Note: This article contains directions for both the ThreatLocker Portal and the ThreatLocker Legacy Portal. If you are using the Legacy Portal, you can find the appropriate directions by scrolling down in the article.
Ringfencing™ enables you to block an application from accessing the internet altogether. Or you can specify only certain websites that you know this application needs to access.
To set up internet Ringfencing restrictions on your own policy, select the checkbox next to 'Restrict these applications from accessing the internet?'. Then, you will type in the exclusions you want to allow access to, using wildcards and subnets as necessary. Be sure to click 'Add' after each entry.
Exclusions
Exclusions are tied to the individual policy and allow you to specify IPv4 addresses, IPv6 addresses, or domain names the application can access. Changes made to exclusions do not require you to restart the application or deploy policies.
Please Note: Any changes made to Internet Exclusions will automatically save and be applied to the policy.
For more information on using automatic Learning mode to learn Ringfencing Exclusions, see our associated article How to use Ringfencing Internet Exclusions.
Domain Name
To add a domain name to the 'Exclusions' list, choose 'text' from the 'Type' dropdown menu and then type in the text you wish to include in the tag. You can use wildcards in the text string. Then click the 'Add' button to add your chosen domain to the list below.
When you are using wildcards in the domain name, be careful not to place a wildcard at the end of a domain name. An attacker could easily set up a domain with a name that begins the same as a trusted, legitimate address. (e.g. www.google.malicious_site.com)
IPv4
To add an IPv4 address, choose 'IPv4' from the 'Type' dropdown menu and then type the address you want to include in the tag. Then click the 'Add' button to add your Value to the list below.
IPv4 Subnet
To add an entire subnet of addresses, choose 'IPv4' from the 'Type' dropdown menu and then type the address of the subnet you want to include in the tag using CIDR notation. Then click the 'Add' button to add your subnet to the list below.
IPv6
To add an IPv6 address, choose 'IPv6' from the 'Type' dropdown menu and then type the address you want to include in the tag, being sure to click the 'Add' button when you are finished.
Changes to Exclusions happen in real time. You do not need to click 'Save'; you can exit out of the window.
If you ever need to delete an item, select the delete button next to the Exclusion you want to remove.
Tags
Tags are collections of items that can be applied to Network Control policies and Application Control policies with Network Ringfencing. They can contain strings, with or without wildcards, IPv4 addresses or IPv6 addresses. Tags allow for efficient, centralized management of allowed network domains and IP addresses, as they are shared across all of your child organizations. The same tag can be easily applied to multiple policies across your various clients.
When you are applying Ringfencing™ to an Application that has previously not had Ringfencing™ applied, it is very important to place that specific Policy into a Monitor Only Status for about a week.
Failure to place a new Ringfencing Policy into a Monitor Only Status for a week may possibly impact your day-to-day business operations.
Ringfencing - Application Interaction
Ringfencing - Registry Activity
Ringfencing™ Internet Access in the Legacy Portal
Ringfencing™ enables you to block an application from accessing the internet altogether. Or you can specify only certain websites that you know this application needs to access.
Custom Rules
Custom Rules are a legacy feature and when possible ThreatLocker recommends using Exclusions instead as they are more efficiently managed, do not require an application restart, and can be automatically learned. If you are applying Tags, they will need to be applied in the 'Custom Rules' tab.
Exclusions
Exclusions are very efficient to manage. Here, you can specify IPv4 addresses, IPv6 addresses, or domain names the application can access. Changes made to exclusions do not require restarting the application or deploying policies.
Please Note: Any changes made to Internet Exclusions will automatically save and be applied to the policy.
For more information on using automatic Learning mode to learn Ringfencing Exclusions, see our associated article How to use Ringfencing Internet Exclusions.
To set up internet Ringfencing™ restrictions on your own policy, select the checkbox next to 'Restrict these applications from accessing the internet, except for the below rules'. Then you will type in the exclusions you want to allow access to, and you can use wildcards as needed. Be sure to click 'Add' after each entry.
Domain Name
To add a domain name to the 'Exclusions' list, choose 'text' from the 'Value' dropdown menu and then type in the text you wish to include in the tag. You can use wildcards in the text string. Then click the 'Add' button to add your Value to the list below.
When you are using wildcards in the domain name, be careful not to place a wildcard at the end of a domain name. An attacker could easily set up a domain with a name that begins the same as a trusted, legitimate address. (e.g. www.google.malicious_site.com)
IPv4
To add an IPv4 address, choose 'IPv4' from the 'Value' dropdown menu and then type the address you want to include in the tag. Then click the 'Add' button to add your Value to the list below.
IPv4 Subnet
To add an entire subnet of addresses, choose 'IPv4' from the 'Value' dropdown menu and then type the address of the subnet you want to include in the tag using CIDR notation. Then click the 'Add' button to add your Value to the list below.
IPv6
To add an IPv6 address, choose 'IPv6' from the 'Value' dropdown menu and then type the address you want to include in the tag, being sure to click the 'Add' button when you are finished.
Changes to Exclusions happen in real-time. You do not need to click 'Save'; you can simply exit out of the window.
If you ever need to delete an item, simply select the delete button next to the Exclusion you want to remove.
When you are applying Ringfencing to an Application that has previously not had Ringfencing applied, it is very important to place that specific Policy into a Monitor Only Status for about a week.
Failure to place a new Ringfencing Policy into a Monitor Only Status for a week may possibly impact your day-to-day business operations.
Ringfencing - Application Interaction