View in Browser To assist you in creating the most concise search results possible, ThreatLocker has added the ability to specify multiple parameters within a single search field in the Unified Audit. Utilizing the pipe symbol "|", you can combine the exact parameters you wish to include, exclude, or use a combination of both. All textboxes in the Unified Audit page will support the use of the "|" symbol.

View in browser View our showcase video of this feature here The release of ThreatLocker’s new Approval Center brings about a plethora of changes. Here we will cover the significant differences between the two builds. Previously the Approval Center allowed you to either permit a file or ignore it by the use of the following two buttons: The approval center has eliminated these buttons and now allows for optimum configuration.

The first improvement you will notice is that the ‘Monitor Only’ mode box has been removed. It has been replaced with a quick dropdown ‘Status’ box which represents the current security status of ThreatLocker and provides a quick way of changing this status.   Enabling Protection The ‘Enable Protection’ box ends all maintenance periods and secures all the selected computers. At any time, to end all maintenance periods and re-enable protection, select the box next to the computer you wish to end maintenance on and enable protection on and click the ‘Enable Protection’ box placing the selected computer into a ‘Secured’ status.

View in Browser Navigate to the Organizations Page. Choose the 'New Organization' button at the top of the screen. It will populate a window where you can configure the settings for your new organization.   General Tab Under the 'General' tab, you can enter the name of the organization. In the 'Identifier' blank, you will need to put the name of the organization as it is in your RMM if you use one.

The use of Tags requires Agent version 6.0 or greater Tags are a collection of items that can be applied to Network policies with Ringfencing. They can contain strings, with or without wildcards, IPv4 addresses or IPv6 addresses. Tags are very efficient to manage and any changes made to the tag are automatically applied to the endpoints. The same tag can be easily applied to multiple policies.  Creating Tags To create a tag, navigate to 'Application Control'.

View in browser Overview The following article covers the steps required to disable Tamper Protection. Tamper Protection can be disabled on a single device or be disabled on multiple devices at once. Please note that disabling Tamper Protection will place computers that are in Learning Mode into Secured Mode. To avoid this, computers should be placed into Monitor Only Mode before disabling Tamper Protection. Disabling Tamper Protection For a Single Computer Log into the ThreatLocker Portal.

We do not suggest doing this to a default policy. Setting this up on a default policy may lead to a large amount of unwanted emails. If you would like to set up ThreatLocker to email you when a particular policy is matched, first navigate to the Organizations page and manage the organization you want to enable this on.   Navigate to Application Control > Policies. Change the dropdown in the Applies To menu to reflect your desired policy location.

ThreatLocker has incorporated some very useful reports to help our clients consolidate needed information into an easy and useable form. To access these reports, navigate to the Reports page. Here you will see 2 dropdown menus: Category and Report. Category All - this will show you all the report options Applications - this is the location of your application reports Approval - this will show you your approval request report options Audit - this is where you access your blocked file reports and process count Computers - this populates a list of computer reports you can run Policies - this provides your policy reports Storage Control - this shows deleted file reports and processes accessing a UNC report Storage Devices - this will give you a report of your USB Serial Numbers

View in Browser When you click 'Get help from a Cyber Hero' a ticket will be automatically opened for you. To view, edit, or close any ticket, navigate to the Help Desk Page by clicking 'Help Desk' in the menu down the left-hand side. New tickets can also be opened from the Help Desk Page. To Open A New Support Ticket Click the 'Open New Ticket' button located at the top right of the screen.

 Log into the ThreatLocker Portal and navigate to ‘Application Control’ and then to ‘Policies’. You can select who the policy applies to in the upper right-hand corner of the portal.  Policy Group Hierarchy  Global Global Workstations or Global Servers Entire Organization Computers Computer Groups Global policies run first, then the global workstations or servers, then the entire organization, followed by computers and computer groups are last.

View in Browser The Login Settings Page provides a central location to manage the Geo Restrictions and MFA settings on your ThreatLocker account. Here, you can set restrictions on organization-wide Geo Restrictions by countries and/or IP addresses, restrict MFA options, and override the MFA restrictions for specific users.  Navigate to Security Center > Login Settings. Geo Restrictions In the Geo Restrictions tab, you can specify countries and/or IP addresses from which logins to your ThreatLocker account are permitted or prohibited.

The "Administrators" tab is located in the menu under the ThreatLocker logo on the left-hand side of the portal. After you've chosen your organization and managed it, the Administrators tab will populate any and all relevant admins for your organization. This guide will talk about the different buttons found on this part of the portal. New Administrator This button is used for creating a new administrator for your organization.

View in Browser OTC (one-time-code) authentication enables you to use the authentication application of your choice for 2-Factor Authentication.   Navigate to the Administrators page. Select the 'Edit' button next to the user you would like to enable OTC for. In the popup window, scroll to the 2-Factor Authentication section. From the dropdown menu, select OTC. A QR Code will appear below the dropdown menu. Scan this QR Code with the authentication application of your choice.

View in Browser This feature has currently been released for public Beta testing. Passwordless Authentication allows you to enable 2-factor authentication without using an authentication application. Once configured, an automated phone call will be made to the phone number you have set up. You will be required to answer the phone and input your preconfigured 4-8 digit PIN number into the telephone's keypad before being logged into the ThreatLocker Portal.

View in Browser The System Audit Page is where the activity in your ThreatLocker organization is logged.  Navigate to Security Center > System Audit. You can view this System Audit per organization, or you can view all your organizations' activity by selecting 'Show audit for all child organizations' in the parent organization's System Audit. Search Filters Much like the Unified Audit page, there are multiple filters you can apply when searching this audit to refine your search results.

O356 SSO can only be enabled and set up by a ThreatLocker super-admin.   To enable SSO on existing administrator accounts, you will need to have a password reset email sent by the Cyber Heroes. ThreatLocker does not recommend using SSO for your ThreatLocker Account because SSO relies on the security of a 3rd party and that security is out of ThreatLocker's control.  Currently, 0365 SSO requires the settings in Azure to be configured to 'Allow user consent for apps'.

By utilizing advanced maintenance modes, you will have the opportunity to schedule maintenance modes as well as customize the modes to fit your needs. From the Computers page, select 'Advanced' from the quick dropdown menu OR select the 'Maintenance Mode' button next to the computer you wish to enable an advanced maintenance period on.  Both options will open the 'Maintenance Schedule' window. In the top left, select the desired maintenance type from the 'Maintenance Type' dropdown menu.

The Tray Redirect URL for a policy can be added and/or modified from the policy popup.

The Storage Policy Tray Notification and Window appearances can be modified and saved to a Deny Request Storage Policy. The Elevation Tray content can be edited and successfully saved to a Computer Group.

Storage Request policy names and options can be modified directly from a request/approval.  Available options include: What paths should this apply to? Apply to all file paths Apply to selected file path What type of interface should this apply to? All Interfaces Select an interface Should this policy apply only to encrypted devices? Apply to both encrypted and not encrypted devices Only encrypted Devices Only not encrypted devices 

When deleting an Application or Storage Device with applied policies, the user will be prompted with a list of affected applications on the Applications page and storage devices on Storage Devices page. A confirmation dialogue is displayed alerting the user that applied policies will be deleted as well.

You can customize the text which appears on elevation alerts and storage requests. Additionally, you may specify a Redirect URL. Once this optional feature is configured, clicking the Send Request button will open a browser window displaying the specificed URL on the requesting user's device.

The Realtime Action Log will show you everything that is happening on your computer in realtime. This display can be viewed by right clicking on the ThreatLocker tray icon and then selecting "Realtime Action Log".