Help CenterThe Approval Center allows you to view requests sent in from your end users for Application Control access, Elevation, and Storage Control access. The Approval Center can be accessed in the Response Center.
The hostname and storage device where each request originated are listed, along with the requested action type (Read/Write for Storage Control, Execute for Application Control, or Elevate, for Elevation). Following this are details on the requested file path, the request's status, the requestor, and when the request was issued.
Application Requests
Opening an Application Request will detail information on the requested file, the process that called it, the circumstances under which it was run, and the current status of the approval request, along with customer guidelines if laid out for Cyber Hero Management.
Clicking on the 'Virus Total' button will redirect you to a link with the file's VirusTotal results and the potential actions to take with the file. If the file was attached to the approval request, it can be loaded into the ThreatLocker Testing Environment for review in an isolated, virtualized Windows environment. Files can be added to either a new or existing application, by hash or by custom rules set as parameters you define, or a machine can be placed in learning or installation mode from this panel.
Policies created from these approval requests can be set at the desired hierarchy level (from computer to Global), permitted, ringfenced, or denied. If the approval request is for a file that matches a built-in application with a suggested Ringfencing™ template established by ThreatLocker, that template can be applied by selecting 'Suggested Ringfencing' from the available options. Additionally, Elevation can be applied to assist in running an application as an administrator. A policy can be configured to expire within this panel as well.
Elevation Requests
Elevation requests will follow a similar format to Application Control requests, with Elevation (and an Elevation expiration, if you have specified a default Elevation time frame for your organization) enabled automatically.
Similar to an Application Request, you can configure the 'Request Details' section to set a desired policy level and whether to apply Ringfencing™. Elevation will be selected by default, as well as an Elevation expiration if one is set, but any of these details can be changed individually.
Storage Requests
Opening a Storage request will give information on the requesting user, the requested file path, and the serial number for the device holding the requested file path.
From the options available, you can either create a policy to permit the requested action or add the serial number for that storage location to an existing storage policy.
The above configuration would permit only this machine to access the protected directory until the 'Policy Expiration'. Each option can be configured to control the level of access this policy grants at a granular level.
Each approval request, regardless of action type, will have a 'Ticket Details' tab listing information provided by the end-user or added by the technician processing the request, including Ticket, Requestor Email, Requestor Reason, and Comments.