Table of Contents
ThreatLocker Versions 7.6 and Above | Windows XP | Linux Agent | Mac Agent
ThreatLocker Override Codes allow you to disable different aspects of ThreatLocker on a computer that does not have access to the internet or the ThreatLocker Data Centers. What you can disable depends on the version of ThreatLocker you are running.
- Below ThreatLocker Version 7.6, you can disable Application Control.
- ThreatLocker Version 7.6 and above allows you to disable Application Control and Tamper Protection.
- In ThreatLocker Version 8.2 and above, you can disable Application Control, Tamper Protection, and Network Control.
- ThreatLocker Version 8.3 and above allows you to disable Application Control, Tamper Protection, Network Control, and Storage Control.
ThreatLocker Versions 7.6 and Above
Machines on ThreatLocker Versions 7.6 and newer have Override Codes by default. Admins can run the 'Override Codes' report to see the unique override code linked to each hostname. These unique codes are automatically regenerated daily for each computer you have installed in the portal. The most recent code registered for a machine is based on its most recent check-in, and your code is active for 24 hours. If the machine is restarted or the override code is stopped, you will be issued a new code the next time your machine checks in. If a machine is offline for more than 24 hours, the code will regenerate upon the next check-in.
To end the override state, navigate to the Desktop tray and right-click the ThreatLocker tray icon. Select 'Override' from the menu, then select the 'Stop Override' button within the pop-up.
Note: There may be a delay of up to 10 seconds for the ThreatLockerService to fully remove the Override functionality.
Windows XP
In the ThreatLocker portal, navigate to the 'Custom Reports' page. Select and run the 'Override Codes (9.2 or above)' report.
Starting Override
On the machine that will be placed into Override, navigate to c:\documents and settings\All Users\Application Data\threatlocker\. Create a new text file in this directory named override.txt and paste the override code from the 'Override (Codes 9.2 or above)' report into the file. Save the text file once you have done this.
After about 10 seconds, the machine should go into an override state. This will disable Application Control, Tamper Protection, and Storage Control.
Ending Override
To end the override state, either delete the 'override.txt' file or delete the override code from within it and save it. The next time the service searches for the 'override.txt' file, the override will end, and Application Control, Tamper Protection, and Storage Control will be re-enabled.
Linux Agent
In the ThreatLocker portal, navigate to the 'Custom Reports' page. Select and run the 'Override Codes' report. The override codes for your machines will be listed.
Starting Override
On the machine that you are placing into Override, open a terminal window. Use the following command to create a file called 'override.txt'.
sudo nano /var/run/threatlocker/override.txt
Once your 'override.txt' file has been created, add the override code from the 'Override Codes' report, then save the file. After about 10-15 seconds, the machine should go into an override state. This will disable Application Control, Tamper Protection, and Storage Control.
Ending Override
To end the override state, either delete the 'override.txt' file or delete the override code from within it and save it. The next time the service searches for the 'override.txt' file, the override will end, and Application Control, Tamper Protection, and Storage Control will be re-enabled.
Mac Agent
In the ThreatLocker portal, navigate to the 'Custom Reports' page. Select and run the 'Override Codes' report. The override code for your machines will be listed.
Starting Override
On the machine that you are placing into Override, navigate to the ThreatLocker tray icon and select 'Override' from the dropdown menu.
A dialog box will then be opened. Input the override code into the dialog box within the 'Override Code' field, then select the 'Enter' button.
Ending Override
While your machine is in Override Mode, there will be a pop-up window on your screen:
ThreatLocker Override Mode. To remove code and secure your computer, click Stop Override.
Select the 'Stop Override' button to end Override Mode on your machine.