Home > CAPEC List > CAPEC-581: Security Software Footprinting (Version 2.11)  

CAPEC-581: Security Software Footprinting

Security Software Footprinting
Definition in a New Window Definition in a New Window
Attack Pattern ID: 581
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

Adversaries may attempt to get a listing of security tools that are installed on the system and their configurations. This may include security related system features (such as a built-in firewall or anti-spyware) as well as third-party security software.

+ Solutions and Mitigations

Identify programs that may be used to acquire security tool information and block them by using a software restriction policy or tools that restrict program execution by process whitelisting.

+ References
[R.581.1] ATT&CK Project. "Security software enumeration (1063)". MITRE. <https://attack.mitre.org/wiki/Security_software_enumeration>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017