ThreatLocker can allow access to remote workstations when accessing a fileserver network share containing hosted executables that are not being allowed locally on the server. Windows currently flags those files as a read from the workstation but then also flags those files locally hosted as an execute, despite the workstation being the host actually executing the file.
With application control, if a rule is not allowed on the file server to allow it to run locally (even though a remote workstation executes it), it gets blocked, and the workstation will not be able to access it even if a rule is in place for the workstation.
To solve this, we can create an application definition with a custom rule using path and process for the file server. Below, we have provided an example rule:
Path:
c:\shares\shared folder\*
Process:
[]
A "[]" rule for process indicates the file needs to be run from a remote process to be allowed on the fileserver side. You will need to adjust the local path to point at your fileserver directory. The policy using these rules would be placed on the Server's computer group or on the individual fileserver directly. We still consider this configuration to be secure because if the fileserver itself tried to have the file run locally, it would be blocked unless permitted through another policy. Furthermore, the workstation will still need a rule to allow the file to run on its side to allow execution on the remote side.