Дякуємо, ми отримали ваше повідомлення і звʼяжемось в найближчий час! :)
What is Allowlisting?
An allowlist, also known as a "whitelist," operates on the principle: if it's not explicitly allowed, it's denied. This is an effective access control method that prevents untrusted software — including malware and ransomware — from running.
Allowlisting is a key component of endpoint security, ensuring that only verified applications operate within your network.
How Allowlisting Works?
After the agent is installed, it catalogs all applications and dependencies to create a baseline allowlist.
The IT administrator reviews and manages the list to enhance security.
From that point on, any file or library not on the allowlist is automatically blocked.
If a user needs new software, they can request it from the IT administrator — and it can be approved in as little as 60 seconds.
Why Allowlisting?
It’s a top-tier security strategy that gives you full control over the applications, scripts, and libraries that run on your devices and servers.
Allowlisting blocks not only malicious software but also any unauthorized applications, making it more effective than traditional antivirus and EDR solutions.
This significantly reduces the risk of cyber threats and fraudulent software impacting your network, helping protect sensitive data.
МОЖЛИВОСТІ ALLOWLISTING
Automatic Denial
Any application not included in the allowlist is automatically blocked from running on your device.
Firewall Policies
A powerful firewall-like policy engine that allows, blocks, or restricts application access.
Temporary Policies
Grants temporary access to applications and automatically blocks them once the policy expires.
Automatic Updates
Automatically adds new hashes when application or system updates are released, preventing updates from being blocked.
FAQ
What Does the Deployment Process Look Like?
The goal of Zero Trust is to allow only what’s necessary and block everything else.ThreatLocker® automatically identifies your environment's needs and builds policies — including applications and their dependencies — in learning mode.
Agent Deployment
The agent does not block anything during initial deployment. It operates in learning mode, cataloging all required applications.
One-Week Learning Phase
Review the policy list, remove or restrict unnecessary software, and secure the environment.
Fail Simulation
Test policies to ensure they won’t disrupt operations before going live.
ThreatLocker® Support
Weekly deployment sessions to review policies, assist with configuration, and guide the protection process.
A typical deployment takes about five sessions from start to full protection.
For more details, refer to the Deployment Guide. посібнику із розгортання.Who decides which applications are allowed — the organization or a pre-approved vendor list?
Specifically, the company’s IT administrator decides which applications are permitted to run.
The ThreatLocker® learning process builds a policy list that can be reviewed and modified before protection is activated across systems.
ThreatLocker® does not allow applications to run based solely on vendor approval.
From a cybersecurity standpoint, the fewer applications that have access to the system, the more secure it is.
Allowing all software from a given vendor contradicts the Zero Trust approach.What Support Is Available?
ThreatLocker® support is available 24/7 through our support portal.
Our Cyber Hero® team is ready to assist you via live chat or Zoom.
We also offer a comprehensive Knowledge Base and ThreatLocker® University, which provides on-demand courses or predefined training programs — including Cyber Hero® certification.
For more information on how ThreatLocker® Application Allowlisting can strengthen your cybersecurity stack, contact our team today.At What Level Does Allowlisting Operate?
ThreatLocker® Allowlisting працює на рівні ядра, що означає, що будь-який запуск програми, незалежно від того, чи ініціює його адміністратор, система чи користувач, буде автоматично заблокований, якщо вона не має дозволу в білому списку.
ThreatLocker® також має дуже строгий захист від змін, який разом з службами на рівні ядра практично унеможливлює втручання в його роботу.How Is the Allowlist Updated?
When using allowlisting, changes to an application (such as during an update) may be blocked if the program is modified.
ThreatLocker® addresses this by maintaining a predefined set of definitions for built-in applications.
If you have a policy that allows a specific application, ThreatLocker® will automatically update that policy when new versions are released.
Our team monitors over 2,000 applications and updates definitions 24/7.
For unknown or custom applications that update automatically, you can create your own rules and definitions using a combination of hashes, file names, parent processes, certificates, and creation processes.
If your IT team is deploying updates, the Installation Mode can be used to track changes made by the installer.How Are New Applications Added to the Allowlist?
Allowing new applications is an extremely simple and fast process.
A blocked file can be requested, reviewed, approved, and allowed to run — all within 60 seconds.
Fill out the form to receive a personalized consultation on testing within your IT infrastructure: