When an application gets blocked in ThreatLocker, the user has the option to request permission from an administrator.
Once the user clicks the 'Request Access' button, the request window will populate.
Here the user has the option to enter a message to accompany the request, their email address so they can be notified when the request is processed. By default, a copy of the file they are requesting will be attached unless they deselect the checkbox next to 'Attach a copy of the file with the request'.
Once the user selects 'Request Permission', the request will appear in the Approval Center and you will have the option to approve it.
If you wish to receive a notification for this request, you can configure it in one of two ways.
Method 1 - Notify on Request
- Select the Administrators Tab on the left-hand side of the ThreatLocker Portal.
- Select 'Edit' next to the administrator email in which you would like to receive your notifications.
- Check the 'Notify on request' box.
When this is selected, any request for your organization or child organization will be automatically sent to the email address on file for the administrator account you are editing.
Method 2 - Configure on a per-policy basis
This method allows more granular control as opposed to sending all requests to one administrator.
- In the ThreatLocker Portal, navigate to Application Control > Policies.
- Select the desired group (for this example, we will be configuring the default Policy in the 'Workstations' group).
- Select the pencil icon next to the chosen policy.
- Under 'Do you want to notify administrators when a user requests permission?', ensure the 'Notify the following admins' option is selected and place the desired email address or addresses in the text box below, selecting 'Add' for each respective email.
Using this method allows for definition right down to the client and/or the specific Policy level.
You are able to add in text message alerts as well by using the 'sms:' prefix followed by the phone number as demonstrated below:
- Select 'Save' when you are finished.
- Select 'Click to Deploy Policies' on the top left-hand corner of the ThreatLocker Portal. Any changes made will take effect in 60 seconds.
When the user selects 'Request Permission' you will receive an email. This email will include details such as the name of the company, the hash, the certificate, and a direct link to approve the request.
For information about Push Notifications on the Mobile App, please see the ThreatLocker Mobile App KnowledgeBase Article.