Help CenterBy default, the ThreatLocker Agent prioritizes built-in application definitions over custom definitions. This means that if both exist for the same application, the built-in definition will always take precedence, regardless of policy order.
Starting with Windows Agent 10.5.3, you can change this behavior by enabling a new Advanced Setting. When this Advanced Setting is added to your organization with 'Prioritize Built-In Applications' turned off, the agent will process applications strictly by policy order, treating built-in and custom definitions equally.
Note: It is recommended that you first upgrade to a flat policy structure before enabling this setting. Hierarchical policies may result in unintended policy evaluation results.
To apply this Advanced Setting, navigate to the 'Advanced Settings' page. From the 'Create Settings' sidebar, select the 'Setting Type' dropdown and choose 'Configure Application Prioritization' from the list.
Set your desired 'Applies To' level using the provided dropdown, then select to add the settings to the top or bottom, depending on your order preference.
Note: Advanced Settings are processed in a top-down order
In the 'Parameters' section, ensure that the 'Prioritize Built-In Applications' checkbox is deselected.
Select the 'Create' button at the bottom of the sidebar to create the setting, then select the 'Update Agents' button at the top of the 'Advanced Settings' window to deploy this setting to all agents where this Advanced Setting is applied.
To revert this to default, select the 'Configure Application Prioritization' Advanced Setting, then check the 'Prioritize Built-In Applications' checkbox.
Select the 'Save' button at the bottom of the sidebar, then be sure to select the 'Update Agents' button at the top of the 'Advanced Settings' window.