Ringfencing File Access

4 min. readlast update: 01.25.2024
Note: This article contains directions for both the ThreatLocker Portal and the ThreatLocker Legacy Portal. If you are using the Legacy Portal, you can find the appropriate directions by scrolling down in the article.  

Ringfencing gives you the ability to restrict an Application's ability to access files. Under the 'Files' tab, once you select the checkbox next to 'Enable Advanced Ringfencing to protect access to files', you will be preventing that Application from accessing your protected files unless you specifically permit it by adding the file path you wish to allow access to. 

undefined

 

By default, protected files are any network shares, any external storage such as USB drives, and on newer ThreatLocker deployments your Desktop and Documents folders. You can add additional monitored paths by adding storage policies to them.   

ThreatLocker recommends you have storage policies in place, even if they are set to monitor only, for any files you want to protect.  

To add a file path, type it into the 'Path' textbox, choose to permit or deny, read or read & write permission, and then click 'Add'. If you have permitted c:\users\*\Documents\* but you want to deny c:\users\*\Documents\accounting, type in c:\users\*\Documents\accounting\* and choose 'deny' as the action, and then you will be permitting access to all of the documents folder except the accounting subfolder, and that will be denied.  

Note: Exclusions are hierarchized in a top-down order.

undefined

 

Notice the uses of wildcards in the path. You have the ability to use multiple wildcards if needed when specifying a specific file path to incorporate entire folders, and/or any username. If you wanted to allow an Application to only access a specific file type, you can specify that with a wildcard. (e.g. *.pdf) You can even specify that an Application can access only certain file types in a specific folder. (e.g. c:\users\*\Documents\*.pdf)  

When you are applying Ringfencing to an Application that has previously not had Ringfencing applied, it is very important to place that specific Policy into a Monitor Only Status for about a week.  

Failure to place a new Ringfencing Policy into a Monitor Only Status for a week may possibly impact your day-to-day business operations.

Ringfencing - Application Interaction

Ringfencing- Internet Access

Ringfencing - Registry Activity

Ringfencing a New Application 

Ringfencing File Access in the Legacy Portal

View in Browser

Ringfencing gives you the ability to restrict an Application's ability to access files. Under the 'Files' tab, once you select the checkbox next to 'Enable Advanced Ringfencing to protect access to files', you will be preventing that Application from accessing your protected files unless you specifically permit it by adding the file path you wish to allow access to. 

undefined

 

By default, protected files are any network shares, any external storage such as USB drives, and on newer ThreatLocker deployments your Desktop and Documents folders. You can add additional monitored paths by adding storage policies to them.   

ThreatLocker recommends you have storage policies in place, even if they are set to monitor only, for any files you want to protect.  

To add a file path, type it into the 'Path' textbox, choose to permit or deny, read or read & write permission, and then click 'Add'. If you have permitted c:\users\*\Documents\* but you want to deny c:\users\*\Documents\accounting, type in c:\users\*\Documents\accounting\* and choose 'deny' as the action, and then you will be permitting access to all of the documents folder except the accounting subfolder, and that will be denied.  

 

undefined

 

Notice the uses of wildcards in the path. You have the ability to use multiple wildcards if needed when specifying a specific file path to incorporate entire folders, and/or any username. If you wanted to allow an Application to only access a specific file type, you can specify that with a wildcard. (e.g. *.pdf) You can even specify that an Application can access only certain file types in a specific folder. (e.g. c:\users\*\Documents\*.pdf)  

 

When you are applying Ringfencing to an Application that has previously not had Ringfencing applied, it is very important to place that specific Policy into a Monitor Only Status for about a week.  

Failure to place a new Ringfencing Policy into a Monitor Only Status for a week may possibly impact your day-to-day business operations.

 

Ringfencing - Application Interaction

Ringfencing- Internet Access

Ringfencing - Registry Activity

Ringfencing a New Application

Was this article helpful?