Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

221

222

223

224

225

226

227

228

229

230

Security Management Server v10.2.7 AdminHelp

211

Process Injection:

Remote Write to

Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote attempt to write to memory threat is

detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote Write to Memory - A process has modified memory in another

process. This is usually an attempt to store code or data in previously allocated

memory but it is possible that an attacker is trying to overwrite existing

memory to divert execution for a malicious purpose.

The Remote Write to Memory process injection affects Windows and macOS

operating systems.

Process Injection:

Remote Write PE to

Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote attempt to write a portable

executable to memory threat is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote Write PE to Memory - A process has modified memory in another

process to contain an executable image. Generally this indicates that an

attacker is attempting to execute code without first writing that code to disk.

The Remote Write PE to Memory process injection affects Windows operating

systems. This policy does not apply to Mac clients.

Process Injection:

Remote Overwrite

Code

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote overwrite code threat is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote Overwrite Code - A process has modified executable memory in

another process. Under normal conditions executable memory is not modified,

especially by another process. This usually indicates an attempt to divert

execution in another process.

The Remote Overwrite Code process injection affects Windows operating

systems. This policy does not apply to Mac clients.