Reference Guide
Manage Policies
200
Process Injection:
Remote APC
Scheduled
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote APC scheduled
threat is detected.
Ignore - No action is taken against identified memory
violations.
Alert -
Record the violation and report the incident to the Dell
Server.
Block - Block the process call if an application attempts to
call a memory violation process. The application that made
the call is allowed to continue to run.
Terminate - Block the process call if an application attempts
to call a memory violation process and terminate the
application that made the call.
Remote APC Scheduled - A process has diverted the execution
of another process's thread. This is generally used by an
attacker to activate a malicious presence that has been
injected into another process.
The Remote APC Scheduled process injection affects Windows
operating systems. This policy does not apply to Mac clients.
Process Injection:
Remote DYLD
Injection (Mac OS
X only)
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when a remote DYLD injection
threat is detected.
Ignore - No action is taken against identified memory
violations.
Alert -
Record the violation and report the incident to the Dell
Server.
Block - Block the process call if an application attempts to
call a memory violation process. The application that made
the call is allowed to continue to run.
Terminate - Block the process call if an application attempts
to call a memory violation process and terminate the
application that made the call.
DYLD Injection - An environment variable has been set that
will cause a shared library to be injected into a launched
process. Attacks can modify the plist of applications like
Safari or replace applications with bash scripts, that cause
their modules to be loaded automatically when an application
starts.
The DYLD Injection process injection affects macOS operating
systems. This policy does not apply to Windows clients.
Escalation: LSASS
Read
Alert
Ignore
Alert
Block
Terminate
Specify the action to take when an LSASS read threat is
detected.
Ignore - No action is taken against identified memory
violations.
Alert - Record the violat
ion and report the incident to the Dell
Server.
Block - Block the process call if an application attempts to
call a memory violation process. The application that made
the call is allowed to continue to run.
Terminate - Block the process call if an application attempts
to call a memory violation process and terminate the
application that made the call.