ThreatLocker Health Center and Health Report

3 min. readlast update: 07.02.2024

Health Center

Health Center is a dynamic and customizable dashboard containing all the information you may need to keep your network and endpoints secure and operational. 

The Health Center is where you can get an “at-a-glance" overview of your organization and it checks whether you have vulnerabilities such as: 

  1. Permit All” Threatlocker policies, which are policies that would permit all applications in your environment.  
  2. Network Control Deny Policies, this would check whether your Network is secured via Threatlocker’s Network Control by way of denying any access that isn’t covered by a permit rule.
  3. Monitor Only Policies/Computers, these are policies that should be denying applications, but their status is set to “monitor only” instead of inherit or secured. Monitor Only Machines are machines that are not in a secured or learning state and are instead not denying any applications while not learning any new files.
  4. Allow File Access Policies, these are policies with ringfencing enabled; however, they don’t have any File Ringfencing enabled which could potentially be a vulnerability by giving an application access that it doesn’t require.
  5. Missing Remote Prescence, these are computers in your group called "Servers" that don't have remote presence policies in place. 
  6. Permitted Path Rules, these are policies that permit an application which has a file with a path only rule (no cert, no hash, etc.). This allows anyone to move files into that location to be permitted.
  7. Remote Management, these policies open networks and endpoints up to vulnerabilities and should be used as needed but not kept in place when not in use.
  8. Unused Policies, these policies have not been used in 6 weeks (about 1 and a half months) and should be considered for removal to reduce clutter and avoid vulnerabilities in retired software. 

Furthermore, the Health Center Gives you a summary of the Unified Audit (9) as well as the geolocation of recent Threatlocker Logins (10). 

 

Health Report

The Health Report offers valuable insights into ongoing activities within an organization's environment, supplemented by actionable recommendations empowering users to bolster their organization's overall protection. 

Details Included in the Health Report

  • Device Count:
    •  The percentage of devices with ThreatLocker deployed.
    • Devices secured vs devices not secured in the organization.
  • Applications:  
    •  Permitted applications. 
    • Applications that are permitting known vulnerable files, such as Log4j.
    • Breakdown of applications with a foreign origin.
    • Telemetry data: descriptions of the applications permitted on the org.
    • Software to prioritize and review, including applications that have previous vulnerabilities or might be susceptible to:
      • Remote Tools and Software
      • Password Managers
      • Games and Entertainment
      • VPN Tools 
  • Policies:  
    • Policies that are permitting applications.
    • Policies that have not been used.
    • Storage policies that are restricted.
    • Elevation Policies
    • Default Deny Network Policies
    • Ringfenced Policies
Was this article helpful?