After installing a disk encryption tool, Data Execution Prevention (DEP) starts killing the Spooler Subsystem. This is a known issue with this encryption program and the fix is to set DEP to run on all programs except those I specify. So I make this settings change and specify the Spooler Subsystem to be ignored by DEP. But DEP still kills the Spooler Subsystem even after reboot.
I've disabled and reenabled DEP. I've disabled it completely using the NoExecute=AlwaysOff option in the boot.ini file. On every other computer I've had this issue with the prescribed option fixes the problem.
But DEP won't die! Why, oh why, won't DEP die?
This article explains how Data Execution Prevention (DEP) works and how to turn it off and on in Windows 7, Windows Vista, and Windows Server 2008 (R2). Data Execution Prevention (DEP) is a security feature of the CPU that prevents an application from executing code from a non-executable memory region. May 01, 2019 Method 2: Apply the DEP turning off procedure according to these steps: 1- Click Start Control Panel Select System 2- On System Properties Click the Advanced tab. In the Performance region select Settings 3- Click the Data Execute tab in the dialogue box that opens 4- Select Turn on DEP for all programs and services except.
We have the following specifics to our system deployments that appear to play a part in this issue:
With Office 2010 we determined that completely disabling DEP is necessary. This was determined by higher-ups in the IT organization and I have not had the time or resources to investigate why this is so. At this point it's a given.
We install a disk encryption package call Hibun, which is older, and which has known issues with the Print Spooler Service. The work around was set the DEP settings to scan everything except those programs I manually selected and then to add the Print Spooler Service to the list of exceptions. This process originates before the Office 2010 full-disable of DEP.
The problem occurs when we put this requirement and this workaround together in the presence of the disk encryption.
The problem is repeatable: a completely fresh install, fully patched, results in exactly the same behavior at exactly the same point.
The behavior appears to be that, despite being told to be disabled both on an OS and BIOS level, DEP continues to run when the Disk Encryption is installed, and it continues to cause grief when it encounters the Print Spooler Service.
The solution was to turn off the Print Spooler Service.
We are in a networked environment where jobs are spooled by the Print Server, and so a local Print Spooler Service is not necessary. I have tested printing with the local Print Spooler Service disabled and it appears to work OK. The only issues may occur if the person attempts to print to a printer besides those in the office, which is not a great concern as that is implicitly disallowed by company security policy.
It is not the best solution, it's not an elegant solution, it's not even a particularly good solution, I just don't have time to spend on a better one. And so long as the user does not try to print work files from home (which is a huge no-no anyways) they should not experience any bad behavior from the computer.
Murglefrump! I hate poor solutions like this. But hey, I'm moving on to a different company soon that will be a bit more open when it comes to IT policy, and I'll have good deal more responsibility and be able to spend time finding true fixes and have to settle for fewer paste and sticky tape type solutions.
Not the answer you're looking for? Browse other questions tagged windows-xpencryptionprint-spoolerdepdata-execution-prevention or ask your own question.