To categorically prevent that, every computer would need to centrally controlled and managed, which might have been the case here, and the system configuration has to prevent all software that’s not pre-approved from running.
That’s possible too, but could be a pain to tightly manage. It was a privileged user that was spear phished though… the kind of trusted user who might be able to install software on their machine without additional approval.
To categorically prevent that, every computer would need to centrally controlled and managed, which might have been the case here, and the system configuration has to prevent all software that’s not pre-approved from running.
That’s possible too, but could be a pain to tightly manage. It was a privileged user that was spear phished though… the kind of trusted user who might be able to install software on their machine without additional approval.