Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

221

222

223

224

225

226

227

228

229

230

Manage Policies

210

Exploitation:

Malicious Payload

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a malicious payload is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Malicious Payload - A generic shellcode and payload detection associated with

exploitation has been detected.

The Malicious Payload exploitation affects Windows operating systems. This

policy does not apply to Mac clients.

Process Injection:

Remote Allocation

of Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote memory allocation threat is

detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote Allocation of Memory - A process has allocated memory in another

process. Most allocations will only occur within the same process. This

generally indicates an attempt to inject code or data into another process,

which may be a first step in reinforcing a malicious presence on a system.

The Remote Allocation of Memory process injection affects Windows and

macOS operating systems.

Process Injection:

Remote Mapping of

Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote attempt to map memory threat is

detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote Mapping of Memory - A process has introduced code and/or data into

another process. This may indicate an attempt to begin executing code in

another process and thereby reinforce a malicious presence.

The Remote Mapping of Memory process injection affects Windows and

macOS operating systems.