There are options which offer granular control over your users and machines, and which can be located in the Options Tab within the Computer, Computer Groups or Entire Organization Pages.

The options below are linked to the version of ThreatLocker software your system is running. Some options will not function on previous versions. For the highest functionality, please update to 7.10.6+. If you are having trouble with these options, we encourage you to reach out to a Cyber Hero.

 

These options should be used with extreme care as changing these options may greatly impact ThreatLocker’s ability to monitor and secure your environment. We encourage you to apply these options at the group level or lower, to review the funtionality prior to expanding their reach within your enviornment.

  

To begin:

• Navigate to the Computers Page, Computer Group page or Entire Organization page.

or

•  Select Edit 
• Select Options on the Popup

• Click the down arrow to populate the list

Options Include 

• EnableSHA256 - (System Restart Required) – This will use the SHA256 hash and apply it into a policy. Traditionally, ThreatLocker uses its own hashes. Now, SHA256 hashes can be used and added to policies. With this option enabled, when malicious SHA256 hashes are identified, they can be blocked.
• DotnetDll Explanation: Traditionally .net dll extensions are flagged as executing and are automatically blocked. If your machines were onboarded on versions 6.7 or below, this option is designed to help with .dll unintended blocks. With these options, your computer/group/system will be able to learn or monitor .dll extensions and log the behaviors in the Unified Audit.  
• It is important to make sure that these options are applied to the computer/group/org appropriately. See the 4 choices for this option below:
• DotnetDllLearnComputer – This will apply to a specific computer, see explanation of option above.
• DotnetDllLearnGroup – This will apply to a specific computer group, see explanation of option above.
• DotnetDllLearnSystem – This will apply to the entire global organization, see explanation of option above.
• DotnetDllMonitorOnly – This will monitor the computer/group/org based on where the options tab was opened, see explanation of option above. 
• EnforceCPL (System Restart Required) – Traditionally, ThreatLocker does not block access to the control panel because the action is not logged as an executable. When activated, this option will allow the block as needed.  
• MonitorPowerShell (Under Maintenance - expected to release with the updated WebUI)  
• SCDisableDirectoryListing - When activated, this option applies to all storage control policies. Traditionally, users would be able to view, but not interact with a blocked location. This option hides the contents of the blocked location.  
• InterceptLocalhostOutbound (System Restart Required) – Certain antivirus software will affect how outbound traffic is logged in the Unified Audit, causing outbound traffic to appear as local and thus be ignored by ThreatLocker. This option will allow your system to monitor and log this traffic, wether it is Application Control, Ringfencing or Network Access Control policies that are affected.  
• LogRegistryPermit – Traditionally, Ringfencing will restrict applications from interacting with the registry. When activated, this will allow the interaction and log the permits.
• OCXLearn Explanation: Previous to version 7.9, .ocx file extensions were not flagged as executing in the ThreatLocker environment and therefore not learned during onboarding. If you would like .ocx files to be automatically learned, please upgrade to version 7.10.6+ and make sure this option is enabled for the needed group hierarchy levels.
• These options allow you to enable/disable automatic learning of .ocx files, or set your environment to Monitor Only for .ocx files. 
• Users who are on Manual Updates, or who cannot install a 7.10.6+ version, are encouraged to review our KB on keeping your system safe from OCX files. 
• It is important to make sure that these options are applied to the computer/group/org appropriately. See the 4 choices for this option below: 
• OCXLearnComputer – This will apply learned files to a specific endpoint, see explanation of option above.
• OCXLearnGroup – This will apply to a specific computer group, see explanation of option above.
• OCXLearnSystem – This will apply to the system level policies for a specific endpoint , see explanation of option above.
• OCXMonitorOnly – This will enable monitoring of .ocx files for the computer/group/org based on where the options were enabled, see explanation of option above.

• To add an option, select it from the drop-down list and click Add. 
• To remove an option, select it and then click the X on the right (under the Add button). 
• Make sure to click Save in the upper left corner before you close the popup window.  

• Once your choices are saved, the changes will reflect immediately (unless they are flagged for a service restart above). 

If you need more assistance, please reach out to a Cyber Hero.