1.31 Set 'Turn off Data Execution Prevention' to 'Disabled'


This policy setting allows you to turn on and off Data Execution Prevention (DEP) for
Outlook. DEP is a set of hardware and software technologies that perform additional checks
on memory to help prevent malicious code from running on a system. The primary benefit
of DEP is to help prevent code execution from data pages. If you enable this policy setting,
you will turn off DEP for Outlook. If you disable or do not configure this policy setting, you
will turn on DEP for Outlook. The recommended state for this setting is- Disabled.


Enabling this setting turns off Data Execution Prevention (DEP) for Access 2010. As a
result, malicious code that takes advantage of code injection or buffer overflow
vulnerabilities could exploit the computer.


To implement the recommended configuration state, set the following Group Policy setting
to Disabled.

User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Trust
Center\Turn off Data Execution Prevention

Impact-With DEP enabled, every time memory is accessed, the location is checked to ensure that
any code that executes does so in a code area and not a data area of memory. The extra
checks incur a small overhead because DEP is supported at the hardware level by all recent
Intel and AMD processors. Note DEP may cause compatibility issues with some older

See Also


Item Details


References: 800-53|CM-7(2)

Plugin: Windows

Control ID: bea2ac606c3a1226127d68161cf575b6cdbd4ccc054b8934a1bd492b8a409600