Data Execution Prevention (DEP) is a technology built into Windows that helps protect you from executable code launching from places it's not supposed to. DEP does that by marking some areas of your PC's memory as being for data only, no executable code or apps will be allowed to run from those areas of memory.
This is designed to make it harder for attacks that try to use buffer overflows, or other techniques, to run their malware from those parts of memory that normally only contain data.
An imperfect analogy
Imagine you own a coffee shop, and your shop has doors that are for customers and other doors for deliveries. In order to ensure that only approved products are sold and used in your shop you require that all deliveries have to come through the delivery doors.
If a delivery person comes through the customer-only door that's considered suspicious and you decline to accept their delivery.
DEP doesn't let deliveries (executable code) come through the customer-only door (areas of memory marked for data only).
Turning DEP off or on
DEP is turned on by default, but if you need to turn it off (or back on), you can do that in the Windows Security app. We recommend leaving it turned on for your protection.
-
Tap the Windows key or Start button .
-
Type Windows Security and select the Windows Security app that appears at the top of the search results.
-
Select App & browser control and then Exploit protection.
You'll find Data Execution Prevention on the System settings tab.
Important: If your PC is managed by your work or school, it's possible that your system administrator doesn't allow you to make changes to this setting.
Learn more
For a more in-depth explanation see Data Execution Prevention at learn.microsoft.com.