my applications just silently fail to run. I have to “Run as Administrator” to turn launch Wordpad. Please tell me in what world this is good UX and good security? I’d like to get an answer how can I roll back to my previous default settings. I’m in no mood to re-install windows, just because Avast thinks it knows better than Microsoft engineers. To say I’m livid is to say nothing.

And don’t send me to some generic Microsoft article. I can google myself. I’ve seen 3 cmd windows opening upon reboot, so I’m pretty sure your “”“”“”“SMART”“”“”“”" piece of software launched some commands. Go to your repository, look at what it did and post it here.