Home
Mapping Frameworks
CSA CCM Home
Anti-Malware Detection and Prevention

CSA CCM UEM-09

Configure managed endpoints with anti-malware detection and prevention technology and services.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1221	Template Injection	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1204	User Execution	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1543	Create or Modify System Process	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1564	Hide Artifacts	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1221	Template Injection	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1080	Taint Shared Content	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1027	Obfuscated Files or Information	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1036	Masquerading	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1059.006	Python	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1059.005	Visual Basic	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1059.001	PowerShell	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1059	Command and Scripting Interpreter	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1092	Communication Through Removable Media	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1091	Replication Through Removable Media	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.
UEM-09	Anti-Malware Detection and Prevention	mitigates	T1025	Data from Removable Media	Comments This control describes the implementation of endpoint security, including anti-malware software, to mitigate the risk of exploitation by threat actors. The implementation guidance provides several examples of that the technical measures under Anti-Malware should aid with preventing which include: Scan installed software and system data content to identify and remove unauthorized code/software. Prohibit the use of installation of unauthorized software. Restricting on obtaining malicious data and software from external networks. Endpoint removable media management.