Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Pro

211

212

213

214

215

216

217

218

219

220

Security Management Server Virtual - AdminHelp v9.8

199

Remote Overwrite Code - A process has modified executable

memory in another process. Under normal conditions

executable memory will not be modified, especially by

another process. This usually indicates an attempt to divert

execution in another process.

The Remote Overwrite Code process injection affects

Windows operating systems. This policy does not apply to Mac

clients.

Process Injection:

Remote Unmap of

Memory

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote memory unmapping

threat is detected.

Ignore - No action is taken against identified memory

violations.

Alert - Record the v

iolation and report the incident to the Dell

Server.

Block - Block the process call if an application attempts to

call a memory violation process. The application that made

the call is allowed to continue to run.

Terminate - Block the process call if an application attempts

to call a memory violation process and terminate the

application that made the call.

Remote Unmap of Memory -

A process has removed a Windows

executable from the memory of another process. This may

indicate an intent to replace the executable image with a

modified copy for the purpose of diverting execution.

The Remote Unmap of Memory process injection affects

Windows operating systems. This policy does not apply to Mac

clients.

Process Injection:

Remote Thread

Creation

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a remote thread creation

threat is detected.

Ignore - No action is taken against identified memory

violations.

Alert -

Record the violation and report the incident to the Dell

Server.

Block - Block the process call if an application attempts to

call a memory violation process. The application that made

the call is allowed to continue to run.

Terminate - Block the process call if an application attempts

to call a memory violation process and terminate the

application that made the call.

Remote Thread Creation -

A process has created a new thread

in another process. A process's threads are usually only

created by that same process. This is generally used by an

attacker to activate a malicious presence that has been

injected into another process.

The Remote Thread Creation process injection affects

Windows and macOS operating systems.