ThreatLocker removed the option to create a rule by hash in the Approval Center. 

Custom rules protect your flow of business by allowing for future updates. A hash, however, will be static. When adding a custom rule with process and path, AND hash, users may unknowingly nullify the dynamic ability for the rule to update.

This change reduces a user’s ability to unknowingly nullify the custom rule, ultimately making it easier to permit without denying by mistake.

Users who desire to create a rule by hash (with or without other parameters) are still able to do so through the edit application button on Applications page or the ‘Add to Application’ button in the Unified Audit.

Creating a Rule by Hash via Applications 

Creating a Rule by Hash via the Unified Audit  

Permitting by hash is the most secure way to protect your environment. If you find that you are getting unexpected denies, it could be due to creating rules with both hash and process/path requirements. ThreatLocker recommends using the proper maintenance mode when installing new applications and/or utilizing our VDI testing environment.