View in Browser To make the onboarding process easier, ThreatLocker has developed a Deployment Center page. The Deployment Center lays out the steps that are needed to be taken to successfully deploy and secure the ThreatLocker Agent. Progress along these steps will be tracked and displayed to provide a quick look at what has been done so far and what still needs to be completed. Links to help documents and online courses are included for each step in case you would like some extra guidance.

View in browser Overview If you utilize any form of internet filtering or proxy, you may need to allow the ThreatLocker Agent access to the ThreatLocker Datacenters. Ports We require port 443 for all traffic to ThreatLocker.  We require port 8443 for ThreatLocker Testing Environment/VDI outbound traffic. By Hostname You will need to allow access to: cdn.threatlocker.com (Our cdn is hosted via AWS and utilizes various IP addresses around the world.

ThreatLocker plays nicely with existing antivirus software. We will neither conflict nor interfere with your AV software from running. However, you may need to create exceptions to prevent your antivirus software from blocking ThreatLocker. We recommend you exclude the following files from scanning: Windows Antivirus software exclusions C:\Program Files\ThreatLocker\threatlockerservice.exe C:\Program Files\ThreatLocker\threatlockertray.exe C:\Program Files\ThreatLocker\ThreatLockerConsent.exe C:\Windows\System32\drivers\ThreatLockerDriver.sys C:\ProgramData\HealthTService\Healthservice.exe C:\Program Files\ThreatLocker\ThreatLockerMinHook.x64.dll C:\Program Files\ThreatLocker\ThreatLockerMinHook.x86.dll C:\Program Files\ThreatLocker\6.0AMD64.db C:\Program Files\ThreatLocker\6.0x86.db  C:\Program Files\ThreatLocker\6.1AMD64.db  C:\Program Files\ThreatLocker\6.1x86.db C:\Program Files\ThreatLocker\6.

View in Browser Along with changing the logos that appear in the ThreatLocker popup windows, and the Tray icon, you can also change the App Name that appears at the top of the request popup. Navigate to your Organizations page and select the pencil icon (edit button) next to the organization you want to change the default branding on.  In the edit window, click on the 'Branding' tab.

View in Browser This article will cover the basics of changing the logo of an Organization through the ThreatLocker Portal. Before getting started, there are a couple of pre-requisites. Logo must be a 100x100 pixel image (JPG format). Logo must be in a URL format ( e.g. https://www.mysite.com/logo.jpg). How to Change the Organization Logo in the Threatlocker Portal On the left-hand side of the portal, you will see your navigation tools as usual.

View in Browser This guide will cover how to change your Tray branding icon You can freely change your Tray branding icon in addition to the banner now. We'll include the pre-requisites for the Tray branding below: Must be Agent 6.0 (or newer) 16x16 image format (may automatically compress to formatted size) Image must be web-hosted Has to be a .ico file (cannot be renamed) -- must be converted to true .

View in Browser After you deploy the ThreatLocker agent, it will do its first learning based on what it finds and it will continue learning as your computers are in Learning Mode. By default, your computers will automatically be placed into Learning Mode as defined by their computer group. During this learning period, ThreatLocker is going to attempt to learn your environment and create sufficient Policies so that everything that is permitted and running today can continue to work once you lock down your endpoints.

View in Browser When it comes to local drives, ThreatLocker, will not monitor any activity unless there are explicit policies set in place. Currently, there are policies in place by default to monitor the desktop and documents folders locally as well as UNC paths and external storage. This ensures the best use of system resources. If there is a need to add additional areas you wish to be included when Ringfencing file access, these additional areas can be included by creating explicit monitoring policies for them as outlined below.

View in browser Download the Stub Installers Stub Installers can be located in 3 separate locations: The Computers Page The Computer Groups Page The Deployment Center For more information about downloading stub installers, please see ThreatLocker Stub Installer | ThreatLocker Help Center (kb.help)  Using the Stub Installers The Stub Installer requires internet access to complete. It is the preferred method of deployment as it will always grab the latest stable version of ThreatLocker to install.

