CRI Profile PR.PS-05.01

The organization has policies, procedures, and tools in place to detect and block malware from infecting networks and systems, including automatically updating malware signatures and behavior profiles on all endpoints.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
PR.PS-05.01	Malware prevention	Mitigates	T1221	Template Injection	Comments Antivirus/Antimalware software can be utilized to prevent documents from fetching and/or executing malicious payloads.
PR.PS-05.01	Malware prevention	Mitigates	T1027	Obfuscated Files or Information	Comments Antivirus/Antimalware software can be utilized to detect and quarantine suspicious files that adversaries have made difficult to discover by encrypting, encoding, or obfuscating.
PR.PS-05.01	Malware prevention	Mitigates	T1080	Taint Shared Content	Comments Antivirus/Antimalware software can be utilized to detect and quarantine suspicious files.
PR.PS-05.01	Malware prevention	Mitigates	T1566.003	Spearphishing via Service	Comments Antivirus/Antimalware software can be utilized to detect and quarantine suspicious files and links, protecting against harmful files, websites, and downloads.
PR.PS-05.01	Malware prevention	Mitigates	T1566.001	Spearphishing Attachment	Comments Antivirus/Antimalware software can be utilized to detect and quarantine suspicious files and links, protecting against harmful files, websites, and downloads.
PR.PS-05.01	Malware prevention	Mitigates	T1566	Phishing	Comments Antivirus/Antimalware software can be utilized to detect and quarantine suspicious files and links, protecting against harmful files, websites, and downloads.
PR.PS-05.01	Malware prevention	Mitigates	T1027.014	Polymorphic Code	Comments Antivirus/Antimalware software can be utilized to detect and quarantine suspicious files that adversaries have made difficult to discover by encrypting, encoding or obfuscating.
PR.PS-05.01	Malware prevention	Mitigates	T1027.013	Encrypted/Encoded File	Comments Antivirus/Antimalware software can be utilized to detect and quarantine suspicious files that adversaries have made difficult to discover by encrypting, encoding or obfuscating.
PR.PS-05.01	Malware prevention	Mitigates	T1027.010	Command Obfuscation	Comments Antivirus/Antimalware software can be utilized to detect and quarantine suspicious Windows 10+ commands that adversaries have made difficult to discover by encrypting, encoding or obfuscating.
PR.PS-05.01	Malware prevention	Mitigates	T1027.009	Embedded Payloads	Comments Antivirus/Antimalware software can be utilized to detect and quarantine suspicious files that adversaries have made difficult to discover by encrypting, encoding, or obfuscating.
PR.PS-05.01	Malware prevention	Mitigates	T1027.002	Software Packing	Comments Heuristic-based malware detection and signatures for observed malware can be used to identify known software packers or artifacts of packing techniques that conceal malicious content.
PR.PS-05.01	Malware prevention	Mitigates	T1547.006	Kernel Modules and Extensions	Comments Antivirus/Antimalware software should be utilized to detect and quarantine suspicious files that adversaries have made difficult to discover by encrypting, encoding or obfuscating its contents on the system.
PR.PS-05.01	Malware prevention	Mitigates	T1036.008	Masquerade File Type	Comments Antivirus/Antimalware software can be utilized to detect and quarantine suspicious files that adversaries have manipulated to appear legitimate or benign.
PR.PS-05.01	Malware prevention	Mitigates	T1036	Masquerading	Comments Antivirus/Antimalware software can be utilized to detect and quarantine suspicious files that adversaries have manipulated to appear legitimate or benign.
PR.PS-05.01	Malware prevention	Mitigates	T1059.006	Python	Comments Antivirus/Antimalware software can be utilized to detect and quarantine files that have been embedded with malicious commands or scripts.
PR.PS-05.01	Malware prevention	Mitigates	T1059.005	Visual Basic	Comments Antivirus/Antimalware software can be utilized to detect and quarantine files that have been embedded with malicious commands or scripts.
PR.PS-05.01	Malware prevention	Mitigates	T1059.001	PowerShell	Comments Antivirus/Antimalware software can be utilized to detect and quarantine files that have been embedded with malicious commands or scripts.
PR.PS-05.01	Malware prevention	Mitigates	T1059	Command and Scripting Interpreter	Comments Antivirus/Antimalware software can be utilized to detect and quarantine files that have been embedded with malicious commands or scripts.