Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

221

222

223

224

225

226

227

228

229

230

Manage Policies

206

Platform\VSCore_ENS_10.1\x64\vtpinfo.exe

\Program Files (x86)\McAfee\Endpoint Security\Web

Control\McChHost.exe

\Program Files (x86)\McAfee\Endpoint Security\Web

Control\mfewc.exe

\Program Files (x86)\McAfee\Endpoint Security\Web

Control\mfewch.exe

\Program Files (x86)\McAfee\Endpoint Security\Web

Control\mfewcui.exe

\Program Files (x86)\McAfee\Endpoint Security\Web

Control\RepairCache\McAfee_Web_Control_x64.msi

\Program Files (x86)\McAfee\Endpoint Security\Web

Control\RepairCache\setupWC.exe

\Program Files (x86)\McAfee\Endpoint Security\Web

Control\x64\mfewch.exe

\Windows\System32\mfevtps.exe

\Program Files\McAfee\Endpoint Security\Endpoint

Security Platform\LogDebugSetter.exe

\Program Files\McAfee\Endpoint

Security\MfeUpgradeTool.exe

Exploitation: Stack

Pivot

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a stack pivot threat is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Stack Pivot - The stack for a thread has been replaced with a different stack.

Generally the system will only allocate a single stack for a thread. An attacker

would use a different stack to control execution in a way that is not blocked by

Data Execution Prevention (DEP).

The Stack Pivot exploitation affects Windows and macOS operating systems.

Exploitation: Stack

Protect

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a stack protect threat is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Stack Protect - The memory protection of a thread's stack has been modified

to enable execution permission. Stack memory should not be executable, so

usually this means that an attacker is preparing to run malicious

code stored in

stack memory as part of an exploit, an attempt which would otherwise be

blocked by Data Execution Prevention (DEP).

The Stack Protect exploitation affects Windows and macOS operating systems.