Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

201

202

203

204

205

206

207

208

209

210

Manage Policies

Process

Injection:

Remote Mapping

of Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote attempt to map

memory threat is detected.

Ignore

- No action is taken against identified memory

violations.

Alert

- Record the violation and report the incident to

the Dell Server.

Block

- Block the process call if an application attempts

to call a memory violation process. The application that

made the call is allowed to

continue to run.

Terminate

- Block the process call if an application

attempts to call a memory violation process and terminate

the application that made the call.

Remote Mapping of Memory

- A process has introduced code

and/or data into another process.

This may indicate an

attempt to begin executing code in another process and

thereby reinforce a malicious presence.

The Remote Mapping of Memory process injection affects

Windows and macOS operating systems.

Process

Injection:

Remote Write to

Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote attempt to write

to memory threat is detected.

Ignore

- No action is taken against identified memory

violations.

Alert

- Record the violation and report the incident to

the Dell Server.

Block

- Block the process call if an application attempts

to call a memory violation process. The application that

made the call is allowed to continue to run.

Terminate

- Block the process call if an application

attempts to call a memory violation proces

s and terminate

the application that made the call.

Remote Write to Memory

- A process has modified memory in

another process. This is usually an attempt to store code

or data in previously allocated memory but it is possible

that an attacker is trying to overwrite existing memory to

divert execution for a malicious purpose.

The Remote Write to Memory process injection affects

Windows and macOS operating systems.

Process

Injection:

Remote Write PE

to Memory

Alert

Ignore

Alert

Block

Terminate

Specify the ac

tion to take when a remote attempt to write

a portable executable to memory threat is detected.

Ignore

- No action is taken against identified memory

violations.

Alert

- Record the violation and report the incident to

the Dell Server.

Block

- Block the process call if an application attempts

to call a memory violation process. The application that

made the call is allowed to continue to run.

Terminate

- Block the process call if an application

attempts to call a memory violation process and terminate

the ap

plication that made the call.

Remote Write PE to Memory

- A process has modified memory

in another process to contain an executable image.

196