Long Arrow Right External Link angle-right Search Send Times Loader chevron-down thumb-up thumb-down Spinner angle-left
Go to ThreatLocker

Search our Knowledge Base

Deploying ThreatLocker to MAC with the Addigy MDM

Updated August 23, 2023

Below, you will find the steps for MAC deployment through Addigy MDM.

Step 1: Create a new smart software to deploy ThreatLocker.

undefined

undefined

undefined

Locate your GroupKey and replace it in the code below.

Script: 

#!/bin/bash

GroupKey="xxxxxxxxxxxxxxxxxxxxx"

#install

if [ ! -d /Applications/Threatlocker.app ]

then

curl --output-dir "/private/var/tmp" -O https://updates.threatlocker.com/repository/mac/2.0/Threatlocker.app.zip

zip -d /private/var/tmp/Threatlocker.app.zip __MACOSX/\*

unzip -qq /private/var/tmp/Threatlocker.app.zip -d /Applications

if [ ! -d /Applications/Threatlocker.app ]

then

echo "Not able to download the file"

exit 1

else

open /Applications/ThreatLocker.app --args -groupKey $GroupKey

echo "Installing Threatlocker"

sleep 15

echo "Verifying Group Key"

sleep 15

if [ ! -d /Library/Application\ Support/Threatlocker ]

then

echo "GroupKey is Invalid"

exit 1

else

echo "Threatlocker Installed"

exit 0

fi

fi

fi

if [ -d /Applications/ThreatLocker.app ]

then

echo "Threatlocker is already installed"

exit 1

fi

Step 2: Make a MDM profile to allow the ThreatLocker System Extension to be installed.

undefined

undefined

undefined
Team Identifier: MSY54GN4KF  

Step 3: Make a MDM profile to allow the ThreatLocker Web Content Filter to be installed. 

undefined

undefined
Bundle Indentifier: com.threatlocker.app
Designated Requirement: anchor apple generic and identifier "com.threatlocker.app" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = MSY54GN4KF)

To allow Full disk access we need to make a PPPC profile. When making this PPPC profile we will need to use the following Identifier and Code Requirement.
Identifier: com.threatlocker.app.agent
Code Requirement: anchor apple generic and identifier "com.threatlocker.app.agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = MSY54GN4KF)

undefined

undefined

To allow Threatlocker Notifications we will need to make a notification profile. Below is the Identifier you will need to use
Identifier: com.threatlocker.app.UIAgent

undefined

undefined

Step 4: Add the Smart Software and the MDM profile to a policy so it can be deployed.

undefined

undefined

Did this answer your question?
Thanks so much for your feedback!
%s of people found this helpful.