Malware may attempt to evade the firewall by modifying a process in memory that has been initiated by a trusted program, and then using the modified process to access the network on its behalf.
You can configure the firewall to detect and block processes that have been modified in memory.
To turn blocking of modified processes on or off:
For information about the Home page, see About the Home page.
To turn blocking of modified processes on, select the check box.