All Kinds of
Resources to
Help Your Success


The ThirdWall Resource center is set up to help you find information quickly with downloadable PDF guides, videos, and several other items.  You can review blogs or company news or just see what is in the library.  If you don’t find what you are looking for, just send us a note via our contact page.


There is a ton of software out there that is “nice to have.” ThirdWall™ is not one of those. As a critical plug-in for your Automate Software, it adds an element of protection that absolutely must be there. Without it, you and your clients are far too exposed to the enormous array of cyber threats fighting to get into your systems every day. You know that they are out there, you cannot ignore them. Third Wall has a broad array of features to block those threats, dramatically reducing your exposure and vulnerability.

What is the ThirdWall™?


The First Wall is your firewall. We often take this for granted anymore, but you know how critical this wall is. Make sure it is working – and monitored by Automate, of course.


The Second Wall is your antivirus / antimalware. Hackers and sophisticated agents are working round the clock to infect your computers. A top-shelf antivirus / antimalware suite is a fundamental requirement of CyberSecurity. Use Automate to make sure yours are always installed, running, and current.

Lockdown Operational CyberSecurity is the ThirdWall!

We know you have two powerful and necessary “walls” against cyberthreats: your firewall and your antivirus / antimalware. But that is not enough. Without the Third Wall™ enforcing Operational CyberSecurity, you still are extremely vulnerable. There are gaps in your security, and the statistics today tell that story plainly. You must enforce policy; you must slam shut unused, vulnerable protocols; you must rapidly react to security breaches. For this, we have created Third Wall™ – to give you the next set of tools to manage your environment to a much more CyberSecure space. Without it, threats can – and will – walk right in as if there were a missing wall in your fortress. Add the ThirdWall plugin to your Automate™ Software today!

Need help on how to use Third Wall?  Click HERE

Need documentation on Third Wall?  Click HERE

Need help on how to install Third Wall?  Click HERE

Need help on how to decide how to use Third Wall?  Click HERE

Need to update your credit card?  Click HERE

And don’t forget our FAQ!

Third Wall™ FAQ

If I am in a trial of Third Wall™ and decide to purchase, will I be billed for the remainder of my trial period?

No, we will give you the full trial free of charge, regardless of when you decide to purchase, and will only start billing once that trial period has ended. You do not need to wait until the end of the trial period to purchase – we will keep track of that for you!

Is Third Wall™ difficult to use?

No, Third Wall™ is very easy to use, right from your Automate® Control Center. As a plug-in, it will work seamlessly within your ConnectWise Automate® environment. However, Third Wall™ is a very powerful tool, and we strongly recommend that any user be very proficient at Automate operation and with Windows® itself. Like any powerful tool, improper use by an unqualified person can be dangerous. We also strongly recommend that you test Third Wall™ functionality within a test environment prior to full deployment, so that you fully understand what it can do for you and how to properly use it.

Will Third Wall™ work on virtual machines?

Yes, as long as they are running on a supported Windows version and are being managed by Automate.

Will Third Wall™ work on a cloud version of Automate?

Yes, Third Wall™ will work on either a cloud version or an on-premise version of Automate.

Can I add more computers to Third Wall™ protection?

Yes, simply by activating any Third Wall™ function within a Automate location, you will add all of those computers to Third Wall™ protection. We will automatically detect that via our license server; you will not need to notify us of your action.

Will Third Wall™ work with RMM solutions other than Automate?

No, it is specifically designed for Automate as a direct plug-in, and extends the functionality of Automate in critical ways.

Will Third Wall™ work on my Mac or Linux computers?

No, Third Wall™ only works on Windows-based machines running Windows 7 or later versions (PCs, laptops and tablets) or Windows Server 2008 or later (servers).

Will Third Wall™ charge for all of my Automate Agents?

No, Third Wall™ only charges you for the Automate Locations where you are actively using Third Wall™ protection. Until you actually use a function on any given Location, you will never be charged for it. Once you do use Third Wall™ functionality on any given Location, you will be charged for the number of Windows endpoints within that Location.

What is the pricing for Third Wall™?

