DLL Injection

What is DLL injection?

DLL injection is a technique used by malicious actors to execute arbitrary code on a target computer by injecting a dynamic-link library (DLL) into a running process.

This allows the attacker to modify and tamper the process behavior without modifying the original assembly, potentially bypassing any existing integrity checks.

Potential drawbacks of preventing DLL injection

In some instances, attempting to identify DLL injection can lead to false attack signals. This typically occurs when legitimate DLLs are injected into memory by authorized programs, such as antiviruses or applications that interact with your process.

The presence of a third party DLL in memory is not a definitive sign of a tampering attempt, nevertheless, it's important to investigate each alert to mitigate the risk of a potential attack spreading further.

When creating DLL injection reports, Codeguard offers valuable insights into the injected code.

Please refer to our to learn more.

Toggling DLL detection on and off in the dashboard

Customers have the option to toggle DLL detection on and off in the dashboard. This can be useful in situations where DLL injection is used for legitimate purposes, such as software development or testing.

To toggle DLL detection on and off in the dashboard, follow these steps:

1. Log in to the dashboard and navigate to the settings page.

2. Locate the "DLL detection" section and click on the toggle switch to enable or disable DLL detection.

3. Save your changes and the new setting will take effect immediately.

Please note that disabling DLL detection may increase the risk of unauthorized access to your system and the sensitive information it contains. It should only be done in situations where DLL injection is needed for legitimate purposes and appropriate security measures are in place.