Skip to content

M1033 Limit Software Installation

Block users or groups from installing unapproved software.

Item Value
ID M1033
Version 1.0
Created 11 June 2019
Last Modified 11 June 2019
Navigation Layer View In ATT&CK® Navigator

Techniques Addressed by Mitigation

Domain ID Name Use
enterprise T1547 Boot or Logon Autostart Execution -
enterprise T1547.013 XDG Autostart Entries Restrict software installation to trusted repositories only and be cautious of orphaned software packages.
enterprise T1176 Browser Extensions Only install browser extensions from trusted sources that can be verified. Browser extensions for some browsers can be controlled through Group Policy. Change settings to prevent the browser from installing extensions without sufficient permissions.
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.006 Python Prevent users from installing Python where not required.
enterprise T1543 Create or Modify System Process Restrict software installation to trusted repositories only and be cautious of orphaned software packages.
enterprise T1543.002 Systemd Service Restrict software installation to trusted repositories only and be cautious of orphaned software packages.
enterprise T1021 Remote Services -
enterprise T1021.005 VNC Restrict software installation to user groups that require it. A VNC server must be manually installed by the user or adversary.
Back to top