Monday 06 July 2026 06:24:33 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Application allowlisting

A control that permits only approved software to run on a system.

Application allowlisting is a security control that lets only approved software execute on a system. Instead of trying to block every bad program, the organization defines a trusted list based on hashes, signatures, publishers, paths, or other policy rules. Anything not on the list is denied by default.

This matters because many attacks depend on running unauthorized code: ransomware payloads, remote access tools, scripting engines, droppers, and post-compromise utilities. If allowlisting is enforced well, an attacker who gains a foothold may still be unable to launch their tools or persistence mechanisms. In environments that support industrial equipment, this can help prevent unauthorized changes from reaching systems that affect operations or calibration. Allowlisting is most effective when paired with patching, least privilege, and strong administrative controls, but it can be bypassed if policies are too broad or if trusted software can be abused to run malicious scripts.

← WIKICROOK index