Reference Guide
Manage Policies
200
Process
Injection:
Remote Thread
Creation
Alert
Ignore
Alert
Block
Term
inate
Specify the action to take when a remote threa
d creation
threat is dete
cted.
Ignore
- No action is taken against identified memory
violations
.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation p
rocess. The application that
made the call is allowed to continue to
run.
Terminate
- Block the process call if an application
attempts to call a memory violation process and terminate
the application tha
t made the call.
Remote Thread Creation
- A process has created a new
thread in another process. A process's threads are usually
only created by th
at same process. This is generally used
by an attacker to activate a malicious presence that has
been injecte
d into another process.
The Remote Thread Creation p
rocess injection affects
Windows and macOS operating sys
tems.
Process
Injection:
Remote APC
Scheduled
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote APC scheduled
threat is d
etected.
Ignore
- No action is taken against identified memory
violat
ions.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation process. The applicatio
n that
made the call is allowed to continue to
run.
Terminate
- Block the process call if an application
attempts to call a memory violation proces
s and terminate
the application that made the call.
Remote APC Scheduled
- A process has diverted the
executi
on of another process's thread. This is generally
us
ed by an attacker to activate a malicious presence that
has been injected into another pro
cess.
The Remote APC Scheduled process injection affects Windows
operating systems. This policy does not apply to
Mac
cl
ients.
Process
Injection:
Remote DYLD
Injection (Mac
OS X only)
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote
DYLD injection
threat is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the
Dell Server.
Block
- Block the process call if an application attempts
to call a memory violati
on process. The application that
ma
de the call is allowed to continue to run.
Terminate
- Block the process call if an application
attempts to call a memory viol
ation process and terminate
the application that made the
call.
DYLD Injection
- An environment variable has been set to