Reference Guide
Security Management Server Virtual v10.2.7 AdminHelp
207
Exploitation:
Overwrite Code
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when an overwrite code threat is detected.
Ignore - No action is taken against identified memory violations.
Alert - Record the violation and report the incident to the Dell Server.
Block - Block the process call if an application attempts to call a memory
violation process. The application that made the call is allowed to continue to
run.
Terminate - Block the process call if an application attempts to call a memory
violation process and terminate the application that made the call.
Overwrite Code -
Code residing in a process's memory has been modified using
a technique that may indicate an attempt to bypass Data Execution Prevention
(DEP).
The Overwrite Code exploitation affects Windows operating systems. This
policy does not apply to Mac clients.
Exploitation:
Scanner Memory
Search
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a scanner memory search threat is detected.
Ignore - No action is taken against identified memory violations.
Alert - Record the violation and report the incident to the Dell Server.
Block - Block the process call if an application attempts to call a memory
violation process. The application that made the call is allowed to continue to
run.
Terminate - Block the process call if an application attempts to call a memory
violation process and terminate the application that made the call.
Scanner Memory Search, or RAM Scraping - A process is trying to read valid
magnetic stripe track data from another process. Typically related to point-of-
sale systems (POS).
The Scanner Memory Search exploitation affects Windows operating systems.
This policy does not apply to Mac clients.
Exploitation:
Malicious Payload
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a malicious payload is detected.
Ignore - No action is taken against identified memory violations.
Alert - Record the violation and report the incident to the Dell Server.
Block - Block the process call if an application attempts to call a memory
violation process. The application that made the call is allowed to continue to
run.
Terminate - Block the process call if an application attempts to call a memory
violation process and terminate the application that made the call.
Malicious Payload - A generic shellcode and payload detection associated with
exploitation has been detected.
The Malicious Payload exploitation affects Windows operating systems. This
policy does not apply to Mac clients.