Reference Guide
Security Management Server v10.2.10 AdminHelp
201
cause a shared library to be injected into a launched
process. Attacks can modify the plist of applications like
Safari or replace appl
ications with bash scripts, that
cause their modules to be loaded automatically when an
applica
tion starts.
The DYLD Injection pro
cess injection affects macOS
operating systems. This policy does not apply
to Windows
cli
ents.
Escalation:
LSASS Read
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when an LSASS read threat is
detected.
I
gnore - No action is taken against identified memory
violat
ions.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation process. The application that
mad
e the call is allowed to continue to run.
Terminate
- Block the process call if an application
attempts to ca
ll a memory violation process and terminate
the appl
ication that made the call.
LSASS Read
- Memory belonging to the Windows Local
Security Authori
ty process has been accessed in a manner
that indicates an attempt to obtain users' passwords.
The LSASS Read
escalation affects Windows operating
systems. This
policy does not apply to Mac clients.
Escalation: Zero
Allocate
Alert
Ignore
Alert
Block
Termi
nate
Specify the action to take when a zero byte allocation
threat is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Se
rver.
Block
- Block the process call if an application attempts
to call a memory violation process. The application that
made the call is allowed to con
tinue to run.
Terminate
- Block the process call if an application
attempts to c
all a memory violation process and terminate
the application that m
ade the call.
Zero Allocate
-
A null page has been allocated. The memory
region is typically reserved, but in
certain circumstances
it can be allocated. Attacks
can use this to setup
privil
ege escalation by taking advantage of some known
null de
-reference exploit, typically in the kernel.
The Zero Allocate escalation affects Windows and macOS
operating systems.
Execution Control