Application Allowlisting denies all applications from running except those that are explicitly allowed. This means untrusted software, including ransomware and other malware, will be denied by default.
When the agent is first installed, it operates in Learning Mode. During this period all applications and their dependencies that are found or running on the computer are cataloged and policies are created to permit them. After the learning period, the IT administrator can review the list of applications, remove those that are not required, and secure the computer. Once the computer is secured, any application, script, or library that tries to execute that is not trusted will be denied. The user can request new software from the IT administrator, and it can be approved in 60 seconds.See Learning Mode
Application Allowlisting has long been considered the gold standard in protecting businesses from known and unknown malware. Unlike antivirus or traditional EDR, Application Allowlisting puts you in control of what software, scripts, executables, and libraries can run on your endpoints and servers. This approach stops not only malicious software but also stops other unpermitted applications from running. This process greatly minimizes cyber threats and other rogue applications running on your network.
In addition to Allowlisting, ThreatLocker Testing Environment is a powerful tool that allows for risk-assessed approvals that eliminate the guesswork. The Testing Environment enables administrators to quickly verify an application, providing the critical and timely information needed to make the best decision for their organization.See Testing Environment
Deny any application from running on your device that is not a part of the allowlist.
A powerful firewall-like policy engine that allows you to permit, deny or restrict application access at a granular level.
Permit access to applications for a specified amount of time. Automatically block the application after the policy has expired.
ThreatLocker® automatically adds new hashes when application and system updates are released, allowing your applications to update without interference while preventing updates from being blocked.