Company logoHelp Center
Visit www.threatlocker.com

Configuring the Monitoring of Storage Locations

4 min. readlast update: 06.04.2025

Table of Contents

From the ThreatLocker Portal | Monitored Paths | Navigating the Monitored Paths Page

When it comes to local drives, ThreatLocker, will not monitor any activity unless there are explicit policies set in place. Currently, there are policies in place by default to monitor the desktop and documents folders locally as well as UNC paths and external storage. This ensures the best use of system resources. If there is a need to add additional areas you wish to be included when Ringfencing file access, these additional areas can be included by creating explicit monitoring policies for them as outlined below.  

From the ThreatLocker Portal

Navigate to Storage Control > Policies > New Storage Policy.

Give the policy a name and a description and select whether the policy is active or not.

Next, select where the policy applies to and whether it applies to all or select users and groups.

Under 'Conditions', select the conditions you'd like to monitor. In this example, we're creating a policy to monitor the users' Downloads folder.

Configure the 'Actions' section as desired and create the policy.

Once the policy is created, click the Deploy Policies button to deploy the new policy to the applied machines. 

This new policy will include the specified path(s)/location(s) as a protected asset and will start monitoring them within 60 seconds of deploying policies.

Monitored Paths

Note: The Monitored Paths feature requires ThreatLocker Windows Agent 10.2.1 or higher.

Support for MAC and Linux COMING SOON!

As of Portal 2.20.0, ThreatLocker allows users to create Ringfencing policies without using Storage Control. Before this improvement, Ringfencing was only accessible through the monitoring of Storage devices/paths that were permitted within your organization. Using Monitored Paths allows you to apply Ringfencing for several specified locations in your organization.

The Monitored Paths option can be located in three distinct areas:

  • Application Control Policy Management
  • Storage Control Policy Management
  • Editing an Application Policy

Application Control Policy Management

To locate 'Monitored Paths' within Application Control Policy Management, use the left-hand side of the portal to select the 'Modules' dropdown, then 'Application Control'.

Select the 'Policies' tab in the top right corner of the page.

Now, select the hamburger menu in the top left corner of the page. A menu will open titled 'Application Control Policy Management'. Select 'Monitored Paths' from the list of options.

This will open the 'Monitored Paths' side panel.

Storage Control Policy Management

Using the left-hand side of the portal, select the 'Modules' dropdown and choose 'Storage Control'.

On Storage Control's main page, select the hamburger menu at the top of the screen. This will open a menu titled 'Storage Control Policy Management'. Select 'Monitored Paths' from this menu.

This will open the 'Monitored Paths' side panel.

Editing an Application Policy

From within the 'Application Control' > 'Policies' page, select the policy to which you would like to apply Ringfencing. Once the 'Edit Application Policy' side panel is opened, navigate to the 'Actions' section of the page and select 'Permit with Ringfence'.

Selecting the 'Permit with Ringfence' option will open four new options for Ringfence.

Switching on the 'Restrict this application from accessing files?' option will allow you to enter 'File Access Exceptions'. You will also notice a new line of text beneath the switch option stating, "Modify your monitored files and file extensions by clicking here."

Selecting this link will open the 'Monitored Paths' side panel.

Navigating the Monitored Paths Page

The Monitored Paths page has a simple layout, making it easy to add new file paths to be monitored.

To start,  the 'Applies To' section provides a dropdown where you can specify which machines in the organization this will be monitored on. By default, 'Entire Organization' will be selected, but you can change this to global groups, computer groups, or individual machines.

The 'File Paths' section provides a field to input new paths and a search bar to search for existing paths from your list. Paths can contain wildcards, and these inputs are recommended to consist mostly of file types such as *.docx, *.pdf, etc. Once you have input your information, select the '+' button to the right of the field to add it to the list of monitored paths.

The Monitored Paths page does not permit you to monitor the root of the C drive, as this has the potential to cause performance issues on your devices. ThreatLocker will display an error if you attempt to do this.

417 Error: Invalid monitored path value. This path can cause performance issues on your device(s).

This path can cause performance issues on your device(s).

As you enter your desired file paths, they will automatically save on the Monitored Paths page. You can exit this side panel once you have entered all your desired file paths.

Was this article helpful?