Application whitelisting
A method to control what applications have permission to run on a system is application whitelisting. This method uses the logic that only what is permitted and trusted can run on the system; so if malicious software is installed on the system, it will not be able to execute. This model is closer to the trust model presented in Chapter 2, Security Architectures. Once trust is established for the applications on a system their behavior is either permitted or denied. This approach can be more effective than FIM, and with some solutions managing billions of hash baselines for trusted applications, false positives are rare.
Application whitelisting is a proactive approach to malware mitigation on end point systems such as desktops, laptops, and servers. This tool can also prevent unapproved application installs where a system user or owner may inadvertently introduce risk. If the application is not preapproved, the installation can be blocked, and if the installation...
