Creating Policies to Monitor Storage Locations
Note: This article contains directions for both the ThreatLocker Portal and the ThreatLocker Legacy Portal. If you are using the Legacy Portal, you can find the appropriate directions by scrolling down in the article.
When it comes to local drives, ThreatLocker, will not monitor any activity unless there are explicit policies set in place. Currently, there are policies in place by default to monitor the desktop and documents folders locally as well as UNC paths and external storage. This ensures the best use of system resources. If there is a need to add additional areas you wish to be included when Ringfencing file access, these additional areas can be included by creating explicit monitoring policies for them as outlined below.
From the ThreatLocker Portal
Navigate to Storage Control > Policies > New Storage Policy.
Select the 'Policy Level' to apply the policy to from the dropdown.
In the 'Policy Details' section, enter a name for the policy, e.g. "Monitoring assets on the C Drive", and select the desired 'Policy Action' and 'Policy Permission'.
In the 'Policy Applies To' section, choose the 'Interface Type' from the dropdown menu and make any desired selections.
Configure the remaining to sections, 'Policy Expiration/Order' and 'Policy Match Events', as desired.
Select '+ Create Policy'.
Deploy Policies.
From the ThreatLocker Legacy Portal
Navigate to Storage Control > Policies > New Storage Policy.
Enter a name for the policy. For example: "Monitoring assets on the C Drive".
Select 'Read & Write' under 'What should this policy do?'.
Select whether to apply for the entire organization or to apply the policy to a specific group.
Under 'What paths should this apply to (e.g. "\\server1\share\", ".jpg" or "regex:[0-9]abc")?', select 'Let me select file paths'.
Select the desired path you would like monitored, then select Add.
Select Save.
Select Click to Deploy Policies.
This will include the specified path(s)/location(s) as a protected asset and will start monitoring within 60 seconds of deploying policies.