ThreatLocker Application and Storage Control Data Collection 

ThreatLocker collects and processes information as part of our scanning process. Information that is collected during the scanning of applications is sent to the ThreatLocker Cloud using an SSL connection.

The following generic information is collected when the ThreatLocker Client is installed:-

  1. Computer Name

  2. Operating System.

  3. Public IP Address.

  4. The date and time the computer last connected to the ThreatLocker Data Centers.

ThreatLocker Application Control

When using ThreatLocker Application Control, information about executable files may be stored in the ThreatLocker data center. The following information may be collected.

  1. A irreversible hash of any executable files running or stored on the endpoint.

  2. The subject of the certificate that signed executable files running or stored on the endpoint.

  3. A SHA of the certificate that signed executable files running or stored on the endpoint.

  4. The username that executed a file on the endpoint.

  5. The serial number and drive interface (e.g. SATA, USB) of the hard drive the file was executed from.

  6. The full path of the executable files running or stored on the endpoint.

  7. The date and time the file was executed.

All of the above information is collected over a HTTPS session and is secured in a data center using industry best practices. Collection of the above information is not necessary in order to make use of the ThreatLocker Application Control, but is required for file execution auditing.

ThreatLocker Storage Control

When using ThreatLocker Storage Control, information about documents and files that are changed may be transmitted and stored in the ThreatLocker data center.

  1. The username of a user that has accessed or edited a file.

  2. The full path including the filename of any file edited or copied.

  3. The serial number and drive interface (e.g. SATA, USB) of the hard drive the document was copied from or to.

  4. The date and time the file was accessed or edited.

All of the above information is collected over a HTTPS session and is secured in a data center using industry best practices. Collection of the above information is not necessary in order to make use of the ThreatLocker Storage Control, but is required for file change auditing.