Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

221

222

223

224

225

226

227

228

229

230

Security Management Server v10.2.7 AdminHelp

209

Exploitation: Stack

Protect

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a stack protect threat is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Stack Protect - The memory protection of a thread's stack has been modified

to enable execution permission. Stack memory should not be executable, so

usually this means that an attacker is preparing to run malicious code stored in

stack memory as part of an exploit, an attempt which would otherwise be

blocked by Data Execution Prevention (DEP).

The Stack Protect exploitation affects Windows and macOS operating systems.

Exploitation:

Overwrite Code

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when an overwrite code threat is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Overwrite Code - Code residing in a

process's memory has been modified using

a technique that may indicate an attempt to bypass Data Execution Prevention

(DEP).

The Overwrite Code exploitation affects Windows operating systems. This

policy does not apply to Mac clients.

Exploitation:

Scanner Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a scanner memory search threat is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Scanner Memory Search, or RAM Scraping - A process is trying to read valid

magnetic stripe track data from another process. Typically related to point-of-

sale systems (POS).

The Scanner Memory Search exploitation affects Windows operating systems.

This policy does not apply to Mac clients.