What is Application Restriction (Ringfencing™)?

Ringfencing™ controls what applications can do after they launch. It acts as a barrier and an additional security measure that actively prevents software from operating outside its designated boundaries. By restricting application behavior, ThreatLocker® Ringfencing™ reduces the likelihood of successful exploitation or misuse of legitimate tools by attackers, such as PowerShell.
Ringfencing™ allows control over how applications interact with other programs.For example, if both Microsoft Word and PowerShell are allowed, Ringfencing™ prevents Microsoft Word from invoking PowerShell, thereby blocking the successful exploitation of vulnerabilities like Follina.

Why Ringfencing™?

Under normal operation, all applications allowed on an endpoint or server have access to all data accessible by the user running them.
This means that if an application is compromised, an attacker can use it to steal or encrypt files.

Attackers can also use fileless malware, which operates in the computer’s memory to avoid detection by antivirus or EDR solutions.
These systems focus on detecting changes to files or registry keys.
Attacks, often called “living off the land,” leverage built-in tools and trusted applications to execute malicious commands in the background without touching the file system.

How Does Ringfencing™ Work?

During initial deployment, your device is aligned with ThreatLocker® default policies.
These policies are then automatically applied to a list of known applications such as Microsoft Office, PowerShell, or Zoom.

The goal of the default policies is to provide a baseline level of protection for all endpoints.
Each policy can be easily managed to tailor it to any environment at any time.

Our dedicated Cyber Hero® team is always ready to respond to any requests 24/7/365.

Ringfencing™ — Your Valuable Strategy for Strengthening Your Organization’s Digital Security Environment:

Preventing Data Leakage from Software Through Application Containment

Ringfencing™ has successfully prevented numerous attacks that traditional EDR solutions failed to stop.
The 2020 SolarWinds Orion attack was halted using Ringfencing™.

Ringfencing™ allows the removal of file access permissions for applications that do not require it, and can even revoke network or registry permissions.