Help CenterNote: This Agent Setting requires the ThreatLocker Windows Agent 10.5.3 or above. This feature is not currently available for non-Windows machines.
By default, when the ThreatLocker agent is first installed on a user's machine, it will begin Baselining. This process is an automatic learning period during which ThreatLocker searches for driver files unique to that machine and saves them in an application named $hostname/Drivers or $hostname/Windows. This process varies for each machine but is typically completed within one to two hours. During this time, the device will display a 'Waiting For Baseline' notice, which is viewable on the 'Devices' page.
ThreatLocker now allows users to turn off automatic Baselining through the use of the 'Baseline Configuration' Agent Setting. To do this, navigate to the 'Agent Settings' page and select the '+ New Setting' button in the top left corner of the page.
In the 'Create Settings' side panel, select the 'Setting Type' dropdown, then select 'Baseline Configuration' from the list of Agent Settings.
Be sure to select the group to which this Agent Setting will apply.
Note: This setting should only be applied to computer groups or at the entire organization level as applying it to a single machine with ThreatLocker already installed will not change anything.
Now that the 'Setting Type' has been selected, the 'Parameters' section will appear with a dropdown labeled 'Baseline Configuration'. The two options here are:
- Run Baseline scan for newly installed computers
- This is the default option
- Do not run Baseline scan for newly installed computers
By default, newly installed machines in your organization will always run the Baseline scan. By setting this dropdown to 'Do not run Baseline scan for newly installed computers', any new Windows machine on which a ThreatLocker agent is installed will not run the Baseline scan immediately. Please note that this may result in users not having access to certain driver files unique to their machine, as the purpose of the Baseline scan is to locate all files on a computer that are not covered by the Windows Core Files (Built-In).
Once all of your settings have been implemented, select the 'Create' button at the bottom of the page. Ensure that you select the 'Update Agents' button at the top of the page to solidify any changes made.
Rescan Baseline
If you find that you want to run the Baseline after a machine has been installed with this Agent Setting, you can scan it by navigating to the 'Devices' page using the left-hand side of the portal.
On the 'Devices' page, select a machine from the list. Then, from the list of button options that appears, select 'Rescan Baseline'.
A pop-up titled 'Rescan Baseline' will appear with a warning if the machine you have selected is not in 'Automatic Learning Mode'. You can select a checkbox to enable learning in this area before choosing the 'Rescan computer' button.
Once selected, the Baseline scan will begin.