ActiveX Control Files (.ocx)

3 min. readlast update: 08.29.2024
To increase security on devices using ThreatLocker, we have changed .ocx files to be processed as executable files rather than read-only files. This is similar to the approach we took with .ps1 and .bat files in order to prevent rogue scripts from executing on your endpoints. As a result of this change, you may see blocks for applications using .ocx files.

If after the ThreatLocker update you find that you have denied .ocx files in the Unified Audit and this change is impacting your organization, two options are presented below to solve this issue.

Option 1: Use this option if you need an immediate return to your organization’s previous settings. This option is less secure but has an immediate return to allowing .ocx files to run unrestricted. This option involves creating a policy to permit all files of a single file extension type. This will be a three-step process and directions can be found below. (Building the policy, reviewing the policy matches, removing the policy)

Option 2: You can permit individual blocked .ocx files by using traditional steps within the Unified Audit. Using this option will allow you to select all files that have the .ocx file extension and easily permit them in their respective applications by hash. By default, .ocx files will remain denied until each policy is created. This is a more secure option but will also take more time to initiate. (For this option, begin following the directions below in step 2. When searching for denied items in the Audit, instead of searching by Policy name, search by Path *.ocx. All other steps will be the same.)

 

Option 1 Directions, STEP 1: Building a Permit All .ocx Policy

  • Begin by creating a new application.

  • Enter name as “Permit OCX Files”
  • Navigate to ‘Application Files’ 

  • Select ‘Full Path’ within Condition 1 dropdown. 

  • Add *.ocx into this field. 

  • Select 'Add' 

  • Select ‘Create’ to save application. 

 

  • Navigate to the Policies Tab and select the appropriate Computer Group for the policy. It is recommended that you select 'Entire Organization' or 'Global' for this policy.

 

  • Then select the 'New Policy' button.
  • Name the policy Permit OCX Files
  • Under the ‘Selected Applications’ section, add the Permit .OCX Files application you’ve just created 

  • Save your policy 

  • Select the 'Deploy Policies' button

 

STEP 2: Reviewing the Policy Matches

After a specified amount of time, the Unified Audit should be reviewed for policy matches.

  • Begin that process by navigating to the Unified Audit
  • Set the Start date to the date you created the .OCX policy 

  • Select the Advanced Filter button 

  • Select ‘Policy Name’ from the 'Field' dropdown, select ‘Equals’ for the 'Rule' dropdown, and input ‘Permit OCX Files’ in the 'Keyword' box.

  • Select 'Include Child Organizations', then select the ‘Search’ button.

  • Select the log you wish to incorporate into an application 

  • Select 'Add to Application' and link the application to the associated software 

  • Use caution when selecting multiple deny logs to add to one application.

     

Final Step

Remove the old allow-all OCX policy once you’ve created the appropriate new policies for .ocx files.

Was this article helpful?