Long Arrow Right External Link angle-right Search Times Spinner angle-left
Go to ThreatLocker

Search our Knowledge Base

Permitting Software from the Approval Center

Updated August 23, 2021

Open in Browser

 You can quickly permit files directly from the Approval Center.  

Navigate to the Approval Center page.  

Click the blue 'View' button next to the request you want to expand.  

undefined

The Application Request window will open. At the top, you will see the file details including the certificate, if it has one, the hostname, and the username of the requestor.  

undefined

Permitting Software with Matching Applications

ThreatLocker will let you know if the file matches an existing application, either a built-in or one learned in your organization.  You can select the matching application from the dropdown menu. 

undefined

Actions

 This is where you will decide what type of policy you want to create for this application.

  • 'Deny the application explicitly' - This option will deny this application and the end user will no longer receive a popup to request access to this application. 
  • 'Use suggested Ringfencing policy' - If the application you have selected above has a ThreatLocker suggested Ringfencing policy, this option will be available and selecting it will automatically apply the ThreatLocker suggested Ringfencing policy to the application.
  • 'Permit the application and add Ringfencing restrictions' - This option permits the application and allows you to add in Ringfencing restrictions.
  •  'Permit the application without restriction' - This will permit the application without adding Ringfencing restrictions. 
undefined

Policy Expiration

Here you can select an expiration date for this policy if you wish. 

undefined

Elevation

The 'Elevation' section follows.  If you have an Elevation license, here you can decide if you would like to assist in elevating this application or not.  If you choose 'Do not assist with elevation', and the end user needs to use elevation, they will receive a ThreatLocker popup window so they can request elevation. 

undefined

Policy

This is where you choose where to apply the new policy to: 

  • The entire organization - applies the policy to the entire organization 
  •  A computer group - applies the policy just to a specified computer group 
  • This computer only - applies the policy just to this computer 
undefined

Administrator Notes

This is where you can put ticket or requestor information, or comments if your internal policies require this.   

undefined

The blue 'Save' button in the bottom right corner needs to be pressed to save your policy.  Back on the main page, click the 'Deploy Policies' button in the top left to push the policy change out to your endpoints. 

Permitting Software Without Matching Applications

If the software does not have a matching application, ThreatLocker will give you the following message: 'This file does not appear to match any known applications.  Do you want to update the definition of an existing application or create a new application definition?'  

If you know this file is part of an existing application definition and you wish to add this to it, you can select 'Add the file(s) to an existing application definition'.

undefined

If you do not wish to add this to an existing definition, you can create a new application definition for it.  Choose 'Create a new application definition' and type a name for your application in the textbox. 

undefined

Rules

Note: You will not get this section if using a matching application. You will if you choose to add to an existing application.

 

Next, you will need to create the rule for your new application.   Your choices are: 

  • 'Create a rule for the application automatically based on this file' - This will allow ThreatLocker to permit this one file. For a single executable, this will be fine.  However, in the cases of an installer, only a single file will be permitted and all the other files required for installation will be blocked.  
  • 'Automatically catalog files using Learning Mode' - This will put the requesting computer into learning mode, file blocking will be temporarily disabled, and the files that are installing and executing that would have been caught by the default-deny policy will be cataloged.  Learning Mode is helpful for updating software that is currently installed on the computer.
  • 'Automatically catalog files that are installed using Installation Mode' - This will put the requesting computer into installation mode.  File blocking will be temporarily disabled and all the files that are installing that would have been caught by the default-deny policy will be cataloged. Installation Mode is helpful for installing software that doesn't currently exist on the computer.
  • 'Manually choose options'- This will allow you to create a custom rule using path, process, created by, and certificate. In the case of a file that is frequently changing hash, ThreatLocker will recommend this manual option and will also select the options it recommends you use. 

For more information on the difference between Learning Mode and Installation Mode, please see our related article here.

undefined

Actions

This is where you will decide what type of policy you want to create for this application.   

  • 'Deny the application explicitly' - This option will deny this application and the end user will no longer receive a popup to request access to this application. 
  • 'Permit the application and add Ringfencing restrictions' - This option permits the application and allows you to add in Ringfencing restrictions.   
  • 'Permit the application without restriction' - This will permit the application without adding Ringfencing restrictions. 
  •  'Don't create any new policies, just update the application definition' - This will not create a policy for this application, only an application definition.  This is useful if it is an update to an existing application you have a policy for.  If you don't have a policy for it, this application will not be able to run until you create a policy for it. 
undefined

Policy Expiration 

Here you can select an expiration date for this policy if you wish. 

undefined

Elevation 

If you have an Elevation license, here you can decide if you would like to assist in elevating this application or not.  If you choose 'Do not assist with elevation', and the end user needs to use elevation, they will receive a ThreatLocker popup window so they can request elevation. 

undefined

Policy 

This is where you choose where to apply the new policy to: 

  • The entire organization - applies the policy to the entire organization 
  • A computer group - applies the policy just to a specified computer group 
  • This computer only - applies the policy just to this computer 
undefined

Administrator Notes 

This is where you can put ticket or requestor information, or comments if your internal policies require this.  

undefined

 The blue 'Save' button in the bottom right corner needs to be clicked to save your policy.  You will not need to click 'Deploy Policies' because the change will automatically be applied with no further input. Within a minute, the end user will be able to run the requested software.