Question

ThreatLocker doesn't judge what applications are good or bad, it simply learns based on what your environment looks like so you can lock it down. If ThreatLocker is unable to match the applications to built-in definitions, What will it do?

1) Create custom rules to allow those applications to self-update in the future
2) Block the applications from self-updating
3) Delete the applications from your environment
4) Ignore the applications and continue with the existing rules

Answer 1

When ThreatLocker cannot match applications with its built-in definitions, it blocks those applications from self-updating, following a zero-trust approach to ensure security.

Step-by-step explanation:

If ThreatLocker is unable to match applications to its built-in definitions, it would typically block the applications from self-updating. ThreatLocker operates on a zero-trust approach, meaning that only applications and activities that are explicitly allowed or have been identified as trusted are permitted to execute. In this case, if ThreatLocker encounters an application it cannot recognize or doesn't have a definition for, it errs on the side of caution and prevents that application from updating itself until an administrator can review and explicitly allow the activity. This can prevent potential security breaches from unknown or untrusted sources, thus maintaining the integrity of the environment.