By /

How to recover from a lockout in ThreatLocker?

This document outlines the step-by-step process of how to recover from a lockout in ThreatLocker.

This article is a part of our ThreatLocker How-to Guides series, Chapter 11 – Maintenance and Troubleshooting.

check our threatlocker licenses price!

Introduction

If an application is blocked and it causes a lockout situation, you can recover by locating the deny event in Unified Audit and approving the application.

Implementation

Step 1: Locate the Denied Event in Unified Audit

  1. Log in to the ThreatLocker Portal.
  2. Navigate to Unified Audit.
  3. Use the filter section to find the application:
  • Date Range – Set a start and end date.
  • Action – Select Any Deny (or “Deny – Option to Request”).

4. Locate the denied event you want to recover from (e.g., PowerShell execution) and click on it.

recover from a lockout in ThreatLocker

Step 2: Approve the Application

  1. In the details window, click Permit Application.
recover from a lockout in ThreatLocker

2. Fill in the approval form:

    • Application Name: Select the target application.
    • Applied To: Select This Computer (or the desired group/organization).
    • Condition: Select Permanent (or set a duration if temporary).
    • Action: Select Permit Application
    • Elevation: Select Do Not Elevate.

    3. Once all fields are configured, click Approve.

    recover from a lockout in ThreatLocker
    contact us for free consultation services!

    Conclusion

    By locating the deny log and approving the application, you can quickly restore access and resolve lockouts without disrupting the rest of your security policies.

    buy threatlocker licenses now!

    Related Posts

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Scroll to Top