M1005 Application Vetting
Enterprises can vet applications for exploitable vulnerabilities or unwanted (privacy-invasive or malicious) behaviors. Enterprises can inspect applications themselves or use a third-party service.
Enterprises may impose policies to only allow pre-approved applications to be installed on their devices or may impose policies to block use of specific applications known to have issues. In Bring Your Own Device (BYOD) environments, enterprises may only be able to impose these policies over an enterprise-managed portion of the device.
Application Vetting is not a complete mitigation. Techniques such as Evade Analysis Environment exist that can enable adversaries to bypass vetting.
|Created||18 October 2019|
|Last Modified||06 April 2022|
|Navigation Layer||View In ATT&CK® Navigator|
Techniques Addressed by Mitigation