Company logoHelp Center
Visit www.threatlocker.com

Deploying ThreatLocker using SyxSense

4 min. readlast update: 01.11.2024
Note: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as Windows Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to corecdn.threatlocker.com and apps.threatlocker.com

Below, you will find the steps for deploying the ThreatLocker agent through SyxSense. 

The ThreatLocker agent can be deployed using SyxSense.  First, you will need to download the PowerShell script from the ThreatLocker’s Download Installer Window.  Select SyxSense from the ‘Select your deployment method’ drop-down and then select ‘Installation Script’. This window also houses the Unique Identifier for the organization you are currently in.    

Save the below PowerShell script: 

#Deploying ThreatLocker via SyxSense v12.26.23

#Input your variables

$UID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

$OrgName = "Organization Name"

#

#

#No changes are needed below

#

#

$argumentLdst = "Key=$UID Company=$OrgName"

#Checking if Threatlockerserivices are running and if the Threatlockerservice.exe exists.

$serviceName = "ThreatLockerService"

$programFilePath = "c:\program files\threatlocker\ThreatLockerService.exe"

if ((Get-Service $serviceName -ErrorAction SilentlyContinue) -and (Test-Path $programFilePath)) {

exit 0

}

#Script will continue if requirements are met

New-Item -ItemType Directory -Path "C:\temp" -Force

if ([Environment]::Is64BitOperatingSystem) {

Try {

Invoke-WebRequest -Uri "https://api.threatlocker.com/updates/installers/threatlockerstubx64.exe" -OutFile "C:\temp\ThreatLockerStub.exe"

}

Catch {

Start-BitsTransfer -Source "https://api.threatlocker.com/updates/installers/threatlockerstubx64.exe" -Destination "C:\temp\ThreatLockerStub.exe" -Priority High

}

}

else {

Try {

Invoke-WebRequest -Uri "https://api.threatlocker.com/updates/installers/threatlockerstubx86.exe" -OutFile "C:\temp\ThreatLockerStub.exe"

}

Catch {

Start-BitsTransfer -Source "https://api.threatlocker.com/updates/installers/threatlockerstubx86.exe" -Destination "C:\temp\ThreatLockerStub.exe" -Priority High

}

}

Start-Process -FilePath "C:\temp\ThreatLockerStub.exe" -Argumentlist $argumentLdst -Wait

Remove-Item -Path "C:\temp\ThreatLockerStub.exe" -Force

Selection of SyxSense is currently not available. The image below is an example.

undefined

You’ll need to then modify the script slightly, so open the script in a text editor. Under #Input your Variables, you will need to replace XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX with YOUR unique identifier and the Organization Name with the name of the organization you wish to deploy to enclosed in quotations as shown in the figures below: 

Figure 1.a  

undefined

Figure 1.b  

undefined

 

Once you have modified your script as needed, save the PowerShell Script.  

Recommendation: If a task includes deploying to multiple organizations, you will potentially need to have multiple scripts.  Modify each script using the same unique identifier but have a different organization name value for the $OrgName variable.  Save each script as different names to easily identify them in your SyxSense Dashboard.  Ex. ‘ThreatLockerDeploy-OrgNameOne.ps1’ and ‘ThreatLockerDeploy-OrgNameTwo.ps1’ 

Within SyxSense, Select "Tasks" > Click "Software Deploy" > And then select "+Create".

undefined

Next, select the devices you wish to deploy the ThreatLocker agent to.  Click "Next".

undefined

At this point, the software doesn’t exist within SyxSense.  Select "Create New Application".  

undefined

Select "Choose an installer from your device".  Navigate to where the deployment script is kept and upload the package.  Click "Save", and you’ll return to this page, where you will see your selected package.  You then click "Next". 

undefined

Under the ‘View imported information’, no additional data needs to be placed into the empty fields.  Click "Next".  

undefined

There are no advanced options that need to be Configured.  Select "Finish".  

undefined

The newly created Software should now populate the ‘What’ tab. Select the software and then click "Next".  

undefined

This will be an Install action type.  Click "Next".  

undefined

Decide on your 'Start' and 'Repeat' configuration.  Click "Next".  

undefined

Rebooting is not required in order to install the ThreatLocker agent.  You may click "Next".  

undefined

On the ‘Summary’ tab, the list of devices you selected will be displayed as well as the ThreatLocker deployment script as the software you wish to deploy to those devices.  Click "Run Now".  

undefined

Within a few minutes, ThreatLocker should deploy on your machines.  You will begin to see entries in the ThreatLocker Portal while on your 'Computers Page'. 

undefined

Was this article helpful?