Storage Control Policies

3 min. readlast update: 02.07.2024

Storage control gives you very granular control over who and what can access your important shares. It can allow you to block any or all external storage devices from being able to reach your shares, helping to prevent data loss. Storage control policies are processed from the top down, so any permit policy needs to be located above the deny policy. These policies can easily be reordered by dragging and dropping.

Creating a New Storage Control Policy

 Navigate to Storage Control > Policies > New Storage Policy 

 

undefined

First, you will name your policy. In the example, the policy was named Testingstorage.

Next, you will choose if this will be a 'Permit' or a 'Deny' policy. And if it will apply to 'Read' or 'Read & Write'.

undefined

 

undefined

 

Choose if this will apply to 'All Remote Computers' or 'Only Computers Running ThreatLocker'. 

You can 'Apply to the entire organization' or 'Select a computer or a group'. 

undefined

Next you can choose 'Apply to all file paths' or 'Let me select file paths'. If you choose the latter, then you will specify the file paths you want to permit or deny. You can add multiple paths in this list clicking 'Add' between each entry, and after the final entry.  

undefined

In this example, this policy applies to any items in the folder \\test2\share and any items in the \\test1\ folder. Notice the use of the '*' wildcard in the path. The wildcard stands for any variable, and any number of variables. So any file name in these folders is covered in this policy. Wildcards could also be placed in the middle of the file path such as \\user\*\share\*. In this example, the wildcard takes the place of the user name.  

Please note: If you remove or disable all the default Storage Control Policies, you will need to specify a drive letter to be monitored on subsequently created policies. For example, if you disable the default policies, but want to prevent all .txt files from read & write access, you will have to specify the drive letter (i.e. c:\*.txt) in the file path textbox.

undefined

 

Now you will choose if this will 'Apply to all devices' or 'Allow me to select specific storage devices'. From there you can choose the specific devices you want this to apply to (i.e. a specific USB by serial number).

Next, you can choose 'All interfaces' or 'Select an interface'. With this, you can choose to have this policy apply to all of a specific interface such as USB, DVD, or UNC.

undefined

 

Then you can choose if this policy should apply to encrypted devices, non-encrypted devices, or both.

You can select to apply this to all users and groups, or you can be very granular and select specific users and groups.

Next you can choose to apply this policy to 'All programs' or you can specify 'Only the following programs'. The 'Auto Populate' button will give you a list of programs that ThreatLocker has learned are using this share after a learning period.  

undefined

You can set an expiration date for this policy if desired.  

You can choose if you want to record in the audit when this policy is matched.

And you can choose to have an email sent when this policy is matched, and you can specify the email to use in this last box.

 

undefined

 

Finally, don't forget to go back to the top and click 'Save'.  

Was this article helpful?