By /

How to create a new application policy?

This document demonstrates the process to create a new application policy in ThreatLocker. ThreatLocker is an award winning Zero Trust Endpoint Security solution designed upon Zero Trust Architecture.

How to create a new application policy?

Introduction

What is an Application Policy in ThreatLocker?

An Application Policy in ThreatLocker is a rule that determines whether a specific application is allowed or denied execution on an endpoint or a group of devices. These policies are part of ThreatLockerโ€™s Application Control module, which enforces a Zero Trust security model by blocking any application that is not explicitly permitted.

By defining application policies, administrators gain granular control over what software can run within their environment. This significantly reduces the attack surface and helps prevent unauthorized programs, including ransomware, from executing.

Objective

The objective of this guide is to provide a clear, step-by-step process for creating a new Application Policy in the ThreatLocker Portal. This includes:

  • Accessing the Application Control module.
  • Initiating a new policy.
  • Defining the target devices or groups.
  • Selecting the application to allow or deny.
  • Deploying and verifying the policy.

By following this guide, administrators will be able to efficiently enforce security rules that control application execution across their organization, in line with Zero Trust principles.

contact us for threatlocker deployment and maintenance services

Implementation

This section describes how to create a new Application Policy in the ThreatLocker Portal, using the Application Control module.

Step 1: Access the Application Control Policies

Log in to the ThreatLocker Portal and Go to Module > Application Control > Policies

How to create a new application policy?

This page displays a list of all existing application policies, along with their details such as status, policy action, target application, and creation date.

Step 2: Creating Policy 

Click the New Policy button located at the top of the Policies page to start creating a new application policy.

How to create a new application policy?

Step 3: Configure the Application Policy Details

In this step, we will configure an example Application Policy to block PowerShell on the Windows device DESKTOP-CLIM2BD.

We will complete the policy form using the following values:

Details Section:

  • Policy Name: Block PowerShell
    • Description: (optional): Prevent the use of PowerShell.
    • Policy Active: Enable this toggle
    • Policy order: 
      • Add Policy to Top: Use this if the block action must be enforced before any other rule, such as allowing the same application.
      • Add Policy to Bottom: Use this if the rule should apply after all higher-priority policies.

Note: For critical blocks like PowerShell, it’s recommended to add the policy to the top to avoid any conflict with existing “Allow” rules.

  • Log in the Unified Audit: Enable to monitor any attempt to run PowerShell.

Target Scope Section:

In this section, you define who and where the policy will apply.

There are two levels to configure:

  • Target Devices or Device Groups

     First, select whether this policy applies to:

  • A specific computer (e.g., DESKTOP-CLIM2BD).
  • A device group (e.g., All Workstations).
  • Or to all devices in the organization.
  • Then, choose whether the policy should apply to:
    • All users on the selected device or group
    • A specific user or user group within that device/group
How to create a new application policy?

Condition Section:

In this section, you define when, where, and how the policy should apply.

  • Application Target:
    • Choose whether to apply the policy to a specific application or to all applications.
    • Interface Restriction:

Select the interface from which the application can be executed:

  • All
  • USB
  • DVD
  • UNC path
  • Other external sources (based on organization policy)
  • Policy Time:

Choose when this policy is active:

  • No policy expiration: The policy remains active indefinitely
  • Set policy expiration: Choose a date when the policy will expire
  • Schedule policy: Define recurring timeframes (e.g., only active weekdays, 9AMโ€“5PM)

Actions Section:

Here, you define what the policy should do when it is triggered. Application Target:

Action Type:

  • Permit:
    • Allows the application to run without restrictions.
      • Optional :
        • Assist with programs that require local administrator privileges: Enables elevation for applications that require admin rights.
  • Permit with Ringfencing: 
    • Allows the application to run, but within a restricted environment.
      • Restrict the application from interacting with other applications
      • Restrict the application from accessing files
      • Restrict the application from modifying the Windows registry
      • Restrict the application from accessing the internet
      • Assist with programs that require local administrator privileges (optional)

This option enforces Zero Trust behavior for approved applications.

  • Deny
    • Blocks the application from running entirely.
      • Optional:
  • Kill Running Processes: Terminates the application immediately if it is already running.
  • Additional Options:
    • Inherit Status from Computer: The policy will follow the enforcement mode (e.g., Secured or Monitor Only) configured at the computer level.
    • Secured Mode: The policy is fully enforced. Only explicitly permitted applications will run.
    • Monitor Only Mode: The policy is not enforced. It logs activity only, for monitoring or testing purposes.
  • End User Experience:
    • Show Notification and Allow User to Request: If an application is denied, users will see a message and can optionally request approval.
How to create a new application policy?

Clickโ€ฏCreate to save the policy. Then, click Deploy Policies to immediately push the new policy to the target device(s).

How to create a new application policy?

Step 4: Test if the Policy is Applicable

  • In the ThreatLocker Dashboard (go to Application Control > Policies), filter by the target computer where the policy was applied, and verify that the policy appears in the list of applied policies.
How to create a new application policy?
  • On the client machine, press Windows + R to open the Run dialog, type powershell.exe, and press Enter. This will help you verify whether the policy is correctly enforced.
  • If PowerShell is blocked, a ThreatLocker window will appear, allowing the user to request access to PowerShell.
How to create a new application policy?

Conclusion

Creating and applying Application Policies in the ThreatLocker Portal is a critical step toward implementing a Zero Trust security model within your organization. This guide has provided a structured and practical approach for configuring these policies using the Application Control module, from defining targets and selecting applications, to testing enforcement on client machines.

By thoroughly verifying that policies are correctly deployed and enforced, administrators can ensure that only approved applications are allowed to run. This not only minimizes the risk of malicious software execution, such as ransomware, but also strengthens the overall security posture of the organization.

Proper use of Application Policies empowers IT teams with greater visibility and control, while ensuring consistent policy enforcement across all endpoints.

purchase threatlocker licenses online, instantly!

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top