Reference Guide
Manage Policies
196
Exploitation:
Overwrite Code
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when an overwrite code threat is
detected.
Ignore - No action is taken against identified memory
violations.
Alert - Re
cord the violation and report the incident to the Dell
Server.
Block - Block the process call if an application attempts to
call a memory violation process. The application that made
the call is allowed to continue to run.
Terminate - Block the process call if an application attempts
to call a memory violation process and terminate the
application that made the call.
Overwrite Code - Code residing in a process's memory has
been modified using a technique that may indicate an
attempt to bypass Data Execution Prevention (DEP).
The Overwrite Code exploitation affects Windows operating
systems. This policy does not apply to Mac clients.
Exploitation:
Scanner Memory
Search
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a scanner memory search
threat is detected.
Ignore - No action is taken against identified memory
violations.
Alert -
Record the violation and report the incident to the Dell
Server.
Block - Block the process call if an application attempts to
call a memory violation process. The application that made
the call is allowed to continue to run.
Terminate - Block the process call if an application attempts
to call a memory violation process and terminate the
application that made the call.
Scanner Memory Search, or RAM Scraping - A process is trying
to read valid magnetic stripe track data from another process.
Typically related to point-of-sale systems (POS).
The Scanner Memory Search exploitation affects Windows
operating systems. This policy does not apply to Mac clients.
Exploitation:
Malicious Payload
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a malicious payload is
detected.
Ignore - No action is taken against identified memory
violations.
Alert -
Record the violation and report the incident to the Dell
Server.
Block - Block the process call if an application attempts to
call a memory violation process. The application that made
the call is allowed to continue to run.
Terminate - Block the process call if an application attempts
to call a memory violation process and terminate the
application that made the call.
Malicious Payload -
A generic shellcode and payload detection
associated with exploitation has been detected.
The Malicious Payload exploitation affects Windows operating