Reference Guide
Manage Policies
212
Process Injection:
Remote Unmap of
Memory
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote memory unmapping threat is
detected.
Ignore - No action is taken against identified memory violations.
Alert - Record the violation and report the incident to the Dell Server.
Block - Block the process call if an application attempts to call a memory
violation process. The application that made the call is allowed to continue to
run.
Terminate - Block the process call if an application attempts to call a memory
violation process and terminate the application that made the call.
Remote Unmap of Memory - A process has removed a Windows executable
from the memory of another process. This may indicate an intent to replace
the executable image with a modified copy for the purpose of diverting
execution.
The Remote Unmap of Memory process injection affects Windows operating
systems. This policy does not apply to Mac clients.
Process Injection:
Remote Thread
Creation
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote thread creation threat is detected.
Ignore - No action is taken against identified memory violations.
Alert - Record the violation and report the incident to the Dell Server.
Block - Block the process call if an application attempts to call a memory
violation process. The application that made the call is allowed to continue to
run.
Terminate - Block the process call if an application attempts to call a memory
violation process and terminate the application that made the call.
Remote Thread Creation - A process has created a new thread in another
process. A process's threads are usually only created by that same process.
This is generally used by an attacker to activate a malicious presence that has
been injected into another process.
The Remote Thread Creation process injection affects Windows and macOS
operating systems.
Process Injection:
Remote APC
Scheduled
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote APC scheduled threat is detected.
Ignore - No action is taken against identified memory violations.
Alert - Record the violation and report the incident to the Dell Server.
Block - Block the process call if an application attempts to call a memory
violation process. The application that made the call is allowed to continue to
run.
Terminate - Block the process call if an application attempts to call a memory
violation process and terminate the application that made the call.
Remote APC Scheduled - A process has diverted the execution of another
process's thread. This is generally used by an attacker to activate a malicious
presence that has been injected into another process.
The Remote APC Scheduled process injection affects Windows operating
systems. This policy does not apply to Mac clients.