Help Center
This article will outline the process of installing MAC computers on the ThreatLocker platform.
If you do not already have one, you will need to create a Computer Group for MACs, as outlined here: KB: MAC Agent Computer Group Creation.
To download the ThreatLocker MAC Agent, go to the ThreatLocker Portal, navigate to the Computers page, and select “Install Computer.”
Select your MAC group from the Computer Group dropdown and click to download the PKG installer.
Launching the PKG File
After downloading the PKG file from ThreatLocker, you will be greeted with an installer.
On all steps, click continue and leave the default configuration to allow “Install for all users of this computer.” Once prompted, enter your credentials.
After installation, if you are running an older MAC Agent Version, you may be asked to enter your Group Key for the corresponding MAC Group that you created. The Group Key can be found in the name of the downloaded PKG Installer. For more assistance finding your Group Key, see MAC Agent Group Key Location | ThreatLocker Help Center (kb.help).
Required Permissions for macOS 15 Sequoia and Above
Important: Please ensure that these permissions are all enabled as failure to do so can result in communication issues between your machine and the ThreatLocker Portal. (i.e. The machine appears in the ThreatLocker Portal, but it is not checking in.)
Once installed, you will get a pop-up to use a new endpoint security extension. Click on “Open System Settings”. If closed accidentally, you can access this via System Settings > General > Login Items & Extensions > Endpoint Security Extensions
After this opens, enter your administrator credentials to enable the ThreatLocker system extension.
Select 'OK' once credentials are added, and ThreatLocker is enabled. Ensure that ThreatLocker is allowed to run in the background:
After this, you will need to go to Privacy & Security > Full Disk Access and enable “ThreatLocker Agent”
Note: Network connections on the machine might be dropped until Full Disk Access is enabled. This is a macOS limitation and has been worked around in MAC 3.1.
You may also have a pop-up to enable Notifications for ThreatLocker. In the pop-up, select “Allow.” If the pop-up disappears or is closed, you can access this via System Settings > Notifications > Toggle on ThreatLocker UIAgent.
You may be prompted to allow ThreatLocker to filter the Network Content. Click ‘Allow’. You can also allow this via System Settings > Network > Filters.
Once all permissions are enabled, your MAC should check into the portal and log policy activity appropriately.
Required Permissions for macOS 14 Sonoma and Below
After installing ThreatLocker, you will get a pop-up that a System Extension was blocked from running. Click on “Open System Settings”. If closed accidentally, you can access this by going to System Settings > Privacy & Security > Scroll down to the bottom and enable ThreatLocker under Security.
Once System Settings is open, click to allow the ThreatLocker system extension.
After this, you will need to go to Privacy & Security > Full Disk Access and enable “ThreatLocker Agent”.
Note: Network connections on the machine might be dropped until Full Disk Access is enabled. This is a macOS limitation and has been worked around in MAC 3.1.
Afterwards, you may receive a pop-up that allows notifications from the ThreatLocker UIAgent. Click to allow notifications. If closed accidentally, you can access this via System Settings > Notifications > Toggle on ThreatLocker UIAgent
You may be prompted to allow ThreatLocker to filter the Network Content. Click ‘Allow’. This can also be allowed via System Settings > Network > Filters
You may also get notifications that allow you to confirm that both ‘ThreatLocker’ and ‘ThreatLocker, Inc.’ are enabled to run in the background.
If they are not automatically enabled, you can manually toggle them on to enable them via System Settings > General > Login Items
Once all permissions are enabled, your MAC should check into the portal and log policy activity appropriately.