Long Arrow Right External Link angle-right Search Times Spinner angle-left

Ringfencing File Access

View in Browser

Ringfencing gives you the ability to restrict an application's ability to access files. Under the 'Files' tab, once you select the checkbox next to 'Enable Advanced Ringfencing to protect access to files', you will be preventing that application from accessing your protected files unless you specifically permit it by adding the file path you wish to allow access to. 

undefined

By default, protected files are any network shares, any external storage such as USB drives, and on newer ThreatLocker deployments your Desktop and Documents folders. You can add additional monitored paths by adding storage policies to them.   

ThreatLocker recommends you have storage policies in place, even if they are set to monitor only, for any files you want to protect.  

To add a file path, type it into the 'Path' textbox, choose to permit or deny, read or read & write permission, and then click 'Add'. If you have permitted c:\users\*\Documents\* but you want to deny c:\users\*\Documents\accounting, type in c:\users\*\Documents\accounting\* and choose 'deny' as the action, and then you will be permitting access to all of the documents folder except the accounting subfolder, and that will be denied.  

undefined

Notice the uses of wildcards in the path. You have the ability to use multiple wildcards if needed when specifying a specific file path to incorporate entire folders, and/or any username. If you wanted to allow an application to only access a specific file type, you can specify that with a wildcard. (e.g. *.pdf) You can even specify that an application can access only certain file types in a specific folder. (e.g. c:\users\*\Documents\*.pdf)  

Ringfencing - Application Interaction

Ringfencing- Internet Access  

Ringfencing - Registry Activity