While in Automatic Learning Mode, where does ThreatLocker place learned IP addresses for an application with Ringfencing?

In Automatic Learning Mode, ThreatLocker captures and stores the learned IP addresses associated with applications, and these entries are placed in the Exclusions tab. This design enables administrators to easily manage and review which IP addresses have been allowed or denied based on the learning process. The Exclusions tab serves as a dedicated section for these entries, facilitating the organization and oversight of applications’ ringfenced network permissions. By placing learned IP addresses here, it allows for better control and helps ensure that only necessary IPs are allowed access, aligning with the principle of least privilege.

The Monitoring tab would be used for oversight and tracking activities rather than storing learned addresses, the Log tab serves for recording events rather than for ongoing application configurations, and the Settings tab generally contains configuration options rather than specific runtime data like learned IP addresses. Therefore, the Exclusions tab is the most appropriate location for learned IP entries during the Automatic Learning Mode.