Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

201

202

203

204

205

206

207

208

209

210

Manage Policies

Exploitation:

Stack Protect

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a stack protect threat is

detected.

Ignore

- No action is taken against identified memory

violations.

Alert

- Record the violation and report the incident to

the Dell Server.

Block

- Block the process call if an application attempts

to call a memory violation process. The application that

made the call is allowed to continue to run.

Terminate

- Block the process call if an application

attempts to c

all a memory violation process and terminate

the application that made the call.

Stack Protect

- The memory protection of a thread's stack

has been modified to enable execution permission. Stack

memory should not be executable, so usually this means

that an attacker is preparing to run malicious code stored

in stack memory as part of an exploit, an attempt which

would otherwise be blocked by Data Execution Prevention

(DEP).

The Stack Protect exploitation affects Windows and macOS

operating systems.

Exploitation:

Overwrite Code

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when an overwrite code threat

is detected.

Ignore

- No action is taken against identified memory

violations.

Alert

- Record the violation and report the incident to

the Del

l Server.

Block

- Block the process call if an application attempts

to call a memory violation process. The application that

made the call is allowed to continue to run.

Terminate

- Block the process call if an application

attempts to call a memory violati

on process and terminate

the application that made the call.

Overwrite Code

- Code residing in a process's memory has

been modified using a technique that may indicate an

attempt to bypass Data Execution Prevention (DEP).

The Overwrite Code exploitation af

fects Windows operating

systems. This policy does not apply to Mac clients.

Exploitation:

Scanner Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a scanner memory search

threat is detected.

Ignore

- No action is taken against identified memory

violations.

Alert

- Record the violation and report the incident to

the Dell Server.

Block

- Block the process call if an application attempts

to call a memory violation process. The application that

made the call is allowed to contin

ue to run.

Terminate

- Block the process call if an application

attempts to call a memory violation process and terminate

the application that made the call.

Scanner Memory Search, or RAM Scraping

- A process is

196