ISM-1870 – Technical Resolution Guidance
What is ISM-1870?
Application control is applied to user profiles and temporary folders used by operating systems, web browsers and email clients.
This control ensures that Application Control is effect in the locations of where it applies.
Background
Application control for user profiles and temporary folders used by operating systems, web browsers, and email clients involves setting security measures to manage and restrict application execution in these areas.
Applicability
This control is relevant to the following:
- Maturity Level 1, 2, and 3 Controls
Evaluation Results
Status | Description |
---|---|
Effective | All major tests are restricted from running in the user profiles and temporary folders. |
Ineffective | Atleast one folder in the user profiles or temporary folders are unrestricted. |
Testing Parameters
The test confirms that certain types of files cannot be run or executed in specific folders that are usually restricted by Application Control. This indicates that some form of whitelist control is active.
Folders tested include:
User Profile Folders:
- %userprofile%\*
- %temp%\*
- %tmp%\*
- %windir%\Temp\*
- Temporary file location stored in registry at:
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Security!Securetemp
- Microsoft Edge: %localappdata%\Microsoft\Edge\User Data\Default\Cache\Cache_Data
- Google Chrome: C:\Users\%username%\AppData\Local\Google\Chrome\User Data\Default\Cache
- Mozilla Firefox: C:\Users\%username%\AppData\Local\Mozilla\Firefox\Profiles\xxxxxx.defaultcache
(where "xxxxxx" is a random profile name)
The following file types should not be allowed to run in these folders when executed under the user's context:
- Executables (.exe, .com)
- Libraries (.dll, .ocx)
- Scripts (.ps1, .bat, .cmd, .vbs, .js)
- Installers (.msi, .msp, .mst)
- Compiled HTML (.chm)
- HTML applications (.hta)
- Control panel applets (.cpl)
Remediation Steps
For each ineffective test, examine the relevant policy or adjust settings to ensure your application control software includes the necessary file types to prevent execution.SecurE8 generates a polished Excel report that highlights the effectiveness of each folder in handling the specified executable types:

Validation Process
To ensure effective Application Control, conduct a comprehensive validation that includes policy review, configuration checks, controlled environment testing, and regular monitoring of user profiles and temporary folders for unauthorized activities. Continuous improvement, integration with endpoint security, and user education further strengthen the application control process.
Risk Consideration
While Application Control is a valuable security measure, potential risks like overly restrictive policies, insider threats, and policy misconfigurations can impact its effectiveness and operational workflow. Regular risk assessments, policy reviews, continuous monitoring, and user education help mitigate these risks and strengthen overall security resilience.