Reference Guide
Manage Policies
196
Exploitation:
Stack Protect
Alert
Ignore
Alert
Block
Terminate
Specify the
action to take when a stack protect threat is
detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Se
rver.
Block
- Block the process call if an application attempts
to
call a memory violation process. The application that
made the call is allowed to continue to run.
Terminate
- Block the process call if an application
at
tempts to call a memory violation process and terminate
the application that made the
call.
Stack Pro
tect - The memory protection of a thread's stack
has been modified to enable execution permission. Stack
memo
ry should not be executable, so usually this means
that an attacker is preparing to run malicious code stored
in stack memory as part of an exploit
, an attempt which
would otherwise be blocked by Data Execution Prevention
(
DEP).
The Stack Protect exploitat
ion affects Windows and macOS
operating systems.
Exploitation:
Overwrite Code
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a
n overwrite code threat
is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
th
e Dell Server.
Block
- Block the process call if an application attempts
to call a memory viola
tion process. The application that
ma
de the call is allowed to continue to run.
Terminate
- Block the process call if an application
attempts to call a memory vi
olation process and terminate
the application that made the
call.
Overwrite Code
- Code residing in a process's memory has
been modi
fied using a technique that may indicate an
attempt to bypass Data Execu
tion Prevention (DEP).
The Overwrite Code exploitati
on affects Windows operating
systems. This policy does not apply to Mac cli
ents.
Exploitation:
Scanner Memory
Search
Alert
Ignore
A
lert
Block
Terminate
Specify the action to take when a scanner memory se
arch
threat is detected.
Ignore
- No action is taken against identified memory
violat
ions.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation process
. The application that
made the call is allowed to c
ontinue to run.
Terminate
- Block the process call if an application
attempts to call a memory
violation process and terminate
the a
pplication that made the call.
Scanner Memory Search, or RAM Scraping
- A process is