ISM-1657 – Technical Resolution Guidance
What is ISM-1657?
Application control restricts the execution of executables, software libraries, scripts, installers, compiled HTML, HTML applications and control panel applets to an organisation-approved set.
This control ensures that Application Control is effect in the file types that are applied.
Background
Application Control is a security measure that limits the types of files—like programs, scripts, and installers—that can run on a system to an approved list. This helps prevent unauthorized or harmful software from running on the organization’s systems.
Applicability
This control is relevant to the following:
- Maturity Level 1, 2, and 3 Controls
Evaluation Results
Status | Description |
---|---|
Effective | The organization's Application Control Configuration blocks all relevant tests from running. |
Ineffective | One or more relevant tests can be executed. |
Not Applicable | The Operating System does not support application control. |
Testing Parameters
Verifying this control confirms that the intended file execution restrictions are effectively enforced.
The tests confirm that certain file types can’t run in folders that are usually not approved, showing that a whitelist-based Application Control is in place.
The folders included in the tests are:
- %userprofile%\*
- %temp%\*
- %tmp%\*
- %windir%\Temp\*
- Executables (.exe, .com)
- Software libraries (.dll, .ocx)
- Scripts (.ps1, .bat, .cmd, .vbs, .js)
- Installers (.msi, .msp, .mst)
- Compiled HTML (.chm)
- HTML applications (.hta)
- Control panel applets (.cpl)

Remediation Steps
SecurE8 will extract each executable type and attempt to run it, using the exit code to determine if the executable was successfully executed. These tests can also be performed manually if needed.
Validation Process
If the test file cannot be copied to the test location or it does not return an error code of zero, the test is considered effective.
Risk Consideration
Restricting the execution of files to an approved set of executables, software libraries, scripts, installers, and other applications helps strengthen an organization's security by reducing the risk of unauthorized or malicious software. This control enhances protection against threats such as malware, zero-day exploits, and phishing attacks, while supporting regulatory compliance and simplifying incident response.