When it comes to local drives, ThreatLocker, will not monitor any activity unless there are explicit policies set in place. Currently, there are policies in place by default to monitor the desktop and documents folders locally as well as UNC paths and external storage. This ensures the best use of system resources. If there is a need to add additional areas you wish to be included when Ringfencing file access, these additional areas can be included by creating explicit monitoring policies for them as outlined below.
From the ThreatLocker Portal
Navigate to Storage Control > Policies > New Storage Policy.
Give the policy a name and a description and select whether the policy is active or not.
Next, select where the policy applies to and whether it applies to all or select users and groups.
Under 'Conditions', select the conditions you'd like to monitor. In this example, we're creating a policy to monitor the users' Downloads folder.
Configure the 'Actions' section as desired and create the policy.
Once the policy is created, click the Deploy Policies button to deploy the new policy to the applied machines.
This new policy will include the specified path(s)/location(s) as a protected asset and will start monitoring them within 60 seconds of deploying policies.