ThreatLocker Elevation allows you to elevate a local user's privileges to that of a local administrator for a selected application. If you are using the ThreatLocker Elevation product, it is important to know that it will not be affected by 'Learning Mode'.   When you first deploy ThreatLocker, your computers will default into 'Learning Mode' whereby applications are not blocked by ThreatLocker and ThreatLocker learns the files used by that application.

View in Browser ThreatLocker is an Application Whitelisting tool that is used to protect you from ransomware attacks and stop malicious files from running in your environment.   Requesting a New Application When you try to run a program that is not permitted (not Whitelisted), you will receive a popup informing you that the program is blocked. If this is a program that you don't need for business, and not having this program is not interfering with your work, choose 'Don't show again'.

View in Browser Cyber Hero Management allows the ThreatLocker Cyber Heroes to handle requests from your end users and make decisions on your behalf using ThreatLocker judgment and any additional instructions you provide. However, there may be times when a request requires your attention. We will escalate those requests to the administrator(s) that you have selected. Note: Cyber Hero Management will not handle Elevation or Storage Control requests, as we cannot validate the storage devices as safe, nor the need to run anything as administrator.

View in Browser You should strive to keep your computers in a Secured status as much as possible and only change the status as needed for specific uses, such as installing new software.  Navigate to the Computers Page. You can select the checkbox next to 'Show Computers for Child Organizations' if you want to list all the computers for all of your organizations. At the bottom of the page, you can increase the number of computers displayed per page by changing the page size.

View in browser Overview This article covers the order of policies as they apply to your computers. The first policy that a file matches is the one that is processed and no further policies will be applied to that file.   Application Control Global - (Designed for MSPs) policies under the Global computer group will apply first to the parent organizations and all child organizations. Policies placed at this level will apply FIRST.

View in browser Log into ThreatLocker and navigate to Administrators. Select New Administrator. Input the desired email address and a random password (you will not need to log in with this so we advise a secure password). Check the "Notify on request" checkbox. Once completed, select Save.

Storage control gives you very granular control over who and what can access your important shares. It can allow you to block any or all external storage devices from being able to reach your shares, helping to prevent data loss. Storage control policies are processed from the top down, so any permit policy needs to be located above the deny policy. These policies can easily be reordered by dragging and dropping.

View In Browser ThreatLocker Access gives you control of which ThreatLocker staff can access your account and whether they can view it only or make changes on your behalf. By default, Solutions Engineers will have Full Control access to your account. During your trial, we recommend you keep this set at Full Control so your Solutions Engineers can make changes on your behalf and assist you with the onboarding process.

View in browser Our service is delivered from the Cloud and requires a small agent to run on each computer. After signing up for a free trial of ThreatLocker, you will receive an email with login details for the ThreatLocker Portal.  Accessing the ThreatLocker Portal To access the ThreatLocker portal: Navigate to https://portal.threatlocker.com Log in using your email address and the newly created password. Downloading and Installing ThreatLocker  Navigate to the Computers page using the menu on the left-hand side of the portal.

Important: The ThreatLocker service requires to be run as System. Changing it to a user can cause major problems, including (but not limited to) the ability to turn off Tamper Protection. Deploy the ThreatLocker Agent to your endpoints. Computers will automatically be in Learning Mode so nothing will be blocked while ThreatLocker learns what Applications are running on your computers.    Add suggested Ringfencing policies for Applications you use. In addition to the default Ringfencing policies that are automatically applied at deployment, there are some additional recommended templates available to be added if and where applicable.

Enabling Elevation on Your ThreatLocker Account Before you can leverage the Elevation Control product, you will need to enable it on your ThreatLocker account.  Navigate to the Organizations page.  Find the Organization you want to enable Elevation on and click the dropdown menu under the 'Product' column.  Click the checkbox next to Elevation to enable it.  Elevation Control will be enabled the next time the endpoints check in to the portal.