Reference Guide
Security Management Server v10.2.10 AdminHelp
199
Generally this indicates that an attacker is attempting to
execute code wi
thout first writing that code to disk.
The R
emote Write PE to Memory process injection affects
Windows operat
ing systems. This policy does not apply to
Mac cli
ents.
Process
Injection:
Remote Overwrite
Code
Alert
Ignore
Alert
Block
Terminate
Specify the ac
tion to take when a remote overwrite code
threat is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Se
rver.
Block
- Block the process call if an application attempts
to call a memory violation process. The application that
made the call is allowed to continue to
run.
Term
inate - Block the process call if an application
att
empts to call a memory violation process and terminate
the application that made
the call.
Remo
te Overwrite Code - A process has modified executable
memory in another process. Under normal conditions
exec
utable memory is not modified, especially by another
process. This usually indicates an attempt to divert
execution in another pro
cess.
The Remote
Overwrite Code process injection affects
Windows operating systems. This policy does not apply to
Mac clients
.
Process
Injection:
Remote Unmap of
Memory
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote memory unmap
ping
threat is
detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation process
. The application that
made the call is allowed to continue to
run.
Terminate
- Block the process call if an application
at
tempts to call a memory violation process and terminate
the application that made the
call.
Remote Unmap of Memory
- A process has removed a Windows
executable from the memory of another process. This may
indicate an intent to replace the executable image
with a
modified copy for the purpose of diverting ex
ecution.
The Remote Unmap of Memory process injection affects
Windows operating s
ystems. This policy does not apply to
Mac cli
ents.