There is a monthly minimum per Third Wall™ client, see our pricing page for details. If your per-computer-protected charges exceed this number, then that charge will increase appropriately.

Can I cancel my Third Wall™ subscription at any time?

Yes, you can cancel by sending an email to requesting cancellation. This requires 30 days’ notice to remove from billing.

How does Third Wall™ calculate my number of active endpoints for billing purposes in a month?

Third Wall™ software has a built-in counter to determine, within a given month, the maximum number of Windows endpoints your operation has under Third Wall™ protection. This is counted by Automate Location – once you use Third Wall™ protection within a given Location, that entire Location is counted until cancelled. We only charge you for the actual number of Windows endpoints within an active Third Wall™ protected Location.

What happens to my license if I deactivate all of the policies for Third Wall™ within a given Location?

Since you still have powerful Third Wall™ protection within that Automate Location available to you, including the extremely powerful “Isolate,” “Lockdown” and “Annihilate” buttons, should you ever need them, we continue billing you for any activated Location even if you are no longer using any policies.  If you would like to fully deactivate a Location and remove it from billing, please send an email identifying which Location(s) you wish to remove to, and we will remove it from your charges for the following month.

Will Third Wall™ work with my antivirus package?

Most likely.  We have structured Third Wall to ensure it will not conflict with antivirus systems. However, we still recommend that you make sure your antivirus has exceptions made for Automate, per their normal instructions.

Will Third Wall™ work with Group Policy?

Yes.  But it is possible to set conflicting policies on Third Wall™ versus Group Policy.  If that happens, then you will see them changing values on your endpoints at the cycle time of their respective monitors – Third Wall™ will alert you via Automate tickets every time this happens, so watch for repetitive changes as an indicator of this conflict.  You should rectify the conflict, by either changing Group Policy or Third Wall™, to ensure that you have consistent policies in both. 

Can I pay via check or PayPal?

No, we only accept credit cards or debit cards with automatic payments set up.  If you would like to pay annually, please contact us at

How do I update my credit card?

Just go to our Update Credit Card page.

What happens to all of my Third Wall™ settings should I cancel?

Once you cancel, we will help you return all settings on all computers where Third Wall™ made a change back to Windows® default.

How can I reach tech support for Third Wall™?

We currently support Third Wall™ via email tech support. Send your email to

Will you add additional features to Third Wall™? Do you take input for added features?

Yes, we plan to add new features every few months. And we welcome your input on new features – please send your requests to  We want to make your environment as safe as possible!

Video Descriptions

A quick overview of ThirdWall – see what it can do for you!

Third Webinar – a recorded version of our live webinar

Third Wall V2 – Full training for Third Wall

Third Wall V2 – How to use our powerful plugin

Third Wall V2 – How to get access to Protected Functions – Third Wall Admin permission

How to use the Third Wall Profile function

USB Wall on Third Wall V2.2 or higher

Third Wall Blogs and News

Third Wall™ for LabTech® – Operational Considerations to Enhance Endpoint Security

Dr. Kenneth Knapp, CEO, Cyber Secure Advising

CISSP, Certified Ethical Hacker

April 2016

Although most companies these days have good firewalls and strong antivirus, the area of cybersecurity at the endpoint has become the battlefield of choice for malware and hackers. End users are, innocently or not, clicking on unsafe links and opening dangerous attachments. Employees are stealing data. And even IT professionals are leaving open protocols and services that are vulnerable – and often not even being used. The concepts of “least privilege” and “least access” are becoming ever more critical – and Third Wall is helping to address that with a technology-assisted approach.

Least Privilege and Third Wall - White Paper - Knapp

Applying Least Privilege to Achieve Endpoint Security

This paper describes why a product like Third Wall™ for LabTech® is a critical element of an organization’s cybersecurity strategy. Third Wall significantly increases endpoint security in Windows-based environments by implementing the principle of least privilege. This strategy not only enhances endpoint security at the point of attack for malicious hackers today, but Third Wall also promotes good risk management and regulatory compliance. This paper outlines five key ways that Third Wall implements least privilege at the endpoint. It also provides a summary on how Third Wall can help with the compliance of specific standards

Least Privilege and Third Wall - White Paper - Knapp

Operational Considerations to Enhance Endpoint Security

This paper discusses several key vulnerabilities that are addressed by Third Wall™, and how you should view them in your environment. If possible, you should address these vulnerabilities, whether through Third Wall™ or through other means. Implementing Third Wall™ Policies significantly strengthens Operational Cybersecurity across an organization.

