Learn how ThreatLocker® can automatically create allowlist policies based on your organization’s needs after deployment.
ThreatLocker® Learning Mode simplifies the process of setting up your Zero Trust environment, including your allowlist.
It's typically used to create an initial set of policies, for either a device or a group of devices, to allow software that's running on these devices to continue to run once the environment is secured. By default, the ThreatLocker® agent is deployed in Learning Mode.
During Learning Mode, the agent logs data to create a set of recommended policies using advanced algorithms. These advanced algorithms permit files by hash and, where appropriate, will use a combination of variables such as path and certificate to give applications the ability to update themselves, even if specific files change.