Jump to content

DEP status mystery in process explorer


luweitest

Recommended Posts

The process explorer version is 16.22,  the last working one for XP.  The DEP column shows nearly all processes are "Disabled", despite that I choose "Enable DEP for all programs and services except ..." in the system->performance of the control panel. What's wrong?

1.thumb.PNG.d44ef266b39a427e7c5bcacb72d5feb0.PNG

Link to comment
Share on other sites


Certainly your version of Process Explorer.
I don't remember where but I have explained in the past in the forum that versions after 16.12 malfunction in Windows XP.
Try P.E.version 16.12, if then you get the same situation we will see in detail what to do next.

P.S.

I deleted because I'm sure you solve.

P.S.1

For a more profitable use of P.E. it is better to set the software as in the image below:

100.jpg

:hello:

Edited by Sampei.Nihira
Link to comment
Share on other sites

On 5/25/2021 at 11:07 PM, Sampei.Nihira said:

Certainly your version of Process Explorer.
I don't remember where but I have explained in the past in the forum that versions after 16.12 malfunction in Windows XP.
Try P.E.version 16.12

Yes, 16.12 is the last one displays DEP status right. Thank you for the tip!

 

On 5/25/2021 at 11:07 PM, Sampei.Nihira said:

For a more profitable use of P.E. it is better to set the software as in the image below:

I usually use P.E. to find out which app is visiting network suspiciously, reading/writing crazily,  consumes  most memory, etc.  I would not check DEP status frequently; I added that column because I saw another person's screenshot. And I disable image signature checking by default for it consumes lots of memory at opening, and never gives correct result at first run (lots of "not verified" error) .

Link to comment
Share on other sites

Yes, in fact the signature verification is not very important from a security point of view, in our OS.

On the contrary in the most modern OS it is fundamental.
Especially if combined with the modify of registry key "ValidateAdminCodeSignatures".
By changing the value of this registry key (default 0) you can prevent unsigned executables (including malwares) from starting.

 

A simple trick that disarms unsigned malware.

Edited by Sampei.Nihira
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...