Third Wall Policy Screen – apply protection across one or more Locations

Third Wall Exception Screen – allow a computer to be excluded from a Policy

Third Wall Audit Report – prove how long a Policy has been protecting ALL computers in a Location – for HIPAA, PCI, SOC, NIST, FINRA audits and more

Third Wall Logon Dataview – answer your client immediately when they ask “who was on a computer after hours last night?”

USB Wall Registration Screen – manage which Data Sticks will work wherever you have USB Wall enabled

Use these documents to Onboard your clients

  • What is the best starting point?  Assume ALL policies will be enabled for a client, and then work backward from there, eliminating those that won’t work for a given client.
  • Read our BLOG on the 17 “no-brainer” policies we think you should deploy to every computer you manage.
  • You’re the instant expert on Operational Cybersecurity.
  • Choose which Third Wall policies work for each client.

Download our policy Matrix

Our policy matrix will help you understand how best to deploy Third Wall policies by showing you which ones end users will notice, and how each policy will help you.

How to get started with Third Wall – with “no-brainers” that will likely get no pushback from end users (depending upon your environment)
ThirdWall™ V2 Onboarding Document – use this to interview your clients to determine which policies are best for each
ThirdWall™ V2 Onboarding Checklist – record your interview answers using this document

ThirdWall Extras

Brochures and Print Material

ThirdWall™ V2 Brochure
ThirdWall™ MSP Sheet
ThirdWall™ End User Document

Third Wall V2 Operational Instructions

USB Wall Instructions

How to complete an Update of Third Wall:

  • Please follow the instructions on our
    KB Article
      Ensure you follow ALL of the steps to complete your update properly.

Third Wall v2.5.3.0 is here

Please update now

Our latest release of Third Wall is here – and we strongly recommend you install it today.  Please be sure to follow ALL of the instructions in this link, including the “Reload IIS” step if you are running Automate 21 Patch 2 through 5.

This release adds 4 new policies that we’re very excited about (and think you will be, too!).  It also adds more underlying improvements to USB Wall, report generation, UNDO ALL, and ransomware detection.

Here are highlights of what we included:

  • Added the new policy Third Wall Administrator Password Solution (TWAPS) as an option for protecting your built-in Local Administrator Account.  Third Wall now enables you to assign a random unique complex password for each computer’s built-in Local Administrator Account of a length of your choice, and automatically change it after a time period you define.
  • Added USB Watch, a new policy that enables you to capture key information whenever a file is written to a USB storage device.  This is exactly the same data that you can capture for registered devices using USB Wall – but without the restrictions!  You have a Dataview showing the filename, User, computer and date/time of every file written to any USB device over the last 60 days.
  • Added a new policy to Clear the Windows Pagefile on Reboot.  This file is used as virtual memory by Windows, and could potentially contain passwords or other sensitive information.  Clearing it on reboot ensures that information is no longer available.
  • Added a new policy to Enable Windows Registry Backup.  Microsoft has discontinued this as a default setting, to reduce the footprint of the OS, but you may want to continue backing it up for security purposes.
  • Updated our Monitor for Ransomware Monitor policy to apply file attributes that prevent false positives caused by OneDrive syncs.
  • On the Monitor for Ransomware Attacks policy, we now include a new, non-optional trigger: Alert on Rename.  Previously, only file changes or (optionally) deletions would trigger the monitor.  Now the Rename event will also cause this monitor to trigger.  This update applies this change immediately.
  • Improved our UNDO ALL function (when selected at a Location, or using Except All on a computer, or when applied globally on the Integrations screen) to work more consistently.
  • Added 3 new Utilities on our Integrations page:  Get Server Logs; Close or Delete All Third Wall Version Tickets; and Clear Failed Logons (from our Logon Values table).
  • Updated USB Wall for consistency, and modified data capture for User login data to improve performance.

