Data Execution Prevention causes problem

P

P

I previously made multipage PDF files from my scanner (Microtek via TWAIN on
XP system) but have now scrapped that computer and replaced it with a new
Win 7 system and the latest Acrobat Pro 9.3. If I could rescue the old
computer I would but it is gone.

Windows stops Acrobat running with a message saying that DEP is helping to
protect my computer and will close Acrobat. I have tried to disable DEP but
I get told that acrobat.exe MUST run with DEP enabled.

Apparently it is possible to edit the boot.ini file to disable DEP
completely but I don't see that as an option, although I am tempted to try
it.
Does anyone have any ides about fixing this problem?
I think some of these new "security features" border on the paranoid.

Paul
 
Y

Yousuf Khan

I previously made multipage PDF files from my scanner (Microtek via
TWAIN on XP system) but have now scrapped that computer and replaced it
with a new Win 7 system and the latest Acrobat Pro 9.3. If I could
rescue the old computer I would but it is gone.

Windows stops Acrobat running with a message saying that DEP is helping
to protect my computer and will close Acrobat. I have tried to disable
DEP but I get told that acrobat.exe MUST run with DEP enabled.

Apparently it is possible to edit the boot.ini file to disable DEP
completely but I don't see that as an option, although I am tempted to
try it.
Does anyone have any ides about fixing this problem?
I think some of these new "security features" border on the paranoid.

Paul
Tried downloading the Acrobat again, or rerunning the installer?

Yousuf Khan
 
P

P

Yes, I have tried everything I can think of. I have looked on the web and it
seems that others have had the same problem but I can't find where anyone
has the answer.
Paul
 
G

Gene E. Bloch

I previously made multipage PDF files from my scanner (Microtek via TWAIN on
XP system) but have now scrapped that computer and replaced it with a new
Win 7 system and the latest Acrobat Pro 9.3. If I could rescue the old
computer I would but it is gone.

Windows stops Acrobat running with a message saying that DEP is helping to
protect my computer and will close Acrobat. I have tried to disable DEP but
I get told that acrobat.exe MUST run with DEP enabled.

Apparently it is possible to edit the boot.ini file to disable DEP
completely but I don't see that as an option, although I am tempted to try
it.
Does anyone have any ides about fixing this problem?
I think some of these new "security features" border on the paranoid.

Paul
I seem to recall that DEP can be disabled in hardware, i.e., in the BIOS
settings, of some computers. If that is possible on your computer, Acrobat
might consent to run without DEP. After all, not every computer has DEP, so
Acrobat should take account of the hardware capabilities...

This is a WAG, of course, but I hope it might help.
 
J

Joe Morris

I previously made multipage PDF files from my scanner (Microtek via
TWAIN on XP system) but have now scrapped that computer and replaced it
with a new Win 7 system and the latest Acrobat Pro 9.3. If I could
rescue the old computer I would but it is gone.

Windows stops Acrobat running with a message saying that DEP is helping
to protect my computer and will close Acrobat. I have tried to disable
DEP but I get told that acrobat.exe MUST run with DEP enabled.

Apparently it is possible to edit the boot.ini file to disable DEP
completely but I don't see that as an option, although I am tempted to
try it.
Does anyone have any ides about fixing this problem?
I think some of these new "security features" border on the paranoid.
What version of Acrobat are you using, and which DEP option is set?

Badly-written code will* trip over DEP in many cases, but my shop
established a global policy of running DEP in the "OptOut" mode - and we're
seeing no problems after a year, including Acrobat installations (current
version 9.x). (We have had a couple of specialized software packages that
we had to (very reluctantly) add to the OptOut list.)

Windows 7 by default set DEP in "OptIn" mode (which is a stupid name, since
it suggests - incorrectly - that it's more secure than "OptOut"). In
Windows (XP/Vista/7) you can set DEP to any of four states: in increasing
levels of security, Always off, OptIn, Opt Out, and Always On.

"Always On" will cause major headaches and I see it as usable only on a
fully locked-down environment. OptIn by default protects only the system
executables (good idea, but not sufficient to repel attackers); OptOut
allows you to exempt specific executables but otherwise enforces DEP.

