Reference Guide
Manage Policies
198
Process
Injection:
Remote Mapping
of Memory
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote attempt to map
memory th
reat is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Server.
Bloc
k - Block the process call if an application attempts
to call a memory violation process. The a
pplication that
made the call is allowed to continue to
run.
Terminate
- Block the process call if an application
attempts to call a memory violation process and
terminate
the application that made the
call.
Remote Mapping of Memory
- A process has introduced code
and/or
data into another process. This may indicate an
attempt to begin executing code in another pr
ocess and
thereby reinforce a malicious pres
ence.
Th
e Remote Mapping of Memory process injection affects
Windows and macOS operating sys
tems.
Process
Injection:
Remote Write to
Memory
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a re
mote attempt to write
to memory threat is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Se
rver.
Block
- Block the process call if an application attempts
to call
a memory violation process. The application that
ma
de the call is allowed to continue to run.
Terminate
- Block the process call if an application
attempts to call a memory violation process
and terminate
the application that made the
call.
Remote Write t
o Memory - A process has modified memory in
another
process. This is usually an attempt to store code
or data in previously allocated memory but it
is possible
that an attacker is trying to overwrite existing memory to
divert execution for a malicious pur
pose.
The Remote Write to Memory process injection af
fects
Windows and macOS operating sys
tems.
Process
Injection:
Remote Write PE
to Memory
Alert
Ignore
Alert
Block
Terminate
Specify the act
ion to take when a remote attempt to write
a portable executable
to memory threat is detected.
Ignore
- No action is taken against identified memory
violat
ions.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation pr
ocess. The application that
made the call is allowed
to continue to run.
Terminate
- Block the process call if an application
attempts to call a me
mory violation process and terminate
the app
lication that made the call.
Remote Write PE to Memory
- A process has modified memory
in another process to contain
an executable image.