Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

221

222

223

224

225

226

227

228

229

230

Manage Policies

208

Process Injection:

Remote Allocation

of Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote memory allocation threat is

detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote Allocation of Memory - A process has allocated memory in another

process. Most allocations will only occur within the same process. This

generally indicates an attempt to inject code or data into another process,

which may be a first step in reinforcing a malicious presence on a system.

The Remote Allocation of Memory process injection affects Windows and

macOS operating systems.

Process Injection:

Remote Mapping of

Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote attempt to map memory threat is

detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote Mapping of Memory - A process has introduced code and/or data into

another process. This may indicate an attempt to begin executing code in

another process and thereby reinforce a malicious presence.

The Remote Mapping of Memory process injection affects Windows and

macOS operating systems.

Process Injection:

Remote Write to

Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote attempt to write to memory threat is

detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote Write to Memory - A process has modified memory in another

process. This is usually an attempt to store code or data in previously allocated

memory but it is possible that an attacker is trying to overwrite existing

memory to divert execution for a malicious purpose.

The Remote Write to Memory process injection affects Windows and macOS

operating systems.