Application control (formerly referred to as application whitelisting) is a security principle designed to protect against malicious and/or unwanted code executing on systems. When implemented correctly it ensures that only approved applications (e.g. executables, software libraries, scripts and installers) can be executed. While it is primarily designed to prevent the execution and spread of malicious code, it can also prevent the installation or use of unapproved applications.
For example:
Recommendation – Application Control
It is recommended that the organisation implements application control on all workstations and servers.
Application Control is identifying approved applications and developing application control rules to ensure only approved applications are allowed to execute.
Implementation Outcome
Application control is implemented on all workstations to restrict the execution of executables to an approved set. Application control is implemented on all servers to restrict the execution of executables to an approved set. Application control can prevent the execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers. All non-approved applications (including malicious code) are prevented from executing.