Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Pro

211

212

213

214

215

216

217

218

219

220

Security Management Server Virtual - AdminHelp v9.8

201

LSASS Read - Memory belonging to the Windows Local Security

Authority process has been accessed in a manner that

indicates an attempt to obtain users' passwords.

The LSASS Read escalation affects Windows operating

systems. This policy does not apply to Mac clients.

Escalation: Zero

Allocate

Alert

Ignore

Alert

Block

Terminate

Specify the action to take when a zero byte allocation threat

is detected.

Ignore - No action is taken against identified memory

violations.

Alert -

Record the violation and report the incident to the Dell

Server.

Block - Block the process call if an application attempts to

call a memory violation process. The application that made

the call is allowed to continue to run.

Terminate - Block the process call if an application attempts

to call a memory violation process and terminate the

application that made the call.

Zero Allocate - A null page has been allocated. The memory

region is typically reserved, but in certain circumstances it

can be allocated. Attacks can use this to setup privilege

escalation by taking advantage of some known null de-

reference exploit, typically in the kernel.

The Zero Allocate escalation affects Windows and macOS

operating systems.

Execution Control

Prevent Service

Shutdown from

Device

Not Selected

Selected

Not Selected

If selected, the Advanced Threat Prevention service is

protected from being shut down either manually or by another

process.

Kill Unsafe

Running Processes

and Sub-Processes

Not Selected

Selected

Not Selected

If selected, processes and sub-processes are quarantined and

terminated regardless of their state when a threat is detected

(exe or dll). Although a process or sub-process is terminated,

the command prompt window remains open.

If a file has been determined to be Safe and allowed to run

and then a threat model update occurs that results in the file

being identified as unsafe, the process is automatically

terminated. Dell recommends that you review threat model

updates before Selecting this policy. For more information,

see Threat Model Updates