Company logoHelp Center
Visit www.threatlocker.com

Removing Application Control Policies

2 min. readlast update: 05.14.2024

A month or two after you have completed your onboarding with ThreatLocker, it is a good practice to review your policy list and remove any duplicate, unwanted, or unused policies. If a policy is not being used, it provides no value to you.

To view which policies are actively being used in your environment, navigate to the Application Control > Policies page. From here, you can select the refresh to the right of 'Last Match,' or you can select the 'Update Last Match Date' button located within the Policy Management Menu.

 

This will update the 'Last Match' column. This process could take up to an hour to complete.  

 

If you have policies that have never been matched or are no longer being matched, you can remove them one by one or en mass by leveraging the 'Remove Unused Policies' button. Keeping your policy list short is ideal for maintaining good control over your environment.

 

Removing Individual Policies

Navigate to the Application Control > Policies page. You can select policies to remove by clicking the checkbox to the left of the policy name(s) you wish to remove and then select the 'Delete Policy' button. The number of selected policies will apprear on the button.

 

In the screenshot above, you can see this policy doesn't have a 'Last Match' so it is not being used.

 

Leveraging the Remove Unused Policies Button  

Navigate to the Application Control > Policies page. Select the 'Remove Unused' button at the top of the page located within the Policy Management Menu. 

A date box will appear. By default, the date is set to one month prior. You can change this date to whatever you prefer. All policies that have NOT been matched since the date you selected will be removed with a couple of exceptions.  

  • ThreatLocker's default policies will not be removed using this button.  
  • Any policies that were created within the time frame you selected will also not be removed.  
  • No policies that are currently being used will be removed.  
  • No policies set to explicitly deny an application will be removed.

Select the 'Remove' button once you have made your date selection.

Select 'Remove All' to remove all unused policies across the entire organization once you have made your date selection. Please proceed with caution, this action will remove unused policies for all hierarchy levels of your organization.

Was this article helpful?