Bitdefender Hypervisor Memory Introspection
|
Flags used to describe an alert. More...
Macros | |
#define | ALERT_FLAG_BETA 0x0000000000000001 |
If set, the alert is a BETA alert. No action was taken. More... | |
#define | ALERT_FLAG_ANTIVIRUS 0x0000000000000002 |
If set, the alert is on anti virus object. More... | |
#define | ALERT_FLAG_SYSPROC 0x0000000000000004 |
If set, the alert is on system process. More... | |
#define | ALERT_FLAG_NOT_RING0 0x0000000000000008 |
If set, the alert was triggered in ring 1, 2 or 3. More... | |
#define | ALERT_FLAG_ASYNC 0x0000000000000010 |
If set, the alert was generated in an async manner. More... | |
#define | ALERT_FLAG_LINUX 0x0000000000000020 |
#define | ALERT_FLAG_FROM_ENGINES 0x0000000000000040 |
If set, the alert was generated due to a third party scan engines detection. More... | |
#define | ALERT_FLAG_FEEDBACK_ONLY 0x0000000000000080 |
If set, the alert is a feedback only alert. More... | |
#define | ALERT_FLAG_DEP_VIOLATION 0x0000000000000100 |
If set, the alert was generated by a DEP violation. More... | |
#define | ALERT_FLAG_PROTECTED_VIEW 0x0000000000000200 |
#define | ALERT_FLAG_KM_UM 0x0000000000000400 |
If set, the alert was generated by a kernel to user mode violation. More... | |
Flags used to describe an alert.
#define ALERT_FLAG_ANTIVIRUS 0x0000000000000002 |
If set, the alert is on anti virus object.
Definition at line 672 of file intro_types.h.
Referenced by IntAlertEptFillFromVictimZone().
#define ALERT_FLAG_ASYNC 0x0000000000000010 |
If set, the alert was generated in an async manner.
Definition at line 675 of file intro_types.h.
Referenced by IntLixTaskSendCredViolationEvent(), IntWinDrvObjSendIntegrityAlert(), IntWinHalHandleDispatchTableWrite(), IntWinHalSendPerfCntIntegrityAlert(), IntWinIdtSendIntegrityAlert(), IntWinInfHookIntegritySendAlert(), IntWinIntObjSendIntegrityAlert(), IntWinProcValidateSystemCr3(), IntWinSelfMapHandleCr3SelfMapModification(), IntWinSudSendSudIntegrityAlert(), IntWinTokenPrivsSendIntegrityAlert(), and IntWinTokenPtrCheckIntegrityOnProcess().
#define ALERT_FLAG_BETA 0x0000000000000001 |
If set, the alert is a BETA alert. No action was taken.
Definition at line 671 of file intro_types.h.
Referenced by IntAlertCoreGetFlags(), IntAlertProcGetFlags(), IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntLixTaskSendCredViolationEvent(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntWinDagentSendDoubleAgentAlert(), IntWinHalSendPerfCntIntegrityAlert(), IntWinInfHookIntegritySendAlert(), IntWinProcValidateSystemCr3(), and IntWinTokenPtrCheckIntegrityOnProcess().
#define ALERT_FLAG_DEP_VIOLATION 0x0000000000000100 |
If set, the alert was generated by a DEP violation.
Definition at line 684 of file intro_types.h.
Referenced by IntWinCrashHandleDepViolation().
#define ALERT_FLAG_FEEDBACK_ONLY 0x0000000000000080 |
If set, the alert is a feedback only alert.
No action was taken, the user should not be notified, but the event should generate feedback.
Definition at line 683 of file intro_types.h.
Referenced by IntAlertCoreGetFlags(), IntAlertProcGetFlags(), and IntHookPtsCheckIntegrity().
#define ALERT_FLAG_FROM_ENGINES 0x0000000000000040 |
If set, the alert was generated due to a third party scan engines detection.
Definition at line 678 of file intro_types.h.
Referenced by IntEngSendExecViolation(), IntLixCmdLineSendViolationEvent(), and IntWinSendCmdLineViolation().
#define ALERT_FLAG_KM_UM 0x0000000000000400 |
If set, the alert was generated by a kernel to user mode violation.
Definition at line 687 of file intro_types.h.
Referenced by IntAlertCreateEptException(), IntAlertCreateException(), IntUpdateAddExceptionFromAlert(), and IntWinModHandleKernelWrite().
#define ALERT_FLAG_LINUX 0x0000000000000020 |
If set, the alert was generated by a Linux guest.
Definition at line 676 of file intro_types.h.
Referenced by IntAlertCoreGetFlags(), IntAlertCreateCrException(), IntAlertCreateDtrException(), IntAlertCreateEptException(), IntAlertCreateInjectionException(), IntAlertCreateModuleLoadException(), IntAlertCreateMsrException(), IntAlertCreateProcessCreationException(), IntAlertGetEptExceptionFlags(), IntAlertProcGetFlags(), IntLixTaskSendCredViolationEvent(), and IntLixTaskSendInjectionEvent().
#define ALERT_FLAG_NOT_RING0 0x0000000000000008 |
If set, the alert was triggered in ring 1, 2 or 3.
Definition at line 674 of file intro_types.h.
Referenced by IntAlertCoreGetFlags(), IntAlertCreateEptException(), IntAlertCreateException(), IntAlertProcGetFlags(), IntDetSendIntegrityAlert(), IntLixCmdLineSendViolationEvent(), IntLixTaskSendInjectionEvent(), IntLixVdsoHandleWriteCommon(), IntSlackSendIntegrityAlert(), IntUpdateAddExceptionFromAlert(), IntWinHalSendPerfCntIntegrityAlert(), IntWinInfHookIntegritySendAlert(), IntWinProcHandleCopyMemory(), IntWinSendCmdLineViolation(), IntWinSudSendSudIntegrityAlert(), and IntWinTokenPrivsSendIntegrityAlert().
#define ALERT_FLAG_PROTECTED_VIEW 0x0000000000000200 |
If set, the alert was generated in a protected EPT.
Definition at line 685 of file intro_types.h.
Referenced by IntVeHandleEPTViolationInProtectedView().
#define ALERT_FLAG_SYSPROC 0x0000000000000004 |
If set, the alert is on system process.
Definition at line 673 of file intro_types.h.
Referenced by IntAlertCoreGetFlags(), IntAlertProcGetFlags(), IntWinCrashHandleDepViolation(), IntWinModPolyHandler(), IntWinProcHandleCopyMemory(), IntWinSelfMapHandleCr3SelfMapModification(), IntWinSelfMapHandleCr3SelfMapWrite(), and IntWinTokenPrivsSendEptAlert().