Company logoHelp Center
Visit www.threatlocker.com

Creating Cyber Hero Approval Instructions for your Organization

11 min. readlast update: 05.28.2025

Table of Contents

Adding Cyber Hero Approval Instructions | Setting Up Cyber Hero Approval Instructions by Computer Group | Tips on What to Include in Your Cyber Hero Approval Instructions | Why Was My Request Escalated?

If Cyber Hero Management is enabled in your organization, ThreatLocker allows you to create Cyber Hero Approval Instructions that appear on approval requests. These Cyber Hero Approval Instructions should specify the rules you want the Cyber Hero Team to abide by while actioning your approval requests. The rules you add here should differ from the default Cyber Hero Approval Instructions, which can be found in the following article: 

Cyber Hero Approval Instructions | ThreatLocker Help Center 

Adding Cyber Hero Approval Instructions

To add Cyber Hero Approval Instructions to your organization, navigate to the 'Organizations' page using the left-hand menu. 

Picture 

From the 'Organizations' page, find the organization for which you want to change the Cyber Hero Approval Instructions and select the speech bubble button to the right of the modules dropdown menu. 

Picture 

Selecting this button will bring you directly to the 'Cyber Hero Management' page within the 'Edit Organization Settings' side panel. 

Picture 

  1. Use this space to enter the email address that will receive escalation emails. 

  1. Use this space to input your Cyber Hero Approval Instructions. 

Select the 'Save' button at the bottom of the page once this is done. 

Picture 

Setting Up Cyber Hero Approval Instructions by Computer Group 

Cyber Hero Approval Instructions can also be set up by computer group. By default, when instructions are input through the Edit Organization Settings page, all computer groups will display the same instructions when an approval request is sent up. To change the Cyber Hero Approval Instructions for a specific computer group, you must first navigate to the ‘Devices’ page using the left-hand menu. 

Picture 

Select the ‘Groups’ tab found in the top right corner of the page. 

Picture 

You can select an existing group or create a new one from the groups page. Within the ‘Edit Computer Group’ page in the ‘General’ tab, navigate to the section titled ‘Cyber Hero Request Instructions’. 

Picture 

The ‘Use Organization Settings’ switch is turned on by default. Turning it off will provide you with a new text field to input the instructions for your computer group. 

Picture 

Select the ‘Save’ button at the bottom of this page once you have completed your changes. 

Picture 

Now, any time a user within that computer group sends an approval request, these instructions will appear instead. 

Tips on What to Include in Your Cyber Hero Approval Instructions 

The instructions you apply to your organization can be seen by the Cyber Hero Team. The Cyber Hero Team will use these instructions as a guide for what can and can't be permitted within your organization. The Cyber Hero Approval Instructions you provide will have a more significant influence on approving or escalating approval requests than the default instructions. Depending on your needs, the following will provide you with information on how to make meaningful approval instructions for the Cyber Hero Team: 

  • Evaluate the default Cyber Hero Approval Instructions and specify if  software can be approved contrary to them.  

    • By default, the Cyber Hero Team will not permit some software, such as games, network scanning tools, and more, UNLESS there is a pre-existing policy for the user requesting it. If software used regularly within your organization falls into a category that the Cyber Hero Team might escalate, you can use the instructions field to specify that it should be permitted. Some examples might be:

      • "Games are allowed" OR "Users on (device name) can have games permitted" 

      • "Network Scanning tools are allowed" OR "We use the following Network Scanning Tools in this organization: (specify your list of allowed Network Scanning Tools)" 

      • "Backup and Recovery Tools are allowed" OR "We use the following Backup and Recovery Tools: (specify your list of allowed Backup and Recovery Tools)" 

      • "We use (name of Remote Access software) for Remote Access" OR "Requests for (name of Remote Access software) are permitted on (device name)" 

  • Specify if you would like policies to be made at the Computer Group or Entire Organization level.  

    • The Cyber Hero Team will set new policies for approval requests to only be permitted on the computer requesting access. This is part of the ThreatLocker default Cyber Hero Approval Instructions and will require specifications within your instructions if you prefer a policy to be permitted at a different level. Some examples might be:  

      • "Create policies at the Computer Group level" OR "Create policies at the Entire Organization level" 

      • "Group policies or entire organization policies only" 

Note: If the application being requested is outlined in the default Cyber Hero Approval Instructions as not being permitted unless a policy already exists in the organization, this guideline might not be honored. This might happen in cases where a user requests software that permits an extraordinary amount of access to other systems (i.e. RMM software, remote access software, etc.), but a policy only exists for that machine. In this case, the Cyber Hero Team would only permit that software for the one user requesting unless specified by other instructions that this is permitted for other users.

  • Indicate if your organization requires the use of a non-typical business application.  

    • Non-typical business applications are applications that might be used heavily in some businesses but would not appear in others, such as medical or construction-specific software. It is also helpful to include what the organization is to provide additional context for other approval requests. Some examples of what to add would be:  

      • "We are a dental office, please permit all Dentrix or dental-related software requests" 

      • "This is a construction company, please permit all Bluebeam requests" 

      • "This is a Law firm, please permit CCTV and video reviewing software requests" 

  • State if applications that would regularly be approved by the Cyber Hero Team should instead be escalated.  

