Long Arrow Right External Link angle-right Search Times Spinner angle-left

Computers Page: ThreatLocker 6.0

The first improvement you will notice is that the ā€˜Monitor Onlyā€™ mode box has been removed. It has been replaced with a ā€˜Statusā€™ box which represents the security status of ThreatLocker.

The Status box will show you the current status of ThreatLocker on the selected computer.

undefined

Enabling ProtectionThe ā€˜Enable Protectionā€™ box ends all maintenance periods and secures all the selected computers. At any time, to end all maintenance periods and re-enable protection, select the box next to the computer you wish to end maintenance on and enable protection on and click the ā€˜Enable Protectionā€™ box placing the selected computer into a ā€˜Securedā€™ status.

undefined

Disabling ProtectionThe ā€˜Disable Protectionā€™ box allows you to place computers into Monitor Only Mode or Learning Mode.

undefined

Enabling Monitor Only ModeTo place a computer in Monitor Only Mode, select the ā€˜Disable Protectionā€™ box. From the dropdown menu, select the date and time you wish to re-enable protection, and do not select the box next to ā€˜Allow Learning based on Group Settingsā€™.  

undefined

You will see the status read ā€˜Monitor Onlyā€™ in red. This status means that no execution or Ringfencing policies that donā€™t have explicit denies will be blocked. Nothing will be learned in ā€˜Monitor Onlyā€™ Mode. 

undefined

Enabling Learning Mode

To enter ā€˜Learning Modeā€™ you need to click the check box next to ā€˜Allow Learning Based on Group Settingsā€™.  

undefined

After clicking ā€˜Startā€™ the status will change to ā€˜Learning Modeā€™. 

undefined

When computers are first installed, they will stay in ā€˜Learning Modeā€™ based on the computer group settings. Navigate to ā€˜Computer Groupsā€™, then the specific group to enter the group management window where you can view or change the default monitor mode duration setting via the ā€˜Default Monitor Mode Durationā€™ dropdown menu. 

Client Version

The ā€˜Client Versionā€™ box allows you to easily select which version of ThreatLocker you want to run on the selected computer. You can choose to ā€˜Inherit from Groupā€™, or choose any version of ThreatLocker you have installed.

undefined

Maintenance Mode

The ā€˜Maintenance Modeā€™ button replaces the ā€˜Start Learning Modeā€™ button from earlier versions. It opens up the ā€˜Maintenance Scheduleā€™ menu. There are five different types of maintenance you can schedule. Multiple maintenance schedules can run at the same time.

undefined

Elevation Mode

To select the ā€˜Elevation Modeā€™, you must have the ThreatLocker Elevation product. It allows you to automatically elevate any programs that require elevation for all users or selected users.

undefined

To add an elevation period, select a start date and an end date. The default time period is one hour. Then select ā€˜Add Maintenance Scheduleā€™. If you select the ā€˜All the user to End the schedule from the Computerā€™, a popup box will appear on the end userā€™s computer showing that Elevation Mode is enabled and the user can click to end the elevation period when they are done. There is also a countdown timer on the popup showing how much time is remaining.

undefined

undefined

If the ā€˜Allow the user to End the schedule from the Computerā€™ box is not checked, the popup will not appear, and Elevation Mode will run silently on the computer.

Installation Mode

Installation Mode turns off blocking for execution and Ringfencing policies and learns any changes or new installed files on the system.

undefined

Learning Mode

Learning Mode is similar to Installation Mode. It learns what files are being installed on the computer and it learns what files would be denied using the default deny policy. If you have an application already installed and you want to learn what files are required to run it, you can put the computer into ā€˜Learning Modeā€™, select the application from the ā€˜Applicationā€™ dropdown menu and click ā€˜Add Maintenance Scheduleā€™ to place the computer in Learning Mode.

undefined

There is also an ā€˜Automaticā€™ option in the ā€˜Applicationā€™ list. This is the default mode when installing new computers. This automatically learns the application name and creates policies. When you first install, the time period is set to one week. When setting on ā€˜Automaticā€™ it is not recommended to select ā€˜Allow the user to End the schedule from the Computerā€™.

undefined

Monitor Only

ā€˜Monitor Onlyā€™ mode is similar to the others. You select ā€˜Monitor Onlyā€™ and choose the start and end times. You choose which users to apply it to and then select ā€˜Add Maintenance Scheduleā€™. This will turn off blocking temporarily but it will not learn. If you select the ā€˜Allow the user to End the schedule from the Computerā€™ box then the user will receive a popup stating that Monitor Only mode is temporarily enabled. 

undefined

Tamper Protection Disabled

ā€˜Tamper Protection Disabledā€™ allows you to disable tamper protection for a period of time. For example, if you need to disable ThreatLocker to diagnose an issue, you can do that. It is recommended to only disable Tamper Protection when working with ThreatLocker Support.

undefined

Select ā€˜Tamper Protection Disabledā€™ and choose the start and end times. ā€˜Tamper Protection Disabledā€™ must be applied to all users. If you want the end user to receive a popup, select the box next to ā€˜Allow the user to End the schedule from the Computerā€™. Click ā€˜Add Maintenance Scheduleā€™ to start the ā€˜Tamper Protection Disabledā€™ period. The status will be flagged in red.

undefined

Move Computer

ā€˜Move Computerā€™ allows you to move multiple computers at once. Choose the computers you wish to move and then click the ā€˜Move Computerā€™ button.

undefined

Then you will choose the ā€˜Target Organizationā€™ and the ā€˜Target Computer Groupā€™ from the dropdown menus to move computers easily from one organization to another.

undefined

It is important to note that the policies applied to those computers do not get carried over to the new organization. For this reason, you may want to click the box next to ā€˜Enable Learning and Rescan Baselineā€™ before you click ā€˜Moveā€™. This is not a required step, but if you do not choose this, it may block existing software on the computer.

undefined

Rescan Baseline

undefined

When you click on ā€˜Rescan Baselineā€™ you can choose whether or not to ā€˜Enable learning based on group settingsā€™. If you choose not to ā€˜Enable learning based on group settingsā€™, no policies will be created automatically. You will get a list of all the files on that computer in the ā€˜Unified Auditā€™.

undefined