Long Arrow Right External Link angle-right Search Send Times Loader chevron-down thumb-up thumb-down Spinner angle-left
Go to ThreatLocker

Deploying ThreatLocker to MAC with the Addigy MDM

Below, you will find the steps for MAC deployment through Addigy MDM.

Step 1: Create a new smart software to deploy ThreatLocker.

undefined

undefined

undefined

Locate your GroupKey and replace it in the code below.

Script: 

#!/bin/bash

GroupKey="xxxxxxxxxxxxxxxxxxxxx"

#install

if [ ! -d /Applications/Threatlocker.app ]

then

curl --output-dir "/private/var/tmp" -O https://updates.threatlocker.com/repository/mac/2.0/Threatlocker.app.zip

zip -d /private/var/tmp/Threatlocker.app.zip __MACOSX/\*

unzip -qq /private/var/tmp/Threatlocker.app.zip -d /Applications

if [ ! -d /Applications/Threatlocker.app ]

then

echo "Not able to download the file"

exit 1

else

open /Applications/ThreatLocker.app --args -groupKey $GroupKey

echo "Installing Threatlocker"

sleep 15

echo "Verifying Group Key"

sleep 15

if [ ! -d /Library/Application\ Support/Threatlocker ]

then

echo "GroupKey is Invalid"

exit 1

else

echo "Threatlocker Installed"

exit 0

fi

fi

fi

if [ -d /Applications/ThreatLocker.app ]

then

echo "Threatlocker is already installed"

exit 1

fi

Step 2: Make a MDM profile to allow the ThreatLocker System Extension to be installed.

undefined

undefined

undefined
Team Identifier: MSY54GN4KF  

Step 3: Make a MDM profile to allow the ThreatLocker Web Content Filter to be installed. 

undefined

undefined
Bundle Indentifier: com.threatlocker.app
Designated Requirement: anchor apple generic and identifier "com.threatlocker.app" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = MSY54GN4KF)

To allow Full disk access we need to make a PPPC profile. When making this PPPC profile we will need to use the following Identifier and Code Requirement.
Identifier: com.threatlocker.app.agent
Code Requirement: anchor apple generic and identifier "com.threatlocker.app.agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = MSY54GN4KF)

undefined

undefined

To allow Threatlocker Notifications we will need to make a notification profile. Below is the Identifier you will need to use
Identifier: com.threatlocker.app.UIAgent

undefined

undefined

Step 4: Add the Smart Software and the MDM profile to a policy so it can be deployed.

undefined

undefined

Did this answer your question?
Thanks so much for your feedback!
%s of people found this helpful.