Get a FREE Report of the Software Running in Your Environment - Including Risks & Countries of Origin

Learning Mode

Learn how ThreatLocker® can automatically create allowlist policies based on your organization’s needs after deployment.

What Is Learning Mode?

ThreatLocker® Learning Mode simplifies the process of setting up your Zero Trust environment, including your allowlist.

It's typically used to create an initial set of policies, for either a device or a group of devices, to allow software that's running on these devices to continue to run once the environment is secured. By default, the ThreatLocker® agent is deployed in Learning Mode.

ThreatLocker Learning Mode Features

How Does Learning Mode Work?

When a device is in Learning Mode, nothing is blocked or interrupted. The agent logs what is running in the environment, including all executables, libraries, and scripts.

ThreatLocker Learning Mode Audit Logs

What Happens During Learning Mode?

During Learning Mode, the agent logs data to create a set of recommended policies using advanced algorithms. These advanced algorithms permit files by hash and, where appropriate, will use a combination of variables such as path and certificate to give applications the ability to update themselves, even if specific files change.

Illustration of Policy list after ThreatLocker Learning mode

More ThreatLocker® Solutions

ThreatLocker Network Control logo

Network Control

See Solution
ThreatLocker Elevation Control Logo

Elevation Control

See Solution
ThreatLocker Storage Control Logo

Storage Control

See Solution