Ringfencing File Access
Ringfencing gives you the ability to restrict an Application's ability to access files. Under the 'Files' tab, once you select the checkbox next to 'Enable Advanced Ringfencing to protect access to files', you will be preventing that Application from accessing your protected files unless you specifically permit it by adding the file path you wish to allow access to.
By default, protected files are any network shares, any external storage such as USB drives, and on newer ThreatLocker deployments your Desktop and Documents folders. You can add additional monitored paths by adding storage policies to them.
ThreatLocker recommends you have storage policies in place, even if they are set to monitor only, for any files you want to protect.
To add a file path, type it into the 'Path' textbox, choose to permit or deny, read or read & write permission, and then click 'Add'. If you have permitted c:\users\*\Documents\* but you want to deny c:\users\*\Documents\accounting, type in c:\users\*\Documents\accounting\* and choose 'deny' as the action, and then you will be permitting access to all of the documents folder except the accounting subfolder, and that will be denied.
Notice the uses of wildcards in the path. You have the ability to use multiple wildcards if needed when specifying a specific file path to incorporate entire folders, and/or any username. If you wanted to allow an Application to only access a specific file type, you can specify that with a wildcard. (e.g. *.pdf) You can even specify that an Application can access only certain file types in a specific folder. (e.g. c:\users\*\Documents\*.pdf)
When you are applying Ringfencing to an Application that has previously not had Ringfencing applied, it is very important to place that specific Policy into a Monitor Only Status for about a week.
Failure to place a new Ringfencing Policy into a Monitor Only Status for a week may possibly impact your day-to-day business operations.