How to ringfence Microsoft Office applications in ThreatLocker?
This document outlines the step-by-step process of how to ringfence Microsoft Office applications in ThreatLocker Dashboard.
This article is a part of our ThreatLocker How-to Guides series, Chapter 06 – Network Control & Ringfencing.
Introduction
Microsoft Office applications like Word, Excel, and PowerPoint are commonly used in nearly every organization, yet they are often targeted by attackers for malicious purposes such as executing scripts, accessing sensitive files, or interacting with other applications.
With ThreatLocker Application Control, you can apply ringfencing rules to limit what Microsoft Office can interact with, preventing unwanted behavior while allowing legitimate use.
This article walks through the steps to ringfence Microsoft Office using ThreatLocker.
Implementation
Step 1: Access the Application Control Module
- Log in to the ThreatLocker Portal.
- Navigate to Modules > Application Control
- Click Create Policy
Step 2: Create the Application Control Policy
- Fill the policy form
- In the Details section
- Name: Ringfence Microsoft Office
- Description: Restrict Office apps from interacting with the system or other apps
- In the Applied To section
- Select the target computer or computer group where this policy will be applied
- In the Condition section
- Select the application: Microsoft Office
- In the Action section
- Select Permit with Ringfencing
- Then activate the following controls:
- Restrict this application from interacting with other applications
- Choose: Allow all except the applications listed below
- Leave the exception list empty unless you want to allow integration with specific apps
- Restrict this application from accessing files
- Add allowed paths, for example: C:\Users\Documents\*
- All other paths will be blocked
- Restrict this application from interacting with other applications
- Restrict this application from changing the registry
- This prevents Office apps from writing to sensitive registry keys
2. After completing all required fields, click Create to save the policy
Step 3: Deploy the policy to ringfence Microsoft Office applications in ThreatLocker
Then click Deploy to enforce the policy across the selected devices
Conclusion
Ringfencing Microsoft Office helps prevent common attack vectors such as macro abuse, unauthorized file access, or lateral movement via scripting.
By using ThreatLocker’s ringfencing features, you gain full control over how Office applications behave, ensuring they operate only within clearly defined boundaries, without interrupting productivity.
This approach supports a Zero Trust strategy by allowing only the minimum required permissions and interactions.