Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

221

222

223

224

225

226

227

228

229

230

Manage Policies

210

Process Injection:

Remote Thread

Creation

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote thread creation threat is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote Thread Creation - A process has created a new thread in another

process. A process's threads are usually only created by that same process.

This is generally used by an attacker to activate a malicious presence that has

been injected into another process.

The Remote Thread Creation process injection affects Windows and macOS

operating systems.

Process Injection:

Remote APC

Scheduled

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote APC scheduled threat is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

Remote APC Scheduled - A process has diverted the execution of another

process's thread. This is generally used by an attacker to activate a malicious

presence that has been injected into another process.

The Remote APC Scheduled process injection affects Windows operating

systems. This policy does not apply to Mac clients.

Process Injection:

Remote DYLD

Injection (Mac OS X

only)

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote DYLD injection threat is detected.

Ignore - No action is taken against identified memory violations.

Alert - Record the violation and report the incident to the Dell Server.

Block - Block the process call if an application attempts to call a memory

violation process. The application that made the call is allowed to continue to

run.

Terminate - Block the process call if an application attempts to call a memory

violation process and terminate the application that made the call.

DYLD Injection - An environment variable has been set to cause a shared

library to be injected into a launched process. Attacks can modify the plist of

applications like Safari or replace applications with bash scripts, that cause

their modules to be loaded automatically when an application starts.

The DYLD Injection process injection affects macOS operating systems. This

policy does not apply to Windows clients.