Application control is applied to user profiles and temporary folders
Ensure application control covers user and temporary folders to block unapproved software.
Plain language
This control ensures that only approved software can run on important parts of your computer, like user profile areas and temporary folders. By doing this, we prevent unwanted or harmful software from sneaking onto your system, which could lead to data theft or disruptions.
Framework
ASD Essential Eight
Control effect
Preventative
E8 mitigation strategy
Application control
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML1
Official control statement
Application control is applied to user profiles and temporary folders used by operating systems, web browsers and email clients.
Why it matters
If application control isn’t enforced in user profiles and temp folders, attackers can run malware from those locations, causing data loss and outages.
Operational notes
Apply application control rules to %TEMP%, browser cache and user profile paths; review logs for blocked binaries/scripts and update allow rules as needed.
Implementation tips
- The IT team should review the application control settings to make sure user profiles and temporary folders are included. They can do this by accessing the application control settings and verifying the included directories.
- System administrators should update the application control lists regularly to include only approved software. They can achieve this by maintaining a list of approved applications and ensuring the application control tool is configured to block everything else.
- Security officers should educate users on the importance of not bypassing application controls. This can be done through regular security training sessions emphasising the risks of unauthorised software.
- The IT department should perform regular tests to confirm that unauthorised software cannot run. They can achieve this by trying to execute unapproved applications in controlled environments and verifying they are blocked.
Audit / evidence tips
-
AskIs there an application control solution in place covering user profiles and temporary folders?
-
GoodThe application control configuration lists user profiles and temp folders with specific rules to block unapproved executables
-
AskHow often are the application control rules updated and reviewed?
-
GoodThere are documented procedures showing regular reviews and updates, at least quarterly, to the application control rules
Cross-framework mappings
How E8-AC-ML1.2 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| Annex A 8.18 | Annex A 8.18 requires restricting and tightly controlling utilities capable of overriding controls, which commonly includes preventing ex... | |
ASD ISM
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| ISM-0843 | E8-AC-ML1.2 requires organisations to apply application control specifically to user profiles and temporary folders used by operating sys... | |
| ISM-1657 | E8-AC-ML1.2 requires application control to be applied to user profiles and temporary folders used by operating systems, browsers and ema... | |
| sync_alt Partially overlaps (5) expand_less | ||
| ISM-0382 | E8-AC-ML1.2 requires application control coverage for user profiles and temporary folders to stop unapproved execution from common user-w... | |
| ISM-0955 | ISM-0955 requires organisations to implement application control using hash, publisher certificate, or path rules | |
| ISM-1592 | E8-AC-ML1.2 requires application control in user profiles and temporary folders to prevent unapproved software from executing out of comm... | |
| ISM-1658 | E8-AC-ML1.2 requires application control to cover user profiles and temporary folders to stop unapproved code running from those user-wri... | |
| ISM-1871 | E8-AC-ML1.2 requires application control to be applied to user profiles and temporary folders used by operating systems, web browsers and... | |
| handshake Supports (5) expand_less | ||
| ISM-0846 | E8-AC-ML1.2 requires enforcement of application control within user profiles and temporary folders to prevent users and malware running c... | |
| ISM-1235 | E8-AC-ML1.2 requires application control to be enforced in user profiles and temporary folders commonly used by operating systems, browse... | |
| ISM-1392 | E8-AC-ML1.2 requires application control to be applied to user profiles and temporary folders, which are frequently writable and targeted... | |
| ISM-1544 | E8-AC-ML1.2 requires application control to cover user profiles and temporary folders to block execution of unapproved software from thos... | |
| ISM-1746 | E8-AC-ML1.2 requires application control in user profile and temporary folders to prevent unapproved execution from those common drop loc... | |
| link Related (2) expand_less | ||
| ISM-1635 | ISM-1635 requires system owners to implement controls that protect each system and its operating environment | |
| ISM-1870 | ISM-1870 requires application control to be applied to user profiles and temporary folders used by operating systems, web browsers and em... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.