ThreatLocker Application Allowlisting is an endpoint security solution that operates on a deny-by-default principle, blocking all applications except those explicitly permitted. The solution prevents unauthorized software, malware, and ransomware from executing on devices and servers. The platform includes a Learning Mode that automatically catalogs applications running across the network during initial deployment. After a learning period of typically one week to ten days, the system transitions to enforcement mode where only approved applications can execute. The solution provides granular access controls through firewall-like policies that allow administrators to permit, deny, or restrict application access based on users, groups, time periods, and other parameters. Users can request access to blocked applications through a popup interface, which can be approved by internal IT teams or ThreatLocker's support team. The platform includes automatic hash updates when applications and system updates are released, allowing approved software to update without manual intervention. Administrators can control application access at a granular level, including restrictions by specific users or groups. ThreatLocker offers a Testing Environment feature that enables administrators to evaluate new applications within a virtual desktop infrastructure before approving them for production use. The solution provides visibility into all software running across endpoints and eliminates shadow IT by requiring approval for all application installations.