Overview
ThreatLocker Override Codes allow you to disable different aspects of ThreatLocker on a computer that does not have access to the internet or the ThreatLocker Data Centers. What you can disable is dependent on the version of ThreatLocker you are running.
- Below ThreatLocker Version 7.6, you are able to disable Application Control.
- ThreatLocker Version 7.6 and above, you are able to disable Application Control and Tamper Protection.
- In ThreatLocker Version 8.2 and above, you can disable Application Control, Tamper Protection, and Network Control.
- ThreatLocker Version 8.3 and above, you are able to disable Application Control, Tamper Protection, Network Control, and Storage Control.
On ThreatLocker Versions 7.6 and Above
Machines on ThreatLocker Versions 7.6 and newer have Override Codes by default. Admins can run the report "Override Codes (Agent 7.6 or above)" to see the unique override code linked to each hostname. These unique codes are automatically regenerated every day per computer you have installed in the portal. The most recent code registered for a machine is based on its most recent check-in. Your code is active for 24 hours. If the machine is restarted or the override code is stopped, you will be issued a new code the next time you check-in. If a machine is offline for more than 24 hours, the code will regenerate upon the next check-in.
To end the override state, navigate to the the ThreatLocker Tray and right click, select "Override", then select "Stop Override" from the popup.
NOTE: There may be a delay of up to 10 seconds for the ThreatLockerService to fully remove the Override functionality
On Windows XP
In the ThreatLocker portal, navigate to Custom Reports. Select and run the report, "Override Codes (9.2 or above)".
Starting Override
On the machine that will be placed into Override, navigate to c:\documents and settings\All Users\Application Data\threatlocker\. Create a new text file in this directory named override.txt. Paste the override code from the Override Codes 9.2 or above) into the text file and save it.
After about 10 seconds, the machine should go into an override state. This will disable Application Control, Tamper Protection, and Storage Control.
Ending Override
To end the override state, either delete the override.txt file or delete the code and save the files. The next time the service searches for the override.txt file, the override will end and Application Control, Tamper Protection, and Storage Control will be re-enabled.