Reference Guide
Manage Policies
Process
Injection:
Remote Thread
Creation
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote thread creation
threat is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation process. The application that
made the call is allowed to continue to run.
Terminate
- Block the process call if an application
attempts to
call a memory violation process and terminate
the application that made the call.
Remote Thread Creation
- A process has created a new
thread in another process. A process's threads are usually
only created by that same process. This is generally used
by
an attacker to activate a malicious presence that has
been injected into another process.
The Remote Thread Creation process injection affects
Windows and macOS operating systems.
Process
Injection:
Remote APC
Scheduled
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote APC scheduled
threat is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation process. The application that
made the call is allowed to continue to run.
Terminate
- Block the process call if an application
attempts to call a memory violation process and terminate
the application that made t
he call.
Remote APC Scheduled
- A process has diverted the
execution of another process's thread. This is generally
used by an attacker to activate a malicious presence that
has been injected into another process.
The Remote APC Scheduled process injection
affects Windows
operating systems. This policy does not apply to Mac
clients.
Process
Injection:
Remote DYLD
Injection (Mac
OS X only)
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote DYLD injection
threat is detected.
Ignore
- No action is taken against identified memory
violations.
Alert
- Record the violation and report the incident to
the Dell Server.
Block
- Block the process call if an application attempts
to call a memory violation process. The application that
made the c
all is allowed to continue to run.
Terminate
- Block the process call if an application
attempts to call a memory violation process and terminate
the application that made the call.
DYLD Injection
- An environment variable has been set to
198