Hermetic Wiper: ThreatLocker Recommended Policy

2 min. readlast update: 03.01.2022


In light of recent events, a new malware strain, Hermetic Wiper, has been identified. It's important to recognize that this malware does not encrypt, but it is destructive malware that corrupts hard drives. The hash files for this malware have been identified by ThreatLocker and made into a Built-In application. 

Devices in a secure state will automatically block this file from executing as it would any other file, without an application and policy.

For convenience, ThreatLocker has also created a suggested policy to help protect devices that are currently not in a secured state.

Note: If managing multiple tenants, ThreatLocker suggests placing this on the highest level (Global) in order to protect all applicable organizations under your parent organization.

The "Suggested Policies" window seen below can be found on the "Policies" page as shown below:



ThreatLocker also suggests moving this policy strictly into a "Secured" state, meaning that it'll override any devices currently in Learning or Monitor mode.


You will need to deploy policies for all Organizations in order for this to take effect.

If deploying on the Global level

  • Navigate to the "Organizations" page on the left side of the Portal
  • Select all Organizations with the checkbox located at the top
  • Click "Deploy Policies" to effectively deploy policies for all selected Organizations

All devices should receive their new policy changes within a few minutes.

Was this article helpful?