ThreatLocker Elevation allows you to elevate a local user's privileges to that of a local administrator for a selected application. If you are using the ThreatLocker Elevation module, it is important to know that it will not be affected by 'Learning Mode'.
When you first deploy ThreatLocker, your computers will default into 'Learning Mode' whereby applications are not blocked by ThreatLocker and ThreatLocker learns the files used by that application.
With 'Elevation' enabled, your end users will receive an 'Elevation' UAC prompt even when in 'Learning Mode' if they attempt to run an application that requires elevated privileges.
If the user chooses 'Request ThreatLocker Elevation,' you will receive a request in the Approval Center. The user can fill out their email and information when submitting the request.
In the Approval Center, you can distinguish an Elevation request by the word 'elevate' below the details as shown in the screenshot below.
If you don't want end users to receive this Elevation UAC prompt during your initial learning duration, you may choose to disable Elevation Control. Navigate to the Organizations page. Find the organization name that you want to disable 'Elevation' on. In the dropdown menu under 'Modules' ('Product' if you are using the ThreatLocker Legacy Portal), deselect the checkbox next to 'Elevation'.
Please note that the user will still receive the Windows UAC prompt when attempting to run or install an application that requires local admin privileges while in 'Learning Mode.' Without those administrator credentials, the program will be unable to run.