M1033 Limit Software Installation
Block users or groups from installing unapproved software.
| Item | Value |
|---|---|
| ID | M1033 |
| Version | 1.0 |
| Created | 11 June 2019 |
| Last Modified | 11 June 2019 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Addressed by Mitigation
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1547 | Boot or Logon Autostart Execution | - |
| enterprise | T1547.013 | XDG Autostart Entries | Restrict software installation to trusted repositories only and be cautious of orphaned software packages. |
| enterprise | T1176 | Browser Extensions | Only install browser extensions from trusted sources that can be verified. Browser extensions for some browsers can be controlled through Group Policy. Change settings to prevent the browser from installing extensions without sufficient permissions. |
| enterprise | T1059 | Command and Scripting Interpreter | - |
| enterprise | T1059.006 | Python | Prevent users from installing Python where not required. |
| enterprise | T1543 | Create or Modify System Process | Restrict software installation to trusted repositories only and be cautious of orphaned software packages. |
| enterprise | T1543.002 | Systemd Service | Restrict software installation to trusted repositories only and be cautious of orphaned software packages. |
| enterprise | T1021 | Remote Services | - |
| enterprise | T1021.005 | VNC | Restrict software installation to user groups that require it. A VNC server must be manually installed by the user or adversary. |