Installation Instructions

To install the new update, follow the instructions posted here:

Please be sure to follow ALL of the instructions, including the Reload IIS step.


Remember to go to the Third Wall Integration screen, select the Encryption page, and enable FIPS encryption.  This is required for TWAPS and USB Wall to work properly, and to ensure your server can communicate consistently with our license server.

Also, we get lots of questions about the Restrict Local Admin Tools policy.  It has a number of nuances, so you can learn more about it with this KB:  Understanding Restrict Local Admin Tools Exceptions : Third Wall

We’ll keep bringing you more power and features, so you keep on using Third Wall to secure your environment!

Your Third Wall team

Third Wall CRITICAL Release v2.5.2.6 is out!

This is a**REQUIRED** release, as it fixes key issues created by ConnectWise with their Automate 2101.1 release.  Please ensure you complete this update as soon as possible.

  • We completely rewrote the USB Wall function to improve reliability.  Also, you can now register USB hard drives, not just USB sticks.  You can also designate the USB Wall restrictions to apply to Workstations only.
  • We upgraded our data capture for logon events, and improved our logic for ensuring we properly show all logon events on the report itself.
  • We upgraded our encryption to FIPS, which is now an option you can select on the Integration screen.  This will impact USB Wall and Admin Password storage.  PREVIEW:  this is an important precursor for our next release, which will include our BAPS feature – “Built-in Administrator Password Solution,” which will be similar to Microsoft LAPS.
  • In our failsafe monitor to prevent huge numbers of logon events cluttering up your Dataview, we self-except a computer generating too many logon failures in a period of time.  For this function, our Logon Dataview will now show the failed logons causing this self-exception, so you can more easily track down the culprit.
  • We added a “Use Static Path Only” option on our “Monitor for Ransomware Attacks” policy.  Use this if you prefer to not have Third Wall deploy/monitor bait files to User documents folders, but only to the static path you enter on the Third Wall integration screen in Automate.  IMPORTANT NOTE:  we strongly recommend you use the Static Path on the Third Wall Integration screen to add additional bait files not associated with Users.  This is critical for protection of servers from ransomware.
  • Our “Alert on Excessive Logon Failures” policy, when issuing a ticket, will now provide the domain name, user name and time of logon failure.
  • We added the ability to specify a socket exception for our Isolate feature, so you can include other connections to stay up, as desired.  See our online Operational Instructions for details on how to do this.  You can also now instruct an endpoint to ignore the Isolate command.
  • We added a secondary method to assign an antivirus executable, as some do not integrate fully with Automate and thus we were not able to launch them for the appropriate policies.   See our online Operational Instructions for details on how to do this.
  • On our Utilities page, we’ve added ticket management checkboxes for our “Alert on Excessive Logon Failures” policy and our “Monitor Event Log Clearing” policy, addressing a known bug in Automate that was causing these tickets to change characteristics.
  • We updated the Enforce Password Protected Screensaver policy to work on the new 20H2 Windows 10 release.
  • The Third Wall Computer screen will now show active temporary exceptions to policies, even if you refresh the screen.

Third Wall Release v2.5.1.2 is here!

Our latest release of Third Wall is here – and we strongly recommend you install it today (see installation instructions at the end of this mail).  Much of this release focuses on key improvements to existing functions and important fixes for some features that were recently disrupted by Automate patches and Windows updates.

