Bitdefender Hypervisor Memory Introspection
|
Options used to configure what protection policies should be applied per process. More...
Macros | |
#define | PROC_OPT_NONE 0x00000000 |
No protection policy. The process is not protected. More... | |
#define | PROC_OPT_PROT_CORE_HOOKS 0x00000004 |
Blocks hooks being set on core user-mode DLLs. More... | |
#define | PROC_OPT_PROT_UNPACK 0x00000008 |
Identifies unpacking/decryption attempts in the main executable. More... | |
#define | PROC_OPT_PROT_WRITE_MEM 0x00000010 |
Blocks foreign write inside the target process. More... | |
#define | PROC_OPT_PROT_WSOCK_HOOKS 0x00000020 |
Blocks hooks being set on Wininet user-mode DLLs (Windows only). More... | |
#define | PROC_OPT_PROT_EXPLOIT 0x00000040 |
Blocks malicious execution attempts. More... | |
#define | PROC_OPT_PROT_SET_THREAD_CTX 0x00000080 |
Blocks thread hijacking attempts inside the target process (Windows only). More... | |
#define | PROC_OPT_PROT_PTRACE 0x00000080 |
Blocks thread hijacking attempts inside the target process (Linux only). More... | |
#define | PROC_OPT_PROT_QUEUE_APC 0x00000100 |
Blocks APC queuing inside the target process (Windows only). More... | |
#define | PROC_OPT_PROT_PREVENT_CHILD_CREATION 0x00000200 |
Prevent the process from creating child processes (other than instances of itself). More... | |
#define | PROC_OPT_PROT_DOUBLE_AGENT 0x00000400 |
Blocks double agent attacks (malicious DLL loading) (Windows only). More... | |
#define | PROC_OPT_PROT_SCAN_CMD_LINE 0x00000800 |
Uses third party engines to scan the command line of a process. More... | |
#define | PROC_OPT_PROT_INSTRUMENT 0x00001000 |
Blocks foreing processes from setting instrumentation callbacks inside the target process (Windows only). More... | |
#define | PROC_OPT_REMEDIATE 0x20000000 |
Any event inside the process will trigger the injection of the remediation tool. More... | |
#define | PROC_OPT_KILL_ON_EXPLOIT 0x40000000 |
#define | PROC_OPT_BETA 0x80000000 |
Process is monitored, but in log-only mode so no actions will be blocked. More... | |
#define | PROC_OPT_PROT_INJECTION |
Aggregates all the flags that will generate introEventInjectionViolation events. More... | |
#define | PROC_OPT_PROT_ALL |
Aggregates all the process protection flags. More... | |
Options used to configure what protection policies should be applied per process.
#define PROC_OPT_BETA 0x80000000 |
Process is monitored, but in log-only mode so no actions will be blocked.
Definition at line 376 of file intro_types.h.
Referenced by IntExceptUserLogLinuxInformation(), IntLixProcPolicyIsBeta(), IntLixTaskChangeProtectionFlags(), and IntWinProcChangeProtectionFlags().
#define PROC_OPT_KILL_ON_EXPLOIT 0x40000000 |
The process will be killed if an exploit is detected.
Without this flag, if a process is protected with PROC_OPT_PROT_EXPLOIT, the instruction that generated the alert will be skipped, but the next instruction might generate a new alert and so on.
Definition at line 374 of file intro_types.h.
Referenced by IntLixTaskChangeProtectionFlags(), and IntLixVmaHandlePageExecution().
#define PROC_OPT_NONE 0x00000000 |
No protection policy. The process is not protected.
Definition at line 342 of file intro_types.h.
#define PROC_OPT_PROT_ALL |
Aggregates all the process protection flags.
Definition at line 387 of file intro_types.h.
#define PROC_OPT_PROT_CORE_HOOKS 0x00000004 |
Blocks hooks being set on core user-mode DLLs.
Definition at line 344 of file intro_types.h.
Referenced by IntLixTaskActivateProtection(), IntLixTaskAdjustProtections(), IntWinModGetProtectionOptionForModule(), IntWinModPolyHandler(), and IntWinProcChangeProtectionFlags().
#define PROC_OPT_PROT_DOUBLE_AGENT 0x00000400 |
Blocks double agent attacks (malicious DLL loading) (Windows only).
Definition at line 362 of file intro_types.h.
