Reference Guide
Manage Policies
196
Process
Injection:
Remote Mapping
of Memory
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote attempt to
map
memory threat is detected
.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation
process. The application that
made the call is allowed to continue to run.
Te
rminate - Block the process call if an application
attempts to call a me
mory violation process and terminate
the application that made the call.
Remote Mapping of Memory
- A process has introduced code
and/or
data into another process. This may indicate an
attempt to begin executing code in another process and
thereby reinforc
e a malicious presence.
The Remote Mapping of Memory process injection affects
Windows and macOS operating
systems.
Process
Injection:
Remote Write to
Memory
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote attempt to write
to m
emory threat is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation proces
s. The application that
made the call is allowed to continue to run.
Terminate
- Block the process call if an application
attempts to call a memory violation process
and terminate
the
application that made the call.
Remote Write to Memory
- A process has modified memory in
another process. This is usually an attempt to store code
or data in previously allocated
memory but it is possible
that an attacker is trying to o
verwrite existing m
emory to
divert execution for a malicious purpose.
The Remote Write to M
emory process injection affects
Windows and macOS operating systems.
Process
Injection:
Remote Write PE
to Memory
Alert
Ignore
Alert
Block
Terminate
Specify the act
ion to take when a remote attempt to write
a portable executable to memory threat is detect
ed.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation process. The application tha
t
made the call is allowed to continue to run.
Terminate
- Block the process call if an application
attempt
s to call a memory violation process and terminate
the app
lication that made the call.
Remote Write PE to Memory
- A process has modified memory
in a
nother process to contain an executable image.