Help CenterThreatLocker will learn your RMM tools using our Learning Mode process. However, with ConnectWise RMM, there are unsigned PS1 files for which you will need to create custom rules to permit your ConnectWise RMM scripts in your environment.
ThreatLocker does not endorse or recommend these rules; these rules are the recommended solution by ConnectWise.
- Path:
- c:\program files (x86)\itsplatform\agentcore\temp\patches\scripts*\script.ps1
- Alternatively, you can use a regex rule: c:\\program files \(x86\)\\itsplatform\\agentcore\\temp\\patches\\scripts[^\\]*\\script\.ps1
- Process:
- c:\windows\system32\windowspowershell\v1.0\powershell.exe
- Created By:
- c:\program files (x86)\itsplatform\plugin\network\platform-network-plugin.exe
- c:\program files (x86)\itsplatform\plugin\patching\platform-patching-plugin.exe
- c:\program files (x86)\itsplatform\plugin\scap\fortify-scap-plugin.exe
- c:\program files (x86)\itsplatform\installationmanager\platform-installation-manager.exe
- c:\program files (x86)\itsplatform\plugin\scripting\platform-scripting-plugin.exe
- c:\program files (x86)\itsplatform\plugin\setuputils\platform-setuputils-plugin.exe
- c:\program files (x86)\itsplatform\plugin\version\platform-version-plugin.exe
- c:\program files (x86)\itsplatform\agentcore\platform-agent-core.exe
To create these rules, navigate to Modules > Application Control. You can find your existing custom application for ConnectWise RMM or create a new application by selecting the +New Application button.
After opening/creating the application, select the 'Application Files' tab. This is the area where you will add these rules. You must add eight separate rules to permit your ConnectWise RMM scripts. Please see the screenshot below on how this should look after adding the rules.
If you do not have a policy already after creating these rules, please create a policy for this application by selecting '+New Policy'. After creating your policy and utilizing your application for your ConnectWise RMM scripts, select the 'Deploy Policies' button at the top right of the page.