Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

221

222

223

224

225

226

227

228

229

230

Security Management Server Virtual v10.2.7 AdminHelp

209

Process Injection:

Remote Write PE to

Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote attempt to write a portable

executable to memory threat is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote Write PE to Memory - A process has modified memory in another

process to contain an executable image. Generally this indicates that an

attacker is attempting to execute code without first writing that code to disk.

The Remote Write PE to Memory process injection affects Windows operating

systems. This policy does not apply to Mac clients.

Process Injection:

Remote Overwrite

Code

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote overwrite code threat is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote Overwrite Code - A process has modified executable memory in

another process. Under normal conditions executable memory is not modified,

especially by another process. This usually indicates an attempt to divert

execution in another process.

The Remote Overwrite Code process injection affects Windows operating

systems. This policy does not apply to Mac clients.

Process Injection:

Remote Unmap of

Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote memory unmapping threat is

detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote Unmap of Memory - A process has removed a Windows executable

from the memory of another process. This may indicate an intent to replace

the executable image with a modified copy for the purpose of diverting

execution.

The Remote Unmap of Memory process injection affects Windows operating

systems. This policy does not apply to Mac clients.