Here are highlights of what we included:

  • ISOLATE feature
    • Changed validation method to work under Automate Patch7.  NOTE: if you don’t update Third Wall, your Isolate function may not work!
    • Added feature to enable you to customize popup message (to include your Logo) to end-user for Isolate and for Restore Network.
  • User Logon Report
    • Improved accuracy with the new get/send method.
    • Improved performance to mitigate timeout issues due to changes in Automate processing.
    • Updated the report format.
  • ANNIHILATE feature
    • Fixed a bug that could cause Annihilate to not complete.
  • Lockout
    • Added a method to clear the local cache of passwords when you send Lockout command.
  • Disable EXE Running from %AppData%
    • Improved performance of adding to Client-level whitelist.
    • Added AppData Scan on the Third Wall Computer screen, to enable you to scan a single machine and select additional EXE files for whitelisting; easier and quicker than doing scan across entire Client.
  • Third Wall Enabled Policy Dataview
    • Modified to show Computer Exceptions to Policies, and to show Licensing information.
  • Secure Free Space Delete
    • Added checkbox to allow “Run only at this time,” which will constrain the process to run within 15 minutes of a set time.  Skipped runs will execute on the next day, regardless of the assigned interval.
  • Third Wall messaging
    • Out of Version alerts can now be assigned to a specific Alert Template.

Installation Instructions

To install the new update if you are running Automate 2019 or later and Third Wall or later, simply go to any Automate > Location > Third Wall screen and click the Update Available button (this will take you to the Automate Solutions Center).  If you are running earlier versions, just go to the Automate Solutions Center and update.  We do recommend you run it off-hours – since it will deploy an updated agent to all of your managed computers.

If you have already updated to Automate 2020, here’s how to install until ConnectWise gets this latest version on the Solutions Center:

  • Right-click and UNBLOCK the files (if currently blocked)
  • From Automate, open the Plugin Manager.  From here, we will update two plugins: theThird Wall Remoteplugin and the Third Wall Server plugin.
    • Start by selecting the Third Wall Server on the Plugin Manager.  This will highlight the Third Wall Server plugin on the interface.  Then use the ‘Advanced’ button on the top-right to select: Manage Plugins -> Update Plugin.  This will call a file dialogue window.  Use it to select the newly downloaded ThirdWallServer.dll file.
    • Upon updating the ThirdWallServer.dll file, you will be prompted to restart the Automate database agent.  Click ‘No’ to this prompt.
    • Now do the same for ThirdWall.dll.  Select the Third Wall Remote option on the Plugin Manager and click to Update Plugins.  When
      prompted for a file path, select the newly downloaded ThirdWall.dll file.
    • This will again prompt Automate to request restarting the Automate database agent.  Again, choose ‘No’ to this prompt.
    • Both plugins are now displaying version ‘’.  Confirm this and then use the ‘Advanced’ button on the top right to: Reload Plugins -> Update Remote Agent Plugins.
  • Restart your Control Center and any others running when the update occurred.

V2.5.0.2 Release Notes

  • Big improvements to Monitor for Ransomware Attacks
    • Fully supports redirected path to \Documents.  Lots of you have been waiting for this one, it’s here!
    • You can specify a subfolder for the bait files, instead of the root of the \Documents folder.
    • You can now also specify a custom filename for bait files.
    • You can create additional bait files in a custom (static) path that you specify – perfect for protecting servers!
    • We added a double-check to reduce false alarms.
  • More major improvements to Disable EXE from %AppData% (essential for protection from ransomware!)
    • Added new options to policy to block %LocalAppData%; to block all 30 executable types; and to generate a ticket on file block.
    • Created new Client Screen to auto-scan your remote AppData environments for executable files across ALL computers within a given Client, and then easily whitelist those you wish to not block in that Client.
  • Monitor Event Log ClearingAdded option to only alert on the three primary logs, minimizing false alarms.
    • Detection tickets will describe who cleared what, when.
  • Alert on Excessive Logon Failures
    • The alert ticket now includes the failed logon usernames.
  • USB Wall
    • Added “Assigned to” value to the Dataview.
    • Added support for BitLocked USB keys.
  • Isolate Button
    • On the Integration screen, you can specify an “Auto Restore” time, which automatically reconnects the computer to the network if the connection to Automate is broken.

