Skip to content

Hide Navigation Hide TOC

AppLocker Prevented Application or Script from Running (401e5d00-b944-11ea-8f9a-00163ecd60ae)

Detects when AppLocker prevents the execution of an Application, DLL, Script, MSI, or Packaged-App from running.

Cluster A Galaxy A Cluster B Galaxy B Level
AppLocker Prevented Application or Script from Running (401e5d00-b944-11ea-8f9a-00163ecd60ae) Sigma-Rules Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 1
AppLocker Prevented Application or Script from Running (401e5d00-b944-11ea-8f9a-00163ecd60ae) Sigma-Rules Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 1
AppLocker Prevented Application or Script from Running (401e5d00-b944-11ea-8f9a-00163ecd60ae) Sigma-Rules Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
AppLocker Prevented Application or Script from Running (401e5d00-b944-11ea-8f9a-00163ecd60ae) Sigma-Rules JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern AppLocker Prevented Application or Script from Running (401e5d00-b944-11ea-8f9a-00163ecd60ae) Sigma-Rules 1
AppLocker Prevented Application or Script from Running (401e5d00-b944-11ea-8f9a-00163ecd60ae) Sigma-Rules PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2