What is the purpose of the Thread Injection check option within SCSP policies
Last Updated June 30, 2011
The customer has observed the Thread Injection check option within SCSP policy and wishes to know the purpose of the option.
Also wishes to know what performance impact it will have enabled the option for an active policy.
Enable Thread Injection option within policy
Enable thread injection detection Thread injection is a technique that is used to insert and run executable code within the address space of another process. Debuggers that attach to running processes for debugging purposes often use thread injection. This policy option addresses hostile programs that might misuse thread injection to perform a malicious task under the disguise of a benign process. When enabled, the thread injection detection option does the following: Detects and reports the creation of remote threads by one process into unrelated processes. Takes preventive action to limit system damage caused by the injected thread while executing the injected code. Confines the injecting process so that it does not continue injecting threads in remote processes in the thread injection status. Thread injection detection is enabled by default. The option is located throughout the policy.
SCSP 5.2 and higher
Imported Document ID: TECH163625
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe