Reference Guide
Manage Policies
194
Exploitation:
Stack Protect
Alert
Ignore
Alert
Block
Termina
te
Specify the action to take when a stack protect threat is
detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation process. The application that
made the
call is allowed to continue to run.
Terminate
- Block the process call if an application
at
tempts to call a memory violation process and terminate
the application that made the c
all.
Stack Protect
- The memory protection of a thread's stack
has been modif
ied to enable execution permission. Stack
memory should not be executabl
e, so usually this means
that an attacker is preparing to run malicious code stored
in stack memory as part
of an exploit, an attempt which
would otherwise be blocked by Data Execution
Prevention
(DEP).
The Stack Protect exploitation affects Windows and ma
cOS
operating systems.
Exploitation:
Overwrite Code
Alert
Ignore
Alert
Block
Terminate
Specify the action
to take when an overwrite code threat
is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call
a memory violation process. The application that
ma
de the call is allowed to continue to run.
Terminate
- Block the process call if an application
at
tempts to call a memory violation process and terminate
the application that made the call.
Overwrite Code
- Code residing in a process's memory has
been modi
fied using a technique that may indicate an
attempt to bypass Data Execution Prevention (DEP).
The
Overwrite Code exploitation affects Windows operating
systems. This policy does not apply to Mac clients.
Exploitation:
Scanner Memory
Search
Alert
Ignore
A
lert
Block
Terminate
Speci
fy the action to take when a scanner memory search
threat is detected.
I
gnore - No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation process. The application that
mad
e the call is allowed to continue to run.
Terminate
- Block the process call if an application
attempts to
call a memory violation process and terminate
the a
pplication that made the call.
Scanner Memory Search, or RAM Scraping
- A process is