What is the authoritative source for D3-EDL?

Executable Denylisting (D3-EDL) is catalogued in MITRE D3FEND and curated for EU compliance use cases by SQUR.

Isolatetechnique

D3-EDLExecutable Denylisting

Executable Denylisting

Definition

Blocking the execution of files on a host in accordance with defined application policy rules.

Defends against51

Type	Target	Confidence	Tier
Technique	System Service Discoveryt1007	100%	live
SubTechnique	PowerShell Profilet1546.013	100%	live
SubTechnique	Malicious Filet1204.002	100%	live
SubTechnique	SQL Stored Procedurest1505.001	100%	live
SubTechnique	Rename System Utilitiest1036.003	100%	live
Technique	Command and Scripting Interpretert1059	100%	live
SubTechnique	Process Doppelgängingt1055.013	100%	live
SubTechnique	LC_LOAD_DYLIB Additiont1546.006	100%	live
Technique	Remote System Discoveryt1018	100%	live
SubTechnique	Accessibility Featurest1546.008	100%	live
SubTechnique	Office Template Macrost1137.001	100%	live
Technique	System Information Discoveryt1082	100%	live
SubTechnique	Network Logon Scriptt1037.003	100%	live
SubTechnique	RC Scriptst1037.004	100%	live
SubTechnique	Mshtat1218.005	100%	live
SubTechnique	Invalid Code Signaturet1036.001	100%	live
SubTechnique	Parent PID Spoofingt1134.004	100%	live
Technique	Process Discoveryt1057	100%	live
SubTechnique	Control Panelt1218.002	100%	live
SubTechnique	Thread Execution Hijackingt1055.003	100%	live
Technique	System Network Configuration Discoveryt1016	100%	live
SubTechnique	Compiled HTML Filet1218.001	100%	live
SubTechnique	Component Object Model Hijackingt1546.015	100%	live
SubTechnique	Impair Command History Loggingt1562.003	100%	live
Technique	Windows Management Instrumentationt1047	100%	live
SubTechnique	Path Interception by Search Order Hijackingt1574.008	100%	live
Technique	Scheduled Task/Jobt1053	100%	live
SubTechnique	CMSTPt1218.003	100%	live
SubTechnique	Screensavert1546.002	100%	live
Technique	Deobfuscate/Decode Files or Informationt1140	100%	live