Ringfencing a New Application

3 min. readlast update: 01.15.2024

View in Browser 

Note: This article contains directions for both the ThreatLocker Portal and the ThreatLocker Legacy Portal. If you are using the Legacy Portal, you can find the appropriate directions by scrolling down in the article.  

When you are applying Ringfencing to an Application that has previously not had Ringfencing applied, it is very important to place that specific Policy into a Monitor Only Status for about a week. This allows you to identify potential denies that would have happened if the policy was enforced. 

Failure to place a new Ringfencing Policy into a Monitor Only Status for a week may possibly impact your day-to-day business operations.

To place a Policy into Monitor Only Status, you can select 'Monitor Only' from the dropdown menu adjacent to the policy name on the Application Control > Policies Page. Please note that this option will only be available on Ringfence Policies or a Deny Policy.

undefined

If you are creating a new Policy or editing an existing Policy that does not currently have Ringfencing applied, you can set the Policy to a Monitor Only Status from within the Policy window. Under the 'Actions' heading, select 'Monitor Only' from the list.

undefined

Once you have created or changed your Policy to include Ringfencing, be sure to click the Deploy Policies button. If this Policy is a Global Policy, be sure to use the 'Deploy All Policies' button located on the Organizations Page.  

undefined

On older ThreatLocker versions, Ringfencing is applied at the beginning of a process, so if this Application is currently running, you will need to shut the Application down and restart it before the changes will take effect.

With your Policy in a Monitor Only Status, you can watch the Unified Audit for a week or so and observe what Exclusions you will need to make to the Policy to be sure that daily business can continue to transpire once you Secure the Policy.

Ringfencing a new application in the Legacy Portal

View in Browser

When you are applying Ringfencing to an Application that has previously not had Ringfencing applied, it is very important to place that specific Policy into a Monitor Only Status for about a week.  

Failure to place a new Ringfencing Policy into a Monitor Only Status for a week may possibly impact your day-to-day business operations.

To place a Policy into Monitor Only Status, you can select 'Monitor Only' from the dropdown menu adjacent to the policy name on the Application Control > Policies Page. Please note that this option will only be available on Ringfence Policies or a Deny Policy.

undefined

If you are creating a new Policy or editing an existing Policy that does not currently have Ringfencing applied, you can set the Policy to a Monitor Only Status from within the Policy window. Under the 'Status' heading, select 'Monitor Only' from the dropdown menu.

undefined

Once you have created or changed your Policy to include Ringfencing, be sure to click the Deploy Policies button. If this Policy is a Global Policy, be sure to use the 'Deploy Policies' button located on the Organizations Page.  

undefined

Ringfencing is applied at the beginning of a process, so if this Application is currently running, you will need to shut the Application down and restart it before the changes will take effect.

With your Policy in a Monitor Only Status, you can watch the Unified Audit for a week or so and observe what Exclusions you will need to make to the Policy to be sure that daily business can continue to transpire once you Secure the Policy

Was this article helpful?