Note: This article contains directions for both the ThreatLocker Portal and the ThreatLocker Legacy Portal. If you are using the Legacy Portal, you can find the appropriate directions by scrolling down in the article.

The ThreatLocker Portal

ThreatLocker has removed the option to create a rule by hash in the Approval Center. 

Custom rules protect your flow of business by allowing for future updates. A hash, however, will be static. When adding a custom rule with process/path and hash, users may unknowingly nullify the dynamic ability for the rule to update.

This change reduces a user’s ability to unknowingly nullify the custom rule, ultimately making it easier to permit without denying it by mistake.

Users who desire to create a rule by hash can still do so through the Hash-Only File option on the Applications Page or the ‘Add to Application’ button in the Unified Audit. 

Creating a Rule by Hash via Applications  

Select an existing application, or create a new one. There will be a 'Hash-Only Rule' button within the section to add application rules. Here, you can enter the hash of the file and click 'Add Rule' to add it to the application. Save your changes with the 'Update Application' button. 

Creating a Rule by Hash via the Unified Audit   

Select the denied file to open a side panel, then choose 'Add To Application'. 

This will allow you to search for an application to add to.

Choose 'Hash-Only File' to populate the hash from the audit.

Commit this change by clicking the 'Update Application' button at the bottom of the side panel.

Permitting by hash is the most secure way to protect your environment. If you get unexpected denies, it could be due to old rules with both hash and process/path requirements. ThreatLocker recommends using the proper maintenance mode when installing new applications and/or utilizing our VDI testing environment. 

Legacy Portal 

Creating a Rule by Hash via Applications 

 

Creating a Rule by Hash via the Unified Audit