Application Allowlisting denies all applications from

running except those that are explicitly allowed. This

means all untrusted software, including but not limited to,
ransomware and other malware will be denied by default.
Finding an Allowlisting solution that fits your business
needs can be challenging. It can also be tough finding a
solution that doesn’t disturb or interfere with users and
doesn’t hinder operations. To help you find an Allowlisting
solution that does exactly as intended, we have compiled
this checklist to make understanding the non-negotiable
features that an Allowlisting solution should have, easier.

What Should You Be Looking For?

Deny by Default Automatically Track Application Updates

An Allowlisting solution should block any unknown Managing application updates with Allowlisting has
files from executing at the kernel level. For instance, previously been viewed as a management burden,
if a threat actor were to exploit a vulnerability such as taking up significant time. Ensure that you are working
EternalBlue or get access to your RMM, that software with a solution that checks for updates, catalogs them,
would need to be blocked at the kernel level, not just and allows the updates to run across your network of
at the user level. If the solution is only blocking at the devices without being blocked. The solution should
user level, it’s not a security tool, it’s a user behavior allow automatic data feeds from users and verify the
tool. source of all updates immediately after release.

Allow by Hash, Not File Name Easy Approval Process

Rather than allowing files to execute based on the file In dynamic environments, organizations and users
name, use an Allowlisting solution that automatically may need to add new applications. Permitting new
blocks files based on unknown hashes. However, applications should be a standardized and seamless
there may be instances that you want or need to allow process so that a blocked file can be requested by
files based on the file name. In this circumstance, a user, evaluated by an admin, and then approved
make sure you combine it with either a certificate or a and allowed to run within 60 seconds. Admins also
process to make it harder for threat actors to replicate. need access to tools to test and verify requested
applications quickly.

Ability to Block DLLs, Scripts, Jar Files

and Other Executables Ability to Run Software in a VDI Before
Approval With a Risk Analysis
Rather than allowing files to execute based on the file
name, use an Allowlisting solution that automatically Rather than allowing files to execute based on the file
blocks files based on unknown hashes. However, name, use an Allowlisting solution that automatically
there may be instances that you want or need to allow blocks files based on unknown hashes. However,
files based on the file name. In this circumstance, there may be instances that you want or need to allow
make sure you combine it with either a certificate or a files based on the file name. In this circumstance,
process to make it harder for threat actors to replicate. make sure you combine it with either a certificate or a
process to make it harder for threat actors to replicate.

2 | THREATLOCKER
Learning Mode Provide A Real-Time Audit
Allowlisting has historically been hard to deploy A real-time audit gives IT administrators micro insights
as creating the allowlist can be time consuming. into what files are executing across their devices
It’s important to ensure you are using a solution and what files are trying to run. IT administrators
that can automatically catalog any existing files can choose to allow or continue denying specific
across your devices and create policies from the files based on the user’s needs. An audit helps IT
information collected. During the learning process, administrators have a clear understanding of what is
the administrator can choose to accept the created running across their users’ devices. Ideally, this would
policies, or fine-tune them. Learning Mode significantly be centrally managed from one location in the cloud.
reduces the time it takes to implement an Allowlisting
solution.

What sets us apart from everyone else?

Allowlisting + Ringfencing™ Simplified & Supported Onboarding

Allowlisting is incredibly powerful, but it will not stop Utilizing a dedicated Solutions Engineer (SE) to
Windows tools or vulnerabilities from being exploited help deploy any solution is vital. It is essential that
to misuse applications. Allowlisting solutions should they assist you throughout the entire deployment
be combined with other security solutions, which will process and have regular check-ins with you beyond
help strengthen and protect your business from the implementation. Our highly trained SE team are well
inside out. Ringfencing™ controls what applications versed in up-and-coming cyber threats. They are
are able to do once they are running. By limiting dedicated to helping you deploy the ThreatLocker®
what software can do, ThreatLocker® can reduce the solution with ease and ensure you always have the
likelihood of an exploit being successful or an attacker tools and resources necessary to help you better
weaponizing legitimate tools such as PowerShell. protect the devices you manage.

Managed Approvals 24/7/365 Support

ThreatLocker® offers the ability to send approval ThreatLocker® Cyber Heroes are U.S. based and
requests to our Cyber Heroes, 24/7/365. We pick up answer your chat or Zoom requests within 60
requests within minutes, run them in our environment, seconds. They will walk you through any custom
view any risks, and then approve or deny based on configuration, without you needing to read through
your requirements. lengthy administrator manuals or KBs.

THE BUYER’S CHECKLIST FOR: ALLOWLISTING | 3

ThreatLocker® is a Zero Trust endpoint protection platform that
improves enterprise-level security with Zero Trust controls, including
Allowlisting, Ringfencing™, Elevation, Storage, Network Control,
Configuration Management, and Operational Alert solutions.

Visit our website to start your journey

with ThreatLocker® today

threatlocker.com

©2023 ThreatLocker, Inc. All Rights Reserved