# DLL Injection ### What is DLL injection? DLL injection is a technique used by malicious actors to execute arbitrary code on a target computer by injecting a dynamic-link library (DLL) into a running process. This allows the attacker to modify and tamper the process behavior without modifying the original assembly, potentially bypassing any existing integrity checks. ### Potential drawbacks of preventing DLL injection In some instances, attempting to identify DLL injection can lead to false attack signals. This typically occurs when legitimate DLLs are injected into memory by authorized programs, such as antiviruses or applications that interact with your process. The presence of a third party DLL in memory is not a definitive sign of a tampering attempt, nevertheless, it's important to investigate each alert to mitigate the risk of a potential attack spreading further. When creating DLL injection reports, Codeguard offers valuable insights into the injected code. Please refer to our [compatibility page](/code-guard/preventing-modifications/enterprise-edrs-and-xdrs.md) to learn more. ### Toggling DLL detection on and off in the dashboard Customers have the option to toggle DLL detection on and off in the dashboard. This can be useful in situations where DLL injection is used for legitimate purposes, such as software development or testing. To toggle DLL detection on and off in the dashboard, follow these steps: 1. Log in to the dashboard and navigate to the settings page. 2. Locate the "DLL detection" section and click on the toggle switch to enable or disable DLL detection. 3. Save your changes and the new setting will take effect immediately. Please note that disabling DLL detection may increase the risk of unauthorized access to your system and the sensitive information it contains. It should only be done in situations where DLL injection is needed for legitimate purposes and appropriate security measures are in place. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cyphor.net/code-guard/preventing-modifications/dll-injection.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.