Palo Alto Networks, Inc.
Process privilege escalation protection in a computing environment

Abstract:

Techniques for privilege escalation protection are disclosed. In some embodiments, a system/process/computer program product for privilege escalation protection includes monitoring a process executed on a computing device, detecting an unauthorized change in a token value associated with the process, and performing an action based on a policy (e.g., a kernel protection security policy/rule(s), which can include a whitelisted set of processes and/or configured actions/responses to perform for other/non-whitelisted processes) in response to an unauthorized change in the token value associated with the process.