The ThreatLocker Detect product includes an Event Log Watcher that is designed to monitor the Windows Event Log for important security and system activity. In most environments, this process runs quietly in the background with minimal resource usage.
However, in certain Windows configurations, particularly on systems that generate large volumes of event logs, the Event Log Watcher may receive events faster than it can process them, causing increased memory usage.
The <a rel="noopener noreferrer" href="https://threatlocker.kb.help/options-tab-choices-and-descriptions-for-the-computers-page-the-computer-groups-page-and-the-entire-organization-page/" target="_blank">Option</a> "UseBlockingCollectionOnWatcher" can be enabled to normalize memory usage.
When this Option is enabled, the Event Log Watcher will use blocking collection logic, which helps to regulate the flow of incoming events so they are processed in a more controlled and efficient manner.
&nbsp;
&nbsp;
&nbsp;
&nbsp;
&nbsp;

The ThreatLocker Detect product includes an Event Log Watcher that is designed to monitor the Windows Event Log for important security and system activity. In most environments, this process runs quietly in the background with minimal resource usage.

However, in certain Windows configurations, particularly on systems that generate large volumes of event logs, the Event Log Watcher may receive events faster than it can process them, causing increased memory usage.

The "UseBlockingCollectionOnWatcher" can be enabled to normalize memory usage.

When this Option is enabled, the Event Log Watcher will use blocking collection logic, which helps to regulate the flow of incoming events so they are processed in a more controlled and efficient manner.

 

 

 

 

 

Reducing System Impact in High-Volume Windows Event Log Environments

Preventing the Exploitation of CVE-2023-23397

Microsoft Peer-to-Peer Updates

ThreatLocker Endpoint Security Quality Guarantee

Eaglesoft and ThreatLocker Computers Not Checking In

Applying Policies to Users or Active Directory Groups

Blocking and Permitting USB Drives

Computer failing to update

Create a Computer Group that does not learn

Creating a New Administrator

Default Computer Group Policies

Email Parsing Rules in ConnectWise Manage

Excluded Processes

Getting your Unique Identifier from ThreatLocker

Hermetic Wiper: ThreatLocker Recommended Policy

Log4J Vulnerability

Managing Application Definitions

Managing Application Policies

Merging Application Definitions

Notifications for Requests

Permitting All Signed Files in a Directory

Permitting Blocked Files

Preventing BitLocker from being Weaponized

Restarting the ThreatLocker Agent

Setting the ThreatLocker Agent Update Channel 

Setting Up SMS Alerts for ThreatLocker Requests

Setting up the Active Directory Sync Service

ThreatLocker Application Control Agent Data Collection

ThreatLocker Override Codes

ThreatLocker Tray Notifications Are Not Displaying Upon Blocked Application Executions

ThreatLocker Stub Installer

Trusting an Application by a Certificate

Uninstalling the ThreatLocker Agent

Uninstalling the ThreatLocker Agent on Windows XP 

Updating the ThreatLocker Version on a Single Computer

User Permissions 

Using Learning Mode to Track Installed Files from an RMM or Software Deployment Tool

Using the Console App to Verify the ThreatLocker MAC Agent is Running

Why is an application that matches a built-in application being blocked?

Windows 11 Upgrade and ThreatLocker 

ThreatLocker Security and Privacy

Trial Expiry

The ThreatLocker Testing Environment

Allowing ThreatLockerService to Retrieve your AD Groups

Customer Deal Registration

ThreatLocker Mitigation and GoAnywhereMFT Zero-Day Exploit

Rubber Ducky Data Exfiltration | Google Bucket

Preventing the Exploitation of MOVEit Vulnerability (CVE-2023-34362)

Changes to Elevation in ThreatLocker Version 8.2

Browser Extensions Affecting the ThreatLocker Testing Environment

Retrieving Your Computer ID

ThreatLocker Agent Tray

Protecting Fileservers While Allowing Remote Machines to Access Shared Files



Browser Extensions Affecting ThreatLocker Portal Performance

How to Use .NET Regex Within ThreatLocker

SSL Inspection

ThreatLocker Health Center and Health Report

Portal 2.0.1 Maintenance Mode Permission Changes

Guide to the TLProxyTester Application

Configuring Defender Virus & Protection Settings using Configuration Manager

Controlling Access to M365 Resources Using Conditional Access and Named Locations