Reference Guide
Security Management Server Virtual v10.2.10 AdminHelp
199
cause a shared library to be injected into a launched
process. Attacks can modify the plist of applications like
Safari or replace applications with bash scripts, that
cause their modules to be loaded automatically w
hen an
application starts.
The DYLD Injection pro
cess injection affects macOS
operating systems. This policy does not apply to Windows
clients.
Escalation:
LSASS Read
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when an LSASS read threat
is
detected.
Ignore
- No action is taken against identified memory
violations
.
Alert
- Record the violation and report the incident to
the Dell Serve
r.
Block
- Block the process call if an application attempts
to call a memory violation process. The applic
ation that
made the call is allowed to continue t
o run.
Terminate
- Block the process call if an application
attempts to call a memory violation proc
ess and terminate
the application that made the call.
LSASS Read
- Memory belonging to the Windows Local
Se
curity Authority process has been accessed in a manner
that indicates an atte
mpt to obtain users' passwords.
The LSASS Read escalation affects Window
s operating
systems. This policy does not apply to Mac
clients.
Escalation: Zero
Allocate
Alert
Ignore
Ale
rt
Block
Terminate
Specify the action to take when a zero byte allocation
thr
eat is detected.
Ignore
- No action is taken against identified memory
v
iolations.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation process. The ap
plication that
made the call is allowed to continue to run.
Terminate
- Block the process call if an application
attempts to c
all a memory violation process and terminate
the appl
ication that made the call.
Zero Allocate
- A null page has been allocated. T
he memory
region is typically reserved, but in certain circumstances
it
can be allocated. Attacks can use this to setup
privil
ege escalation by taking advantage of some known
null
de-reference exploit, typically in the kernel.
The Zero Allocate escalation
affects Windows and macOS
operating systems.
Execution Control