Execution Prevention
Block execution of code on a system through application control, and/or script blocking.
Techniques Addressed by Mitigation
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| ICS | T0807 | Command-Line Interface |
Execution prevention may block malicious software from accessing protected resources through the command line interface. |
|
| ICS | T0871 | Execution through API |
Minimize the exposure of API calls that allow the execution of code. |
|
| ICS | T0849 | Masquerading |
Use tools that restrict program execution via application control by attributes other than file name for common system and application utilities. |
|
| ICS | T0834 | Native API |
Minimize the exposure of API calls that allow the execution of code. |
|
| ICS | T0853 | Scripting |
Execution prevention may prevent malicious scripts from accessing protected resources. |
|
| ICS | T0894 | System Binary Proxy Execution |
Disallow the execution of applications/programs which are not required for normal system functions, including any specific command-line arguments which may allow the execution of proxy commands or application binaries. |
|
| ICS | T0863 | User Execution |
Application control may be able to prevent the running of executables masquerading as other files. |
|