Ringfencing™: Your Questions Answered
Table of Contents
After our recent “What is Ringfencing™ blog, we wanted to take a deeper dive into the technical aspects of ThreatLocker’s Ringfencing™ and asked our social media audience for their burning questions. In this blog, we address six of the frequently asked questions received to share the answers with you!
If a Known-Good Application Gets Compromised, Does Ringfencing™ Prevent Intrusions/Calling Out to the Internet/PowerShell/Command Prompt?
Yes, with Ringfencing™ enabled, all your applications can be denied from having any unauthorized access to PowerShell Command Prompt or the internet. For example, during the SolarWinds attack, code was implanted by hackers meant to access the internet through the Solar Winds Orion application. Clients that had Ringfencing™ enabled blocked the application's ability to interact with the internet and download the intended malware.
How Can You Use Ringfencing™ to Prevent the Encryption of Network Shares?
Any application that doesn't need access to your network shares can be denied access to those network shares. With advanced Ringfencing™ enabled, you can get granular with your protection by dictating only the exact files you'd like to permit. For example, allowing Adobe Reader to only access PDF files so that if it is compromised, the most damage it can do is read PDF files.
Can Ringfencing™ Stop Chrome from Calling Out to Command Prompt in the Prevention of Fileless Malware?
Generally, Google Chrome and Edge Chromium do not require access to Command Prompt. However, some Chrome or Edge Chromium extensions may need to call out to Command Prompt to talk to other applications. If you don't have an extension that requires the ability to communicate with Command Prompt, we recommend that you use Ringfencing™ to limit Chrome and Edge Chromium from communicating with Command Prompt.
The default Google Chrome and Edge Chromium policies in ThreatLocker are set to block the ability of these browsers to call out to PowerShell, RegSVR32, CScript, Command Prompt, and Forfiles. This is to prevent Chrome and/or Chromium from potentially launching other applications on your system, such as running a fileless malware attack. However, if you use certain extensions, such as Password Boss, that need Chrome or Chromium to communicate with Command Prompt, you will need to edit the standard policy to allow for this specific communication.
Can Ringfencing™ Be Used without Allowlisting?
Yes, Ringfencing™ can act as a stand-alone solution and is a necessary tool to combat ransomware and other malware from extracting your data.
However, ThreatLocker does not recommend relying on Ringfencing™ alone to secure your environment. Ringfencing™ is best paired with our Allowlisting tool not only to limit what you allow but also to stop what you allow from interacting with other applications.
Talk to the Cyber Hero Team today to see Ringfencing™ in action.
