Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

211

212

213

214

215

216

217

218

219

220

Security Management Server v10.2.11 AdminHelp

cause a shared library to be injected into a launched

process. Attacks can modify the plist of applications like

Safari or replace applicati

ons with bash scripts, that

cause their modules to be loaded automatically when an

application starts.

The DYLD Injection process injection affects macOS

operating systems. This policy does not apply to Windows

clients.

Escalation:

LSASS Read

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when an LSASS read threat is

detected.

Ignore

- No action is taken against identified memory

violations.

Alert

- Record the violation and report the incident to

the Dell Server.

Block

- Block the process call if an application attempts

to call a memory violation process. The application that

made the call is allowed to continue to run.

Terminate

- Block the process call if an application

attempts to call a memory violation process and terminate

the applicati

on that made the call.

LSASS Read

- Memory belonging to the Windows Local

Security Authority process has been accessed in a manner

that indicates an attempt to obtain users' passwords.

The LSASS Read escalation affects Windows operating

systems. This polic

y does not apply to Mac clients.

Escalation: Zero

Allocate

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a zero byte allocation

threat is detected.

Ignore

- No action is taken against identified memory

violations.

Alert

- Record the violation and report the incident to

the Dell Server.

Block

- Block the process call if an application attempts

to call a memory violation process. The application that

made the call is allowed to continue to run.

Terminate

- Block the process call if an application

attempts to call a memory violation process and terminate

the application that made the call.

Zero Allocate

A null page has been allocated. The memory

region is typically reserved, but in certain circumstances

it can be allocated. Attacks can u

se this to setup

privilege escalation by taking advantage of some known

null de

-reference exploit, typically in the kernel.

The Zero Allocate escalation affects Windows and macOS

operating systems.

Execution Control

201