Endpoint control for teams that need clean enforcement

Control what runs, connects, and gets approved.

ShadowLatch gives IT and security teams a focused way to enforce application, network, USB, and device policy with readable decisions and account controls that stay out of the way.

No hardware required Readable approval flow Billing and users in one portal
Application controlApprove by hash, path, signer, parent, user, and device context.
Network enforcementRestrict destinations by process and policy instead of relying on alerts alone.
Account-readyKeep users, MFA, seats, billing, and downloads in the same console.
Live policy event preview
Unknown launch detected

PowerShell tried to launch an unsigned remote support tool.

Device: ACCT-LAP-17 - User: standard_user - Parent: powershell.exe

Blocked
Processsupporttool.exe from Downloads
TriggerUnsigned binary launched by PowerShell
Rule explanation

Why it matched

The launch was unknown, user-writable, and inherited a blocked parent context.

Review
PolicyStandard users cannot launch unsigned tools from Downloads.
Next stepApprove by hash, path, or publisher only after review.
Enforce before executionStop unknown launches instead of cleaning up after them.
Policy with contextUse process, user, path, parent, device, and network evidence together.
Launch-ready account flowManage seats, billing, MFA, users, and readiness from the customer console.
USB and network controlsKeep removable media and destination rules explicit.
Recovery-minded rolloutEvery change should be reviewable, testable, and reversible.

Approvals with reasoning

Blocked items can move into allow or deny decisions with clear target, scope, duration, and audit context.

Cleaner operator flow

Policy rows explain what they do, where they apply, and when another rule may conflict.

Account controls that matter

Settings keep profile, subscription, MFA, users, IP allowlist, and endpoint notification controls together.

Why teams switch

Strong controls without a heavy daily workflow.

ShadowLatch is built for teams that need real enforcement, fast policy decisions, and a portal that makes security operations feel deliberate instead of cluttered.

01

Stop unknown software before it runs

Block unauthorized launches at the endpoint with policy the operator can understand.

02

Create precise rules with less cleanup

Use scope, priority, conflict hints, and audit prompts to keep policy maintainable.

03

Control apps, USB, and network behavior together

Keep enforcement decisions connected instead of spread across disconnected tools.

04

Operate fast with visible outcomes

Events stay tied to the rule and account state that produced the decision.

How it works

Simple enough to use. Powerful enough to matter.

Step 1

Observe execution context

Capture process, user, parent, path, and device state immediately.

Step 2

Evaluate policy

Check process, parent, user, device, and network context together.

Step 3

Enforce instantly

Block unknown launches, device events, or disallowed network behavior fast.

Step 4

Review and tune

Keep every decision understandable and reusable as policy.

Allow Chrome, block risky launch paths

Stop script-driven launches while preserving normal user access.

if process == "chrome.exe"
and parent.process == "powershell.exe"
then block

Limit accounting software to approved destinations

Restrict outbound behavior to the systems the app actually needs.

if process == "acctsuite.exe"
and destination not_in approved_finance_hosts
then block network access

Block new USB storage until approved

Keep removable media policy explicit and reviewable.

if device.type == "usb-storage"
and device.approved != true
then block mount
Use cases

Different teams. Same need for control.

  • Standardize enforcement across customer environments without unmanaged exception sprawl.
  • Move faster on onboarding with reusable templates and a cleaner operator experience.
  • Explain blocked behavior before every ticket becomes an escalation.

Outcomes

Fewer emergencies.

Less sprawl.

Faster onboarding.

  • Keep endpoint control understandable for admins who already own too many tools.
  • Reduce overhead by keeping application, device, and network policy connected.
  • Make decisions easier to explain to help desk and leadership.

Outcomes

Cleaner rollouts.

Less firefighting.

More policy confidence.

  • Use deny-by-default control to shrink attack surface before execution starts.
  • Pair enforcement with readable evidence analysts can review quickly.
  • Keep usability high enough that operations teams will live with it.

Outcomes

Reduced exposure.

Better investigations.

Fewer compromises.

  • Show that application, device, and network restrictions are enforced consistently.
  • Maintain reviewable audit context without creating an audit-only workflow.
  • Support stronger controls around removable media and approved destinations.

Outcomes

Clearer policy control.

Better evidence.

Less ambiguity.

Comparison

Control without the clutter.

CapabilityShadowLatchThreatLockerTraditional AV / EDRGeneral endpoint platform
Deny-by-default application controlYesYesUsually noInconsistent
Human-readable rule creationDesigned to be clearPowerful but heavierLimitedVaries
Device restrictionsUSB-aware control pathAvailableOften partialNot always central
Network-aware enforcementIntegratedAdjacent controlsDetection-firstFragmented
Product pillars

One platform, six critical control layers.

AC

Application Control

Control what runs with deny-by-default enforcement and practical exception handling.

DC

Device Control

Restrict new USB storage and other device events with approval-aware policy.

NE

Network Enforcement

Apply destination-aware restrictions where application identity alone is not enough.

RB

Role-Based Administration

Separate owner, billing, security admin, analyst, and read-only responsibilities cleanly.

PT

Policy Templates

Give teams a faster start for common app, device, and network controls.

AV

Audit & Visibility

Keep policy outcomes visible enough for review, onboarding, and executive confidence.

Pricing

Six plans built around privacy, visibility, and control.

Choose how much telemetry, enforcement, and ownership you want without forcing every customer into the same data posture.

Entry

Foundation

Lightweight enforcement with no cloud logging by default.

  • Cloud-managed network rules
  • Real-time enforcement
  • Minimal security events
Visibility

Sight

Network visibility plus control for teams that need short retention and search.

  • Network rules
  • Cloud logging for network events
  • Basic search and filtering
Privacy app control

Lock

Application control for privacy-sensitive environments.

  • Application allow and deny rules
  • Local enforcement only
  • SIEM export and local logs
Privacy premium

Stealth

Full control while keeping data in your environment instead of ours.

  • Security events only
  • SIEM export
  • Local logging and short retention buffer
Complete platform

Sentinel

The full security platform tier with visibility, export, retention, and analytics headroom.

  • Full cloud logging
  • SIEM export and local logging
  • Longer retention and analytics path
AnnualMonthly

Start a trial, then move to billing when you are ready.

Use your account email to start checkout. Billing management is available after login.

Resources

Keep evaluators moving.

Product walkthrough

See what gets blocked, why it matched, and how an admin turns evidence into policy.

Deployment checklist

Enroll the first endpoint, confirm account readiness, and verify the first useful controls.

Starter policy set

Begin with practical application, USB, and network controls instead of an empty rules page.

FAQ

Common questions before rollout.

Where do I manage devices, rules, billing, and downloads?

Operational management lives in the ShadowLatch customer console at shadowlatch.com/Manage, while the public site handles marketing and trial entry.

How does billing work?

Trial checkout starts from this site, and ongoing payment methods, invoices, subscription changes, and cancellation handling are designed to stay simple through Stripe-backed customer flows.

What platforms are supported today?

The current production path is centered on Windows endpoints, with the broader customer experience organized to support onboarding, downloads, billing, and account management cleanly.

Take back control of what runs in your environment.

ShadowLatch helps teams stop unauthorized execution, create precise policies quickly, and manage app, network, and device control from one clean platform.

Trust

Built for serious evaluation.