ThreatLocker provides users with four different Dotnet DLL Options that can be applied to your organization/group/machine:
<ul>
<li>DotnetDllLearnComputer</li>
<li>DotnetDllLearnGroup</li>
<li>DotnetDllLearnSystem</li>
<li>DotnetDllMonitorOnly</li>
</ul>
These Options work and help limit unintended .dll blocks by learning or monitoring .dll extensions and logging the behaviors in the Unified Audit. Due to how these Options work, enabling them for an organization/group/machine will cause Unified Audit logs for affected computers to show that the machine is in Application Control Monitor Only mode, even if it&nbsp;is in a secured state.
The Application Control Monitor Only mode will only be applicable to Dotnet DLLs. All other file activity will be enforced according to policy settings. You can verify that the machine is secured by selecting the 'Asset Name' shown in the Unified Audit log. Selecting this will open the asset's Computer Details page, showing if the machine is in Secured Mode.
<img height="285" width="361" src="https://cdn.livechat-files.com/api/file/kb/file/9686855/214d5a4816-f25dfa007acbc8341e91.png"><img height="233" width="358" src="https://cdn.livechat-files.com/api/file/kb/file/9686855/0b4ddb5348-b3fd95b15250fb8ade87.png">
<img src="https://cdn.livechat-files.com/api/file/kb/file/9686855/fe64737318-11d52c4cfbf0b7c80e00.png">

ThreatLocker provides users with four different Dotnet DLL Options that can be applied to your organization/group/machine:

 * DotnetDllLearnComputer
 * DotnetDllLearnGroup
 * DotnetDllLearnSystem
 * DotnetDllMonitorOnly

These Options work and help limit unintended .dll blocks by learning or monitoring .dll extensions and logging the behaviors in the Unified Audit. Due to how these Options work, enabling them for an organization/group/machine will cause Unified Audit logs for affected computers to show that the machine is in Application Control Monitor Only mode, even if it is in a secured state.

The Application Control Monitor Only mode will only be applicable to Dotnet DLLs. All other file activity will be enforced according to policy settings. You can verify that the machine is secured by selecting the 'Asset Name' shown in the Unified Audit log. Selecting this will open the asset's Computer Details page, showing if the machine is in Secured Mode.





Application Control Monitor Only Appearing When Dotnet DLL Options are Enabled

Custom Notes

Web Control Module

The Remediator

Elevation Control Module

Windows and Mac Feature Comparison

Understanding and Changing the Module Options on the Organizations Page

Options Tab: Choices and Descriptions: for the Computers Page, the Computer Groups Page, and the Entire Organization Page 

How to Use Multiple Parameters in a Single Search Field in the Unified Audit 

Creating a New Organization

Creating Tags

Disable Tamper Protection

Guide to Using the Reports Page 

Help Desk

Login Settings

Navigating the Administrators Page

Passwordless Authentication 

System Audit Page

How to Enable O365 SSO 

Storage Policy Tray Notifications

Deleting Applications/Storage Devices applied to policies

Post Request URL

Realtime Action Log

ActiveX Control Files (.ocx)

How to Use a Template Organization

Isolate/Lockdown/Screen Lock Selected Computer(s)

Setting a Default Time Period for Elevation

ThreatLocker Detect

Configuring Logout Timer Settings for the Organization

Enabling a Proxy Server

Forwarding Information to Splunk using ThreatLocker Detect

Applications Page

ThreatLocker Configuration Manager 

Cloud Detect

Cyber Hero Managed Detection and Response

API Users

Mutual Action Plan

Allowing End User to Self-Approve Applications

ThreatLocker Administrator Password System (TLAPS) 

The ThreatLocker Detect Alert Center

Response Center

ThreatLocker Detect Alert Sidebar - Response Details

Enhanced Token Theft Protection

The Application Store

ThreatLocker Access App and  Devices Page

Creating Named Locations to Use in M365 Conditional Access

Triggered Installation Mode

Elevation UAC Customization

Detect Dashboard

Patch Management

Customizing the Request Window Appearance

Cloud Control

Configuration Manager Policies

How to Copy Policies

Using the Group By Function in the Unified Audit

Forwarding Information to your SIEM using ThreatLocker Detect

Optimizing Performance with Network Control Policy Placement

Utilizing the Not Learned Status

Agent Settings

Password Recovery

Using the Approval Center

Definitions of ThreatLocker Detect Variables

Schemas and Queries to use with Microsoft Sentinel and ThreatLocker Detect

Domain Name Parsing Agent Setting

Portal Guides

Search our Knowledge Base