Note that if you disable the hardware function on which DEP relies but do
not turn off DEP in Windows, the system will continue to provide limited
protection by simulating the DEP hardware, with a resulting performance
penalty.

Joe Morris
 
P

P

Joe,
You seem to be getting close to solving my problem. I have Acrobat Pro 9.3.4
(with this week's latest security update).
I have a Dell Optiplex 980 with an Intel i7 processor.
The scanner is a Microtex x12. Now I know that is a few years old but I have
the latest driver and it worked well before with Win XP and Acrobat 8. I
have contacted Microtex support and they suggest the problem could be with
Acrobat. I now suspect it is with Windows 7. The trouble occurs when I try
to access the scanner via Acrobat by using the "Create PDF > from scanner >
Select device ... " Then the DEP closes Acrobat.

The reason to work this way is to make multi-page PDFs and run OCR all in
one operation.

Can you tell me how to change the DEP settings - you mention four states but
I cannot find that. I get to the DEP tab in Advanced System Settings and
there are only 2 options. It will not allow me to add acrobat.exe to the
list. There is nothing else on the list.

Any help you can give would be greatly appreciated.

Paul
 
R

Roy Smith

Joe,
You seem to be getting close to solving my problem. I have Acrobat Pro
9.3.4 (with this week's latest security update).
I have a Dell Optiplex 980 with an Intel i7 processor.
The scanner is a Microtex x12. Now I know that is a few years old but I
have the latest driver and it worked well before with Win XP and Acrobat
8. I have contacted Microtex support and they suggest the problem could
be with Acrobat. I now suspect it is with Windows 7. The trouble occurs
when I try to access the scanner via Acrobat by using the "Create PDF >
from scanner > Select device ... " Then the DEP closes Acrobat.

The reason to work this way is to make multi-page PDFs and run OCR all
in one operation.

Can you tell me how to change the DEP settings - you mention four states
but I cannot find that. I get to the DEP tab in Advanced System Settings
and there are only 2 options. It will not allow me to add acrobat.exe to
the list. There is nothing else on the list.

Any help you can give would be greatly appreciated.

Paul
You might find this page useful:

http://www.addictivetips.com/window...n-dep-and-how-to-disable-it-in-windows-vista/

Although it's for Vista, it should work for Win 7 as well.


--

Roy Smith
Windows 7 Professional
Thunderbird 3.1.2
Saturday, August 21, 2010 5:39:25 AM
 
P

P

Thanks for the link. I have been reading the comments on that page and the
method seems to have caused several people problems that they will have real
trouble getting out of. I read somewhere else that if this sort of thing it
not done right the computer may never boot again.

Is Microsoft just being hard to get on with stopping widely used software
from doing its thing, maybe part of a MS - Adobe feud? It is totally wrong
that a customer of these companies should be caught in the middle.

Anyway, how risky is this procedure? It seemed to work for only one person
who commented. More had trouble.

Paul
 
J

Joe Morris

P said:
You seem to be getting close to solving my problem. I have Acrobat Pro
9.3.4 (with this week's latest security update).
I have a Dell Optiplex 980 with an Intel i7 processor.
The scanner is a Microtex x12. Now I know that is a few years old but I
have the latest driver and it worked well before with Win XP and Acrobat
8. I have contacted Microtex support and they suggest the problem could be
with Acrobat. I now suspect it is with Windows 7. The trouble occurs when
I try to access the scanner via Acrobat by using the "Create PDF > from
scanner > Select device ... " Then the DEP closes Acrobat.
I would be highly suspicious of the TWAIN drivers in that case. They are
the responsibility of the scanner vendor, not Adobe. I've used Acrobat with
an HP scanner with DEP enabled in the OS and had no problems, although in my
case it's XP and not Win7.
Can you tell me how to change the DEP settings - you mention four states
but I cannot find that. I get to the DEP tab in Advanced System Settings
and there are only 2 options. It will not allow me to add acrobat.exe to
the list. There is nothing else on the list.

