Help CenterThreatLocker Elevation allows you to elevate a local user's privileges to that of a local administrator for a selected application. If you are using the ThreatLocker Elevation module, it is important to know that it will not be affected by 'Learning Mode'.
When you first deploy ThreatLocker, your computers will default into 'Learning Mode' whereby applications are not blocked by ThreatLocker and ThreatLocker learns the files used by that application.
With 'Elevation' enabled, your end users will receive an 'Elevation' popup even when in 'Learning Mode' if they attempt to run an application that requires elevated privileges.
If the user chooses 'Request Access', you will receive a request in the Approval Center.
In the Approval Center, you can distinguish an Elevation request by the word 'elevate' below the details as shown in the screenshot below.
ThreatLocker Portal View
ThreatLocker Legacy Portal View
If you don't want end users to receive this Elevation popup during your initial learning duration, you may choose to disable Elevation Control. Navigate to the Organizations page. Find the organization name that you want to disable 'Elevation' on. In the dropdown menu under 'Modules' ('Product' if you are using the ThreatLocker Legacy Portal), deselect the checkbox next to 'Elevation'.
ThreatLocker Portal View
ThreatLocker Legacy Portal View
Please note that the user will still receive the Windows UAC prompt when attempting to run or install an application that requires local admin privileges while in 'Learning Mode' and without those administrator credentials, the program will be unable to run.