Using Storage Control policies, you can prevent access to your shares by any computer not running ThreatLocker. You will need to create 2 basic policies on your server: a policy to deny remote access to your file shares to all remote computers, and a policy to permit remote access to only remote computers running ThreatLocker. ThreatLocker will use a Microsoft call to verify that the ThreatLockerService is running. These policies will protect your files from the server side, allowing only computers running ThreatLocker to access the shares you specify.
Note: Remote Presence will only be supported by Windows Version 8.1/Windows Server 2012 R2 and above.
Prerequisite: Beginning in Windows agent version 8.5.3, Remote Presence is disabled by default in the agent. You will need to configure the option "EnableRemotePresence" on the desired level to enable this feature. Visit the following article for configuring options:
Options Tab: Choices and Descriptions: for the Computers Page, the Computer Groups Page, and the Entire Organization Page | ThreatLocker Help Center (kb.help)
Creating a Deny Policy
Navigate to Storage Control > Policies > New Storage Policy
Select either the specific server you are protecting or your entire server group from the 'Applies To' menu to create these policies on the server you are protecting.
Name your policy > Set it to Deny > Choose Read & Write.
Choose 'All Remote Computers'.
You can apply this to the entire organization and then specify your share file paths. You can add multiple paths in this list by clicking 'Add' between each entry, and after the final entry.
It is important to note that you must use the server's local file path (e.g. c:\share\*, not \\fileserver\share\*)because these policies are placed on the server.
ThreatLocker does not monitor all local files paths by default, so selecting 'Apply to all file paths' will not work. You must choose 'Let me select file paths' and add in your path(s).
Leave the default settings to apply to all devices and interfaces, apply to both encrypted and not encrypted devices, and apply to all users and groups.
You can apply to all programs, set it to never expire, choose if you want it audited and/or if you want to be emailed when the Policy is matched. Click 'Save'.
When a user tries to access the share from a computer not running ThreatLocker, they will receive an error.
Creating a Permit Policy
Now you need to create a second policy to allow access to these same shares only to remote computers running ThreatLocker.
Place this policy on the same server or server group that you placed the 'Deny' policy. For this policy, set it to permit and apply to 'Only Computers running ThreatLocker'. Be sure you specify the same file path as in the deny policy. In our example, that is C:\Share\*. You can make all the other selections the same as the previous policy.
Click 'Save'. Now you need to be sure that your deny is set below your permit policy(ies) so it doesn't block desired access. Just like application policies, these process from the top down. Be sure to deploy policies when you are finished.
Now, when a PC attempts to access the specified share, it will check to be sure that ThreatLocker is running on the end point before it will be permitted to access anything in this shared folder.