Reference Guide
Manage Policies
198
Process Injection:
Remote Write to
Memory
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote attempt to write to
memory threat is detected.
Ignore - No action is taken against identified memory
violations.
Alert -
Record the violation and report the incident to the Dell
Server.
Block - Block the process call if an application attempts to
call a memory violation process. The application that made
the call is allowed to continue to run.
Terminate - Block the process call if an application attempts
to call a memory violation process and terminate the
application that made the call.
Remote Write to Memory - A process has modified memory in
another process. This is usually an attempt to store code or
data in previously allocated memory but it is possible that an
attacker is trying to overwrite existing memory in order to
divert execution for a malicious purpose.
The Remote Write to Memory process injection affects
Windows and macOS operating systems.
Process Injection:
Remote Write PE
to Memory
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote attempt to write a
portable executable to memory threat is detected.
Ignore - No action is taken against identified memory
violations.
Alert -
Record the violation and report the incident to the Dell
Server.
Block - Block the process call if an application attempts to
call a memory violation process. The application that made
the call is allowed to continue to run.
Terminate - Block the process call if an application attempts
to call a memory violation process and terminate the
application that made the call.
Remote Write PE to Memory - A process has modified memory
in another process to contain an executable image. Generally
this indicates that an attacker is attempting to execute code
without first writing that code to disk.
The Remote Write PE to Memory process injection affects
Windows
operating systems. This policy does not apply to Mac
clients.
Process Injection:
Remote Overwrite
Code
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote overwrite code
threat is detected.
Ignore - No action is taken against identified memory
violations.
Alert -
Record the violation and report the incident to the Dell
Server.
Block - Block the process call if an application attempts to
call a memory violation process. The application that made
the call is allowed to continue to run.
Terminate - Block the process call if an application attempts
to call a memory violation process and terminate the
application that made the call.