There should be no need to add Acrobat to the exclusion list; my shop has
been running with DEP set to OptOut for some time and the current versions
of both Reader and Acrobat have run without problems on either XP or Win7.
(I can't say if it's been tested against TWAIN drivers on a Win7 platform,
but the shop has significant use of Acrobat and I'll be surprised if someone
with a Win7 system hasn't at least tried scanning. I own the Win7 system in
our shop and would probably have had heard of any problems from our ~8000
engineers if someone had run into problems.

OTOH, Google shows some reports about problems on Vista when using Acrobat
with DEP enabled, but the ones I looked at don't provide much detail or
followup.


Is there an event log entry for the failure?


Is it possible that somehow your system has been changed to set DEP to
"AlwaysOn"? As I mentioned upthread many, many programs (including some
only-slightly-not-recent versions of InstallShield) die if DEP is AlwaysOn.

Open an elevated command prompt, then in the command window type the command

BCDEDIT

with no parameters (case-insensitive; shown here in CAPS for clarity).
Here's typical output from a 64-bit Windows 7 system:

=====
Windows Boot Manager
--------------------
[deleted; not relevant here]

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {e5efa91a-6f68-11df-8a6d-000c29969504}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {e5efa918-6f68-11df-8a6d-000c29969504}
nx OptOut
=====

Note the last line: it shows that the system is running in OptOut mode. If
it's set to AlwaysOn, change it with the command:

BCDEDIT /SET NX OPTOUT

Expected output:

=====
C:\>bcdedit /set nx optout
The operation completed successfully.
C:\>
=====

Reboot to complete the change.

Other valid values for the last token are AlwaysOff, AlwaysOn, and OptIn.

Warning: if you're using dual boot you'll need to be much more familiar with
BCDEDIT's convoluted syntax but the example above should be appropriate for
a standard installation. In all cases (XP/Vista/7) you can see the
currently-active DEP setting in the Registry (rebuilt at each boot):

HKLM\SYSTEM\CurrentControlSet\Control[SystemStartOptions]

On my 64-bit Win7 Enterprise box that's a REG_SZ string:

NOEXECUTE=OPTOUT

Joe Morris
 
J

Joe Morris

Thanks for the link. I have been reading the comments on that page and the
method seems to have caused several people problems that they will have
real trouble getting out of. I read somewhere else that if this sort of
thing it not done right the computer may never boot again.
I *strongly* advise against using the procedure described in the web page,
not because it won't work, but because it will.

DEP provides protection against a popular attack mechanism used by malware
to take control of your system. The short description is that it allows the
system to define areas of memory that should never contain executable code;
should the CPU ever be told to fetch an instruction from such an area it
will refuse to do so and will throw an exception.

Malware can exploit the lack of this protection by passing invalid data to
privileged programs that don't properly validate inputs; this corrupts part
of memory, causing the CPU to execute instructions provided by the attacker.
(This is one type of "remote code execution" attack.)

DEP can be a pain when non-malware programs trip over it, but in today's
world of massive botnets that grow by taking over victims' systems (not to
mention victims where keyloggers are installed and bank userids and
passwords are stolen) DEP offers a last line of defense.

Is Microsoft just being hard to get on with stopping widely used software
from doing its thing, maybe part of a MS - Adobe feud? It is totally wrong
that a customer of these companies should be caught in the middle.
Lots of software products, especially older ones, trip over DEP. I won't
say that Micro$oft is likely to be unhappy about Adobe having problems, but
I've not run across anything in DEP that even faintly suggests that it's
intended to cause problems for any legitimate vendor. Relatively recent
versions of InstallShield, for example, have problems: I found that out
while trying to install some drivers from Dell where the driver was fine,
but the installer blew up.
Anyway, how risky is this procedure? It seemed to work for only one person
who commented. More had trouble.
With malware creators becoming increasingly sophisticated (the "script
kiddies" are still there but they aren't the big problem now) and able to
evade signature-based protections (antivirus programs) I would be far more
worried about malware getting through if I don't have DEP running than I
would be about a program that's (supposedly) still being supported by its
vendor.

Summary: push back - hard - on both Adobe and Microtex to get the problem
fixed. And look in the Application event log for clues that might help you
figure out what's triggering a DEP exception.

QUESTION for the entire newsgroup readership: has anyone else encountered
problems with TWAIN drivers when used through Acrobat? When used through a
non-Adobe program?

Joe Morris
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top