Help CenterOverview
ThreatLocker Override Codes allow you to disable different aspects of ThreatLocker on a computer that does not have access to the internet or the ThreatLocker Data Centers. What you can disable is dependant on the version of ThreatLocker you are running.
- Below ThreatLocker Version 7.6, you are able to disable Application Control.
- ThreatLocker Version 7.6 and above, you are able to disable Application Control and Tamper Protection.
- ThreatLocker Version 8.2 and above, you are able to disable Application Control, Tamper Protection, and Network Control.
- ThreatLocker Version 8.3 and above, you are able to disable Application Control, Tamper Protection, Network Control, and Storage Control.
On ThreatLocker Versions 7.6 and Above
Machines on ThreatLocker Versions 7.6 and newer have Override Codes by default. Admins can run the report "Override Codes (Agent 7.6 or above)" to see the unique override code linked to each hostname. These unique codes are automatically regenerated every day per computer you have installed in the portal. The most recent code registered for a machine is based on its most recent check-in. Your code is active for 24 hours. If the machine is restarted or the override code is stopped, you will be issued a new code the next time you check-in. If a machine is offline for more than 24 hours, the code will regenerate upon the next check-in.
To end the override state, navigate to the the ThreatLocker Tray and right click, select "Override", then select "Stop Override" from the popup.
NOTE: There may be a delay of up to 10 seconds for the ThreatLockerService to fully remove the Override functionality