    • If the Cyber Hero Team determines that an application can be used in a business setting and does not pose a risk to your organization, it will be permitted. If there is software you do not want permitted in your organization but would typically be permitted based on the default Cyber Hero Approval Instructions, you can specify to escalate this instead. Examples of this would be:  

      • "Escalate all meeting apps" 

      • "Escalate all browser extensions" 

      • "Escalate all PDF editors except for (name of PDF editor used in your organization)" 

  • If a user in your organization requires special instructions that differ from others, you can list them in your Cyber Hero Approval Instructions.  

    • Some users in your organization might have special permissions or needs that are different from others. You can specify what needs to be done regarding these users in the instructions area. Some examples of special instructions can include the following:  

  • If a computer group in your organization requires special instructions that differ from other computer groups, you can list them in your Cyber Hero Approval Instructions.  

    • Some computer groups in your organization might require special permissions that are different from the other computer groups. You can specify what needs to be done in the instructions area. Some examples of special instructions can include the following:  

      • “Escalate ALL requests from the Servers Group” 

      • “Permit all Network Management Tools for the IT Group” 

      • “Permit all Extensions and Themes for Workstations” 

  • Specify how long an application should be permitted for 

    • By default, applications will be created with permanent policies unless otherwise indicated in your Cyber Hero Approval Instructions. If you have specific applications that you would like permitted into your organization but do not want a permanent policy, they can be indicated in this field. Some examples of this would be:  

      • "Approve all Logmein requests for 24 hours only" 

      • "Only approve Network Scanners for 6 hours" 

      • "All new policies should be made to expire after 1 week." 

  • If your organization generates scripts often, please indicate how you would like the scripts to be processed.

    • Your organization might produce many scripts from specific folders or applications. In such cases, you can indicate where these scripts come from to let the Cyber Hero Team know that this is expected behavior. You can also enter what the Cyber Hero Team should do in this area if an undesired script is requested. The following examples showcase different ways to convey this:  

      • “Any .bat script coming from the (enter folder name here) folder should be permitted using the (name of application) custom app” 

      • “All Python scripts coming out of (enter folder name here) are approved if requested by a user in the Developers Group” 

      • “If a requested .ps1 script came from the downloads folder, please escalate!” 

  • State if there are any time ranges in which approval requests should be processed differently.  

    • Your organization might have different needs based on the time of day or week. This could be due to users in your organization who process approval requests during certain hours, or even the expectation that no one will require an approval request to be processed during off-hours. Some examples of what to put in the instructions if you would like to specify processing requests differently at varying times are:  

      • “Escalate all requests that come in Mon-Fri 8AM-5PM” 

      • “Approve all Non-Malicious applications outside of business hours. We will review on Monday” 

      • “Escalate all requests that come in on the weekend” 

  • If you require Elevation for specific applications, you must specify which applications and the duration of the elevation period.  

    • The Cyber Hero Team requires specificity when it comes to elevation requests. Elevation cannot be granted for a user without this information. An example of what this could look like in the instructions is:  

      • “Please apply elevation to all new Citrix Policies for 2 hours” 

  • If you use 7-Zip or WinRAR within your organization, you must specify that it is needed within your Cyber Hero Approval Instructions.  

    • Due to the potential dangers that 7-Zip and WinRAR can bring to an organization, the Cyber Hero Team will not permit either of these applications unless it is explicitly stated in your Cyber Hero Approval Instructions. An example of this would be:  

      • "Please permit 7-Zip and WinRAR for users in the Workstations group" 

When creating your Cyber Hero Approval Instructions, please be as thorough as possible while adhering to the above suggestions. 

Why Was My Request Escalated?

The Cyber Hero Team reviews approval requests and evaluates them for their usefulness within a business environment and potential for misuse. If your approval request has been escalated, it might be for one of the following reasons: 

  • The request was for a non-business application.  

    • The Cyber Hero Team will evaluate if an application could be used in a business environment, but software such as games or gaming platforms will be escalated. 

  • The request was for software that permits extraordinary access to other systems.  

    • The Cyber Hero Team will not permit software that allows functionality such as remote access, network scanning, and more unless the user requesting access has an existing policy. 

  • The request was for a browser extension with few stars, users, and/or ratings.  

    • The Cyber Hero Team will escalate browser extensions if they do not meet the following qualifications:  

      • Have four or more stars. 

      • Have at least 500 ratings. 

      • Have at least 100,000 users. 

  • The request was for software that had four or more hits in VirusTotal 

    • If a file is run in VirusTotal and four or more security vendors report it as malicious, it will be escalated. 

  • The Cyber Hero Team was unable to test and verify the integrity of a new installation. 

    • On occasion, approval requests will be sent without a file being provided. Sometimes the request might have a file, but it cannot be fully installed within a testing environment. If the Cyber Hero Team cannot verify what the file is or its integrity, the request will be escalated. 

When an approval is escalated, an email will be sent to the email address specified in the 'Cyber Hero Management' section of your 'Edit Organization Settings'. For more information regarding escalations, please refer to the following article: 

How to Set Up Cyber Hero Management | ThreatLocker Help Center 

If you think any of these scenarios might impact your organization's workflow, you can insert Cyber Hero Approval Instructions to permit applications that would normally be escalated. 

Was this article helpful?