Features

Endpoint control built around the review loop.

ShadowLatch helps teams observe real endpoint activity, decide what should be allowed or denied, and move devices into enforcement without guessing at the baseline.

ObserveReviewGenerate PolicyEnforce

Application control

Create allow, deny, and observe policies for executables using real endpoint evidence instead of guesswork.

  • Hash, path, signer, and parent-process context
  • Learning Mode would-block review
  • Generated policies from admin decisions

Network control

Apply endpoint network rules for domains, IPs, ports, and application-aware traffic paths.

  • Domain, IP, and port targeting
  • Application-scoped network decisions
  • Network activity logs for investigation

Learning Mode rollout

See what would be blocked before enforcing so legitimate workflows can be baselined safely.

  • Would-block prompts for admins
  • Baseline creation from real events
  • Controlled transition into Enforcing

Blocked Review workflow

Turn noisy endpoint events into clear admin decisions with Allow and Deny policy creation.

  • Bottom-right /Manage review notifications
  • Scoped policy modal from event details
  • Decision history tied to generated policy

Device management

Enroll devices, review health, assign modes, track versions, and keep installers account-bound.

  • Learning, Enforcing, and Quarantine modes
  • Health and update visibility
  • Authenticated enrollment

Trust and operations

Keep security posture visible without making operators chase hashes, IDs, or scattered logs.

  • Encrypted agent communication
  • Signed Windows releases
  • Audit-friendly policy history

Customer-ready workflow

Review endpoint activity, create scoped policies, and enforce when the baseline makes sense.