ThreatLocker Application Control Agent Data Collection
When using the ThreatLocker Application Control agent, certain information is collected to provide the services. ThreatLocker does not share information collected by the ThreatLocker agent with third parties.
The following document outlines the information collected by the ThreatLocker Application Control agent.
- Computer Hostname.
- Public IP Address of the Computer;
- The date and time the agent connected to the ThreatLocker data centers;
- Logged in Username of the Computer, including the domain name (e.g. DOMAIN\JohnDoe).
- When a program file is executed on the endpoint, the following information is collected and stored in the audit:
- The full path of the file
- An irreversible hash of the file
- Information about the signer of the file, including the certificate subject and SHA
- The file size
- The serial number of the hard drive
- The username that opened the file
- The computer name that the file was opened on
- In addition to section 5, the ThreatLocker Agent also collections the same information for programs and executables found on the computer during the initial baseline. This information is only collected for the initial policy creation and is only stored temporarily.
ThreatLocker stores information for the retention period defined in the Customer Agreement. The default retention for Application Control is 30 days but can be extended for an additional charge or reduced without charge.