Symptoms
Note:
As of May 2022, Dell Endpoint Security Suite Enterprise has reached End of Maintenance. This article is no longer updated by Dell. For more information, reference Product Life Cycle (End of Support / End of Life) Policy for Dell Data Security. If you have any questions on alternative articles, either reach out to your sales team or contact endpointsecurity@dell.com.Reference Endpoint Security for additional information about current products.
Affected Products:
Dell Endpoint Security Suite Enterprise Mac
Cause
Google Drive File Stream's behavior triggers a Stack Pivot violation; in other words, the stack for a thread has been replaced with a different stack. Generally, the computer allocates a single stack for a thread. An attacker would use a different stack to control execution in a way that Data Execution Prevention (DEP) does not block.
Resolution
When Dell Endpoint Security Suite Enterprise Mac Memory Protection and Google Drive File Stream is installed, the combination may result in the following Memory Protection exploit event being generated and the application may not start on the endpoint:
Stack Pivot
/Applications/Google Drive File Stream.app/Contents/MacOS/Google Drive File Stream
Without a change to the Google Drive File Stream application’s behavior, the solution is to add a Memory Protection Exclusion for Google File Stream.
Note:
Adding the Memory Protection exclusions that are listed below lowers the security of devices that they are applied to.With the exclusion in place, Dell Endpoint Security Suite Enterprise no longer monitors Google Drive File Stream for Memory Protection violations.Only add these exclusions if you have confirmed you are experiencing the issue that is outlined in this article and it is impacting the rollout or management of Memory Protection in your environment or prevents Google Drive File Stream from functioning correctly once Memory Protection is enabled.
The exclusion path for Memory Protection is as follows:
/Applications/Google Drive File Stream.app/Contents/MacOS/Google Drive File Stream
For more information about how to add Memory Protection exclusions, reference How to Add Exclusions to Dell Endpoint Security Suite Enterprise.
Any Memory Protection violation types for Google Drive File Stream that are not Stack Pivot should be investigated on a case-by-case basis.
To contact support, reference Dell Data Security International Support Phone Numbers.Go to TechDirect to generate a technical support request online.For additional insights and resources, join the Dell Security Community Forum.
