Palo Alto Networks, Inc.
PROCESS PRIVILEGE ESCALATION PROTECTION IN A COMPUTING ENVIRONMENT

Abstract:

Techniques for process privilege escalation protection in a computing environment are disclosed. In some embodiments, a system/process/computer program product for process privilege escalation protection in a computing environment includes monitoring a process executed on a computing device, detecting an unauthorized change in a token value associated with the process, and performing an action based on a policy (e.g., a kernel protection security policy/rule(s), which can include a whitelisted set of processes and/or configured actions/responses to perform for other/non-whitelisted processes) in response to an unauthorized change in the token value associated with the process.