How can you enable hardware DEP and still have NS Agent function
search cancel

How can you enable hardware DEP and still have NS Agent function

book

Article ID: 179680

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

 Question
How can you enable hardware DEP  (Data Exection Prevention) and still have NS Agent function?

Resolution

Answer
Currently, with DEP set to "AlwaysOn" it will prevent the Altiris Service from starting. Turning off DEP (Data Exection Prevention) is a course of action, you can still enable DEP while allowing the Altiris Service to pass through DEP.

Here are the steps:

  1. Log into the machine as an Administrator
  2. Add the registry key:
    1. HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers  (you may need to create the “Layers” key if not present)
    2. Value Name: c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
    3. Value Type: REG_SZ
    4. Value: DiasbleNXShowUI
  3. Reboot the machine
  4. Run this command line as an Administrator:
    1. Bcdedit /set {CURRENT.EN_US} nx OptOut
  5. Reboot the machine
  6. Start the Altiris Service (if not started automatically)

DEP should look like this:

The following scenario worked:
1. Hardware DEP is ON
2. Software DEP is set to OptOut
3. Exclude the Altiris service in the registry