Adaptive Application Control Integration, formerly Azure Security Center's Adaptive Application Controls, uses machine learning to analyze the applications running on machines and create a list of known-safe software. Allow lists are based on specific workloads, trusted paths, publishers, and hashes and can be further customized. Security alerts are generated when applications are run that have not been defined as safe.
This control provides detection for some of this technique's sub-techniques and procedure examples and therefore its coverage score is Partial, resulting in a Partial score. Its detection occurs once every twelve hours, so its temporal score is also Partial.
This control provides detection for some of this technique's sub-techniques and procedure examples and therefore its coverage score is Partial, resulting in a Partial score. Its detection occurs once every twelve hours, so its temporal score is also Partial.
Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Because signatures generated via this technique are not valid, these malicious executables would be detected via any form of allow list, including publisher-based. Events are calculated once every twelve hours, so its temporal score is Partial.
Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Because signatures generated via this technique are not valid, these malicious executables would be detected via any form of allow list, including publisher-based. Events are calculated once every twelve hours, so its temporal score is Partial.
Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Path-based masquerading may subvert path-based rules within this control, resulting in false negatives, but hash and publisher-based rules will still detect untrusted executables. Events are calculated once every twelve hours, so its temporal score is Partial.
Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Path-based masquerading may subvert path-based rules within this control, resulting in false negatives, but hash and publisher-based rules will still detect untrusted executables. Events are calculated once every twelve hours, so its temporal score is Partial.
Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Malicious files of this type would be unlikely to evade detection from any form of allow list. Events are calculated once every twelve hours, so its temporal score is Partial.
Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Malicious files of this type would be unlikely to evade detection from any form of allow list. Events are calculated once every twelve hours, so its temporal score is Partial.
This control only provides detection for one of this technique's sub-techniques while not providing any detection capability for its other sub-technique, and therefore its coverage score is Partial, resulting in a Partial score.
This control only provides detection for one of this technique's sub-techniques while not providing any detection capability for its other sub-technique, and therefore its coverage score is Partial, resulting in a Partial score.
Once this control is activated, it generates alerts for any executable that has been run and is not included in an allow list. There is a significant potential for false positives from new non-malicious executables, and events are calculated once every twelve hours, so its temporal score is Partial.
Once this control is activated, it generates alerts for any executable that has been run and is not included in an allow list. There is a significant potential for false positives from new non-malicious executables, and events are calculated once every twelve hours, so its temporal score is Partial.
This control only provides detection for some of this technique's sub-techniques while not providing any detection capability for the remaining sub-techniques, and therefore its coverage score is Minimal, resulting in a Minimal score.
This control only provides detection for some of this technique's sub-techniques while not providing any detection capability for the remaining sub-techniques, and therefore its coverage score is Minimal, resulting in a Minimal score.
Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. While publisher-based allow lists may fail to detect malicious executables with valid signatures, hash and path-based rules will still detect untrusted executables. Events are calculated once every twelve hours, so its temporal score is Partial.
Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. While publisher-based allow lists may fail to detect malicious executables with valid signatures, hash and path-based rules will still detect untrusted executables. Events are calculated once every twelve hours, so its temporal score is Partial.
Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. Events are calculated once every twelve hours, so its temporal score is Partial.
Once this control is activated, it generates alerts for any executable that is run and is not included in an allow list. While name and publisher-based allow lists may fail to detect malicious modifications to executable client binaries, hash-based rules will still detect untrusted executables. Events are calculated once every twelve hours, so its temporal score is Partial.
