Limit Software Installation

Block users or groups from installing unapproved software.

ID: M1033
Version: 1.0
Created: 11 June 2019
Last Modified: 11 June 2019

Techniques Addressed by Mitigation

Domain ID Name Use
Enterprise T1547 .013 Boot or Logon Autostart Execution: XDG Autostart Entries

Restrict software installation to trusted repositories only and be cautious of orphaned software packages.

Enterprise T1176 Browser Extensions

Only install browser extensions from trusted sources that can be verified. Browser extensions for some browsers can be controlled through Group Policy. Change settings to prevent the browser from installing extensions without sufficient permissions.

Enterprise T1059 .006 Command and Scripting Interpreter: Python

Prevent users from installing Python where not required.

Enterprise T1543 Create or Modify System Process

Restrict software installation to trusted repositories only and be cautious of orphaned software packages.

.002 Systemd Service

Restrict software installation to trusted repositories only and be cautious of orphaned software packages.

Enterprise T1021 .005 Remote Services: VNC

Restrict software installation to user groups that require it. A VNC server must be manually installed by the user or adversary.

Enterprise T1072 Software Deployment Tools

Restrict the use of third-party software suites installed within an enterprise network.