View in browser View our showcase video of this feature here The release of ThreatLocker’s new approval center brings about a plethora of changes. Here we will cover significant differences between the two builds. Previously the Approval Center allowed you to either permit a file or ignore it by the use of the following two buttons: The approval center has eliminated these buttons and now allows for optimum configuration. In the following example we see file c:\users\bob\desktop\putty.

View in Browser Along with changing the logos that appear in the ThreatLocker popup windows, and the Tray icon, you can also change the App Name that appears at the top of the request popup. Navigate to your Organizations page and select the pencil icon (edit button) next to the organization you want to change the default branding on.  In the edit window, click on the 'Branding' tab.

The first improvement you will notice is that the ‘Monitor Only’ mode box has been removed. It has been replaced with a ‘Status’ box which represents the security status of ThreatLocker. The Status box will show you the current status of ThreatLocker on the selected computer. Enabling ProtectionThe ‘Enable Protection’ box ends all maintenance periods and secures all the selected computers. At any time, to end all maintenance periods and re-enable protection, select the box next to the computer you wish to end maintenance on and enable protection on and click the ‘Enable Protection’ box placing the selected computer into a ‘Secured’ status.

The use of Tags requires Agent version 6.0 or greater Tags are a collection of items that can be applied to Network policies with Ringfencing. They can contain strings, with or without wildcards, IPv4 addresses or IPv6 addresses. Tags are very efficient to manage and any changes made to the tag are automatically applied to the endpoints. The same tag can be easily applied to multiple policies.  Creating Tags To create a tag, navigate to 'Application Control'.

View in browser Overview The following article covers the steps required to disable Tamper Protection. Note: Tamper Protection is now available for disabling on a single device. Disabling Tamper Protection Log into the ThreatLocker Portal. Navigate to "Computers" from the left menu Select "Maintenance Mode" on the desired PC. The next pop-up will pull up the maintenance schedule. Click the drop-down for "

We do not suggest doing this to a default policy. Setting this up on a default policy may lead to a large amount of unwanted emails. If you would like to set up ThreatLocker to email you when a particular policy is matched, first navigate to the Organizations page and manage the organization you want to enable this on.   Navigate to Application Control > Policies. Change the dropdown in the Applies To menu to reflect your desired policy location.

ThreatLocker has incorporated some very useful reports to help our clients consolidate needed information into an easy and useable form. To access these reports, navigate to the Reports page. Here you will see 2 dropdown menus: Category and Report. Category All - this will show you all the report options Applications - this is the location of your application reports Approval - this will show you your approval request report options Audit - this is where you access your blocked file reports and process count Computers - this populates a list of computer reports you can run Policies - this provides your policy reports Storage Control - this shows deleted file reports and processes accessing a UNC report Storage Devices - this will give you a report of your USB Serial Numbers

View in Browser This guide will cover how to change your Tray branding icon You can freely change your Tray branding icon in addition to the banner now. We'll include the pre-requisites for the Tray branding below: Must be Agent 6.0 (or newer) 16x16 image format (may automatically compress to formatted size) Image must be web-hosted Has to be a .ico file (cannot be renamed) -- must be converted to true .

 Log into the ThreatLocker Portal and navigate to ‘Application Control’ and then to ‘Policies’. You can select who the policy applies to in the upper right-hand corner of the portal.  Policy Group Hierarchy  Global Global Workstations or Global Servers Entire Organization Computers Computer Groups Global policies run first, then the global workstations or servers, then the entire organization, followed by computers and computer groups are last.

The "Administrators" tab is located just under the ThreatLocker logo on the left-hand side. After you've chosen your organization and managed it, the Administrators tab will populate any and all relevant admins for your organization. This guide will talk about the different buttons found on this part of the portal in best efforts to guide you through use. New Administrator This button is used for creating a new administrator for your organization.

View in Browser OTC (one-time-code) authentication enables you to use the authentication application of your choice for 2-Factor Authentication.   Navigate to the Administrators page. Select the 'Edit' button next to the user you would like to enable OTC for. In the popup window, scroll to the 2-Factor Authentication section. From the dropdown menu, select OTC. A QR Code will appear below the dropdown menu. Scan this QR Code with the authentication application of your choice.

View in Browser This feature has currently been released for public Beta testing. Passwordless Authentication allows you to enable 2-factor authentication without using an authentication application. Once configured, an automated phone call will be made to the phone number you have set up. You will be required to answer the phone and input your preconfigured 4-8 digit PIN number into the telephone's keypad before being logged into the ThreatLocker Portal.

BETA TESTING View in Browser The ThreatLocker Security Center is a central location where you can configure the security settings for your ThreatLocker account. Navigate to Security > Security Center. Geo Restrictions Tab Allowed/Blocked Countries You have the option of restricting access to your ThreatLocker Portal by countries and/or IP addresses. If you choose 'Allowed Countries' you are creating a whitelist of countries from which your users can access your ThreatLocker account.

View in Browser The System Audit Page is where the activity in your ThreatLocker organization is logged.  Navigate to Security > System Audit. You can view this System Audit per organization, or you can view all your organizations' activity by selecting 'Show audit for all child organizations' in the parent organization's System Audit. Search Filters Much like the Unified Audit page, there are multiple filters you can apply when searching this audit to refine your search results.