Referenced by IntWinDagentHandleDoubleAgent(), and IntWinDagentSendDoubleAgentAlert().
#define PROC_OPT_PROT_EXPLOIT 0x00000040 |
Blocks malicious execution attempts.
Definition at line 352 of file intro_types.h.
Referenced by IntLixTaskActivateExploitProtection(), IntLixTaskActivateProtection(), IntLixTaskAdjustProtections(), IntLixTaskChangeProtectionFlags(), IntLixTaskDeactivateExploitProtection(), IntLixTaskDump(), IntLixVmaAdjust(), IntLixVmaChangeProtection(), IntLixVmaExpandDownwards(), IntLixVmaHandlePageExecution(), IntLixVmaInsert(), IntLixVmaRemove(), IntWinProcChangeProtectionFlags(), IntWinVadHandlePageExecution(), and IntWinVadIsExecSuspicious().
#define PROC_OPT_PROT_INJECTION |
Aggregates all the flags that will generate introEventInjectionViolation events.
Definition at line 379 of file intro_types.h.
Referenced by IntWinProcChangeProtectionFlags().
#define PROC_OPT_PROT_INSTRUMENT 0x00001000 |
Blocks foreing processes from setting instrumentation callbacks inside the target process (Windows only).
Definition at line 366 of file intro_types.h.
Referenced by IntWinProcHandleInstrument().
#define PROC_OPT_PROT_PREVENT_CHILD_CREATION 0x00000200 |
Prevent the process from creating child processes (other than instances of itself).
Definition at line 360 of file intro_types.h.
Referenced by IntLixTaskHandleExec(), IntLixTaskSendBlockedEvent(), IntLixValidateProcessCreationRights(), IntWinDpiCheckCreation(), IntWinDpiHandleNormalCreationRights(), and IntWinDpiSendProcessCreationViolation().
#define PROC_OPT_PROT_PTRACE 0x00000080 |
Blocks thread hijacking attempts inside the target process (Linux only).
Definition at line 356 of file intro_types.h.
Referenced by IntLixTaskChangeProtectionFlags(), and IntLixTaskHandlePtrace().
#define PROC_OPT_PROT_QUEUE_APC 0x00000100 |
Blocks APC queuing inside the target process (Windows only).
Definition at line 358 of file intro_types.h.
Referenced by IntWinThrHandleQueueApc().
#define PROC_OPT_PROT_SCAN_CMD_LINE 0x00000800 |
Uses third party engines to scan the command line of a process.
Definition at line 364 of file intro_types.h.
Referenced by IntLixCmdLineSendViolationEvent(), IntLixTaskHandleExec(), IntWinGetPrcoCmdLineHandleCmdLineInMemory(), IntWinGetProcCmdLineHandleBufferInMemory(), and IntWinProcCreateProcessObject().
#define PROC_OPT_PROT_SET_THREAD_CTX 0x00000080 |
Blocks thread hijacking attempts inside the target process (Windows only).
Definition at line 354 of file intro_types.h.
Referenced by IntWinThrHandleThreadHijack().
#define PROC_OPT_PROT_UNPACK 0x00000008 |
Identifies unpacking/decryption attempts in the main executable.
Definition at line 346 of file intro_types.h.
Referenced by IntWinProcChangeProtectionFlags().
#define PROC_OPT_PROT_WRITE_MEM 0x00000010 |
Blocks foreign write inside the target process.
Definition at line 348 of file intro_types.h.
Referenced by IntLixAccessRemoteVmHandler(), IntLixTaskChangeProtectionFlags(), IntLixTaskHandleInjection(), IntLixTaskHandlePtrace(), IntLixTaskHandleVmRw(), IntLixTaskSendInjectionEvent(), and IntWinProcHandleCopyMemory().
#define PROC_OPT_PROT_WSOCK_HOOKS 0x00000020 |
Blocks hooks being set on Wininet user-mode DLLs (Windows only).
Definition at line 350 of file intro_types.h.
Referenced by IntWinModGetProtectionOptionForModule(), and IntWinProcChangeProtectionFlags().
#define PROC_OPT_REMEDIATE 0x20000000 |
Any event inside the process will trigger the injection of the remediation tool.
Definition at line 369 of file intro_types.h.
Referenced by IntLixTaskChangeProtectionFlags().