ThreatLocker's Impact: Forrester TEI Study


Reduce the chance of a cyberattack by limiting what applications can do, whether it’s interacting with another application, your files, data, or the internet.

Book a Demo

What is Ringfencing™?

Ringfencing™ controls what applications are able to do once they are running. By limiting what software can do, ThreatLocker® can reduce the likelihood of an exploit being successful or an attacker weaponizing legitimate tools such as PowerShell.

Ringfencing™ allows you to control how applications can interact with other applications. For example, while both Microsoft Word and PowerShell may be permitted, Ringfencing™ will stop Microsoft Word from being able to call PowerShell, thus preventing an attempted exploit of a vulnerability such as the Follina vulnerability from being successful.

Why Ringfencing™?

Under normal operations, all applications permitted on an endpoint or server can access all data that the operating user can access. This means if the application is compromised, the attacker can use the application to steal or encrypt files.

Attackers can also use fileless malware which runs in the computer's memory, to evade detection by antivirus or EDR that are focused on detecting changes to files or registry keys. These attacks, often called living off the land attacks, leverage native tools and trusted applications to carry out malicious instructions in the background without ever touching the file system.

How Does Ringfencing™ Work?

When you first deploy Ringfencing™, your device will be aligned with the default ThreatLocker® policies. These policies are then automatically applied to a list of known applications such as Microsoft Office, PowerShell, or Zoom. The aim of the default policies is to provide a baseline level of protection for all endpoints. Each of these policies can easily be manipulated to fit any environment at any time. Our dedicated Cyber Hero Team is always on hand to support any requests, 24/7/365.

Illustration of Ringfecning configuration

Preventing Software Exploitation

Ringfencing™ was able to foil a number of attacks that were not stopped by traditional EDR. The 2020 SolarWinds Orion attack was foiled by Ringfencing™. See how Ringfencing™ allows you to remove file access permissions for applications that do not need access and even remove network or registry permissions.

See How
Illustration of solarwinds interactions being blocked by ThreatLocker


Mitigate Against Fileless Malware Feature Icon

Mitigate Against Fileless Malware

Stop fileless malware by limiting what applications are allowed to do.

Granular Application Policies Feature Icon

Granular Application Policies

Stop applications from interacting with other applications, network resources, registry keys, files, and more.

Limit Application Attacks Feature Icon

Limit Application Attacks

Limit application attacks like application hopping by limiting what applications can access.

Limit Access to Your Files Feature Icon

Limit Access to Your Files

Choose which applications in your environment need to have access to your files.

ThreatLocker Use Cases

Case Studies

More ThreatLocker® Solutions

Take Control of Your Organization's Security

Schedule a demo with our Cyber Hero Team

Book a Demo