V2.2.2.2 Release Notes

  • Security Patch – important update to close a potential vulnerability.
  • We reduced the size of our remote agent by 70%, so it will have a much smaller footprint and will have much lower impact on your Automate server during update deployment.
  • In anticipation of our next release, which will include Redirected Folders as part of our Monitor for Ransomware Attacks policy, we have made a change in architecture to allow the smooth introduction of this critical upcoming feature.
  • Improved the efficiency of our capture of User Logon data.
  • Installed a version monitor to prevent mismatches between your Automate Control center(s) and your Automate Server.
  • In the “Shutdown” option for our Monitor for Ransomware Attacks and our Alert on Excessive Logon Failures policies, we added Isolate to the actions taken.
  • Added “Computer Name” to tickets generated by the self-exception rule and the Monitor for Ransomware Attacks policy.
  • For the Alert on Unencrypted Disk policy, added a condition that will trigger a ticket:  if “Protection Off” is seen in the Bitlocker discovery, you will get a ticket.

V2.2.2.0 Release Notes

  • Updated the User Logon Report in the Report Center to correct an error.  If you use this report, please update to v2.2.2.0 now.
  • Improved the “Alert on Excessive Logon Failures” policy to even better capture and stop brute force logon attempts.
  • Improved the utiliity of tickets generated by the “Monitor for Ransomware Attacks” policy.
  • Added an important contingency on the Isolate reversal function. to better handle certain environments.
  • Improved performance of logon data capture on the Automate server.
  • Several important internal improvements for the plugin itself, to enhance performance and utility.

V2.2.1.9 Release Notes

  • We’ve added both of our Reports (the User Logon Report and the Client Audit Report) to the new Automate Report Center.  You no longer need to go to the Legacy section to run Third Wall reports; you can just right-click the target client and run your report from there..  We will still maintain them in Legacy for a while longer, to ensure everyone has time to migrate.  To get the new reports, you must be on v2.0.1200 or better of the Reports.
  • Changed ticketing for both Alert on Excessive Logon Failures policy and the Alert on Event Log Clearing policy.  They will no longer “auto-close” after 5 minutes; they will remain open until you address them and close them manually.  These both need your attention, and thus we do not wish to auto-close them any longer.  Additionally, if subsequent tickets for a particular situation continue to come in before the original ticket is closed, they are added into the original ticket.
  • Updated our logic behind the Emergency Action buttons to avoid duplicate situations.
  • Added checkbox to allow Type 3 (network) Logon failures in our Logon Monitoring function.
  • Removed Logon failures from the User Logon Report; you can still see those in the Dataview.  We also added the specific decription of the Logon failure.event.
  • The Monitor for Event Log Clearing policy will now ignore certain Dell events that were causing false positives.
  • Removed WMI from being used for the Alert on Excessive Logon Failures policy, substituting a more reliable method.

V2.2.1.8 Release Notes

Here are the key improvements and fixes you’ll benefit from:

  • Added an Assigned Alert Category selector to help ConnectWise Manage users better manage alerts / tickets.
  • Added an Assigned Alert Template selector to the Monitor for Ransomware Attacks policy, to allow you to improve notification of a ransomware attack.
  • Added a capability for you to change Third Wall permissions to “read only,” allowing you to restrict access to most Third Wall command functions for individual technicians on your staff.
  • Fixed a condition that could product excessive tickets for ransomware alerts.
  • Added a horizontal scroll bar to the AppData whitelist screen.

Improvements and fixes to social media policies, USB policies, Screensaver policy, Windows Store policy and Unencrypted Disk monitoring, plus improvements to the UNDO function.

Click HERE for a “how to use” video on V2

How-To: Install Third Wall V2

Installing Third Wall v2

Installing Third Wall is simple – just follow the instructions on this link: We’ll deploy the agents for you, so it only takes a couple of minutes to get started protecting your environment.

Contact tech support ( if you need assistance.  And if you haven’t yet, sign up for our free webinar and learn how to use Third Wall quickly.  Thanks!

Update your Credit Card on file

To update your credit card, you’ll need to have your Subscription ID / Serial Key from Third Wall. You can find it on any Automate > Location > Third Wall screen by clicking the information (“i”) icon on the bottom left. Copy and paste it into below form, enter your new information (all fields are REQUIRED) and you’re all set.

Go to Top