Company logoHelp Center
Visit www.threatlocker.com

Configuring Cyber Hero Approval Policies

8 min. readlast update: 06.18.2026

ThreatLocker now provides users with an area to set custom policies for Cyber Hero Approvals. These policies will now allow you to define guidelines for how the Cyber Hero Approval Team will action approval requests from your organization, including whether they need to be escalated for review, approved, or denied.

Requirements

To create and configure Cyber Hero Approval policies, your organization must have the Cyber Hero Approvals module enabled as a product or included in a package. Once this is enabled, you will be given access to make changes to your Cyber Hero Approvals settings.

Accessing Cyber Hero Approvals Settings

To configure your Cyber Hero Approval policies, start by navigating to the Manage icon on the left-hand side of the screen. Then, hover over it and select Organizations from the menu.

Now, on your Organizations page, navigate to the organization where you will set your Cyber Hero Management Policies, then select the button to the right of the Modules dropdown.

Selecting this button will open the Cyber Hero Approvals window for your organization.

Default Policies

By default, policies will already exist that align with the default Cyber Hero Approval guidelines. If any of those default policies do not align with your organization's needs, they can be adjusted. The rest of this article will cover how to create or edit Cyber Hero Approval policies for your organization.

Adding a New Policy

To add a new policy, from the Cyber Hero Approvals window, navigate to the '+ Add Policy' button.

Selecting this button will generate a blank policy at the top of your policies list.

ThreatLocker provides you with the following options for policy creation:

  1. Order - The order in which a policy will be actioned. By default, new policies are added to the top of the list, but the order can be changed by increasing or decreasing the number to position it where it should be.
  2. Active - By default, this switch is turned on. This means that the policy is active and will respond if the policy rules are met. If turned off, the policy will still remain in your list, but any rules applied to it will not take effect in your organization until the policy is activated again.
  3. Action - By default, this is set to 'Approve'. The approval action specifies how ThreatLocker will handle the policy. There are three options in this area:
    • Approve - Using the other rules applied to your policy, the Cyber Hero Team will be notified to approve all requested applications that match the policy.
    • Escalate - Using the other rules applied to your policy, the Cyber Hero Team will be notified to escalate the requested application for further review.
    • Reject - Using the other rules applied to your policy, the Cyber Hero Team will be notified to reject the requested application.
  4. Application Category - To save a policy, you must select an Application Category. Selecting this dropdown displays a list of categories created by ThreatLocker. For information on what these categories mean, along with some examples of software that would apply to these categories, please navigate to the following article:
  5. Applies To - This dropdown defaults to Entire Organization. When creating a policy, you can select whether it applies to all users in your organization or only to certain Computer Groups or individual devices. This allows you to customize your policy, as many organizations will require users to have access to different applications.
  6. Application Country Restrictions - By default, 'Deny Selected' will be chosen for you. Selecting Deny means the policy will not match if the country matches. If Allow is chosen, the policy will only match if the country matches.
    • Choosing Deny does not require you to add countries for the policy to be saved. If you choose Allow, you must enter at least one country for the policy to be saved.
  7. Select Country Dropdown - A list of all countries that you can select from to either allow or deny for your policy. You can add the entire list of countries at once by using the checkbox to the left of the search field, or add a few countries at a time by selecting them in the list.
  8. Delete - Selecting the 'trash-can' icon will delete the chosen policy from the list. You will be prompted on whether you actually want to delete the approval.

As you enter your policy information, ThreatLocker will automatically save it. ThreatLocker will return an error if any required information is missing.

Policy Scope

As mentioned previously, Cyber Hero Approval policies can be applied at different levels, depending on their scope.

For best results, ThreatLocker recommends applying policies at the Computer Level whenever possible. Policies should be applied only at the Group or Entire Organization level when intended to apply more broadly.

Application Country Restrictions

Application Country Restrictions allow you to define approval behavior based on an application’s Primary Company Influence or Development Influence.

The Deny Selected or Allow Selected options mean that the Cyber Hero Team will approve or deny requests based on the selected countries.

For example, you may want to deny access to shopping tools from China while simply escalating those from other countries. In this scenario, if an approval request is submitted for an application with Primary Company Influence or Development Influence set to China, the software will be denied. If it is coming from any other country, it will go based on the action type, which in this scenario is to escalate the request. The Cyber Hero will then receive the suggested action to escalate the request, as defined by the policy.

In short, if a policy is set to automatically Deny Selected countries, it will deny if the application requested matches the Application Category and is from the denied country. Otherwise, if the request did not come from the denied country, it will follow the configured action (Approve, Escalate, or Reject).

Custom Guidelines

The Custom Guidelines option lets you provide additional instructions for the Cyber Hero Approvals Team when the standard policy configuration does not address a specific requirement. To create these guidelines, select the Custom Guidelines button available on the Cyber Hero Approvals Policies page.

Please Note: Custom guidelines should be entered directly into the provided Instructions field. Any external links, including links to spreadsheets, documents, or other third-party resources, will not be used by the Cyber Hero Approvals Team for security reasons.

Selecting the Custom Guidelines button will open the Custom Guidelines window, which provides the following actions:

  1. Use Parent Settings - By default, this option is off. This option is available if the organization you are configuring is the child of a parent organization. Turning on this switch will populate the instructions from your organization's parent settings here.
  2. Permit Target - By default, this is set to Permit on Computer, meaning the Cyber Hero Approvals Team will be notified only to create a policy for the computer requesting the application. This can also be set to Permit on Group, which will prompt the Cyber Hero Approvals Team to create policies for the entire computer group from which the request originated.
  3. Instructions - This field will allow you to enter the instructions that the Cyber Hero Team should follow when processing Approval Requests. For suggestions on what should be added here, please refer to the following article:
  4. Save - This button saves your suggested instructions. Upon your organization's next request, these instructions will be applied.
  5. Cancel - This button closes the Custom Guidelines window and reverts any changes to the previous settings.

Escalation Email Requirement

When configuring your Cyber Hero Approval instructions, an Escalation email address is required. The Escalation Settings button on the Cyber Hero Approvals Policies page will remain red until at least one email address is entered.

Any organization with the Cyber Hero Approvals module applied that does not have an escalation email provided will also have the Configure Cyber Hero Requests button turn red.

This email address ensures that escalated requests are sent to an administrator for review. The administrator who receives the escalation can review the request and, if appropriate, send it back to the Cyber Hero Approvals Team with authorization to approve it.

To add email addresses to receive escalation notifications, select the Escalation Settings button from the Cyber Hero Approvals Policies page. This will open the Escalation Settings window.

The Escalation Settings window will provide you with the following options:

  1. Use Parent Settings - This option is off by default and is available if your organization is a child of a parent organization. If this switch is enabled, email addresses designated as escalation recipients in the parent organization will be populated into this field.
  2. Send Escalation to - This is a dropdown field containing a list of contact emails from your organization. You can insert contacts from your organization to receive these emails, or add the email address of a designated account without a contact in the ThreatLocker Portal.
  3. Save - Selecting this button will save your applied information. The next time an approval request is escalated, an email will be sent to the provided email addresses.
  4. Cancel - This button closes the Escalation Settings window and reverts any changes to the previous settings.
Was this article helpful?