M0938 Execution Prevention
Block execution of code on a system through application control, and/or script blocking.
Techniques Addressed by Mitigation
| Domain |
ID |
Name |
Use |
| ics |
T0807 |
Command-Line Interface |
Execution prevention may block malicious software from accessing protected resources through the command line interface. |
|
|
|
|
| ics |
T0871 |
Execution through API |
Minimize the exposure of API calls that allow the execution of code. |
|
|
|
|
| ics |
T0849 |
Masquerading |
Use tools that restrict program execution via application control by attributes other than file name for common system and application utilities. |
|
|
|
|
| ics |
T0834 |
Native API |
Minimize the exposure of API calls that allow the execution of code. |
|
|
|
|
| ics |
T0853 |
Scripting |
Execution prevention may prevent malicious scripts from accessing protected resources. |
|
|
|
|
| ics |
T0894 |
System Binary Proxy Execution |
Disallow the execution of applications/programs which are not required for normal system functions, including any specific command-line arguments which may allow the execution of proxy commands or application binaries. |
| ics |
T0863 |
User Execution |
Application control may be able to prevent the running of executables masquerading as other files. |
|
|
|
|