Company logoHelp Center
Visit www.threatlocker.com

How to Set Up Cyber Hero Management

6 min. readlast update: 09.05.2023
Note: This article contains directions for both the ThreatLocker Portal and the ThreatLocker Legacy Portal. If you are using the Legacy Portal, you can find the appropriate directions by scrolling down in the article. 

Cyber Hero Management allows the ThreatLocker Cyber Heroes to handle requests from your end users and make decisions on your behalf using ThreatLocker judgment and any additional instructions you provide. However, there may be times when a request requires your attention. We will escalate those requests to the administrator(s) that you have selected.  

Note: Cyber Hero Management will not handle Elevation or Storage Control requests, as we cannot validate the storage devices as safe, nor the need to run anything as administrator.

Setting Up Cyber Hero Management on the ThreatLocker Portal

To enable Cyber Hero Management, navigate to the Organizations page. Be sure to enable Cyber Hero Management from the 'Modules' dropdown list by selecting the checkbox next to it.  

undefined

Select the 'Configure Cyber Hero Management' button located next to the 'Modules' dropdown menu. 

undefined

The Update Organization panel will appear on the right side of the screen. 

undefined

In the 'Send Escalation to' box, specify all the administrators that you want to receive escalation notifications. You can select the administrators' email addresses from the dropdown.

Below the escalation contact list is a list of ThreatLocker's default rules that will be applied when processing requests on your behalf. They are as follows:

  • Business Applications Only
  • Computer Level Permits as much as possible
  • Extensions require 4* and a high number of users and reviews (or a well known company e.g. Google)
  • No Games
  • No Network Scanning or MSP Tools (e.g. PuTTY, PSexec, Rufus)
  • No Remote Access tools unless specified
  • Meeting Applications are ok unless otherwise specified

At the bottom, there is a text box where you can input any additional instructions or exceptions you would like to make to the default ThreatLocker rules. If you don't have any additional instructions or exceptions, please enter 'none'.

After completing the desired fields, select 'Update Organization'.

undefined

These settings will need to be configured per Organization. Once specified on the Parent Organization, you can select the 'Use Parent Settings' checkbox for each Child Organization you would like to use the same settings.     

undefined

Allowing the Cyber Heroes to Make Changes on Your Behalf

Using Cyber Hero Management will grant the Cyber Heroes Full Control access to your ThreatLocker account.

undefined

Note: ThreatLocker Cyber Hero Management does not have the capability to put any devices into Learning, Installation, or Monitor Mode. We also cannot, under any circumstances, place devices into a state of Tamper Protection Disabled.

Escalate to MSP

For instances in which the Cyber Heroes are unable to process a request, they will escalate the approval to the administrator you have designated. That administrator will receive an email that will allow the administrator to 'Authorize Cyber Heroes to Permit', 'Review Approval Request', or 'Ignore Approval Request'.  

undefined

Any items that have been escalated will also be visible on the 'Approval Center' pagewith the 'Escalated to MSP'. There is also the option to search for all items that have been Escalated to MSP from the search dropdown box on the Approval Center page.

undefined

Once an item has been escalated, the email the MSP receives is a no-reply email. It will be up to the MSP to action the request. If you need to add additional instructions for the Cyber Heroes to use when processing future requests, please log into the ThreatLocker Portal and edit the instructions.  

Setting Up Cyber Hero Management on the ThreatLocker Legacy Portal

To enable Cyber Hero Management, navigate to the Organizations page. Be sure to enable Cyber Hero Management from the 'Product' dropdown list by selecting the checkbox next to it. 

undefined

Select the 'Configure Cyber Hero Management' button located below the 'Product' dropdown menu.  

undefined

The Organization Settings menu will populate with the Cyber Hero Management tab open. 

undefined

These settings will need to be configured per Organization. Once specified on the Parent Organization, you can select the 'Use Parent Settings' checkbox for each Child Organization you would like to use the same settings.    

In the top box, you need to specify all the administrators that you want to receive escalation notifications. You can select the administrators' email addresses from the dropdown and click 'Add' between each one.  

Below the escalation contact list is a list of ThreatLocker's default rules that will be applied when processing requests on your behalf. They are as follows:

  • Business Applications Only
  • Computer Level Permits as much as possible
  • Extensions require 4* and a high number of users and reviews (or be from a well-known company such as Google)
  • No Games
  • No Existing Matches
  • No Network Scanning or MSP Tools (e.g. PuTTY, PSexec, Rufus)
  • No Remote Access unless specified
  • Meeting Applications are ok unless otherwise specified

At the bottom, there is a text box where you can input any additional instructions or exceptions you would like to make to the default ThreatLocker rules.

undefined

Finally, click the 'Save' button in the top left-hand corner.

undefined

Computer Group Settings

By default, these Cyber Hero Request instructions that are set at the organization will be applied to all computer groups within that organization. These organization-wide settings can be overridden at the computer group level if desired.  

Navigate to the Computer Groups page. Select the edit button next to the group you would like to change these settings on. At the bottom of the edit window, deselect 'Use Organization Settings' and input the instructions you wish to be used for this computer group's Cyber Hero Management Requests. 

undefined

Allowing the Cyber Heroes to Make Changes on Your Behalf

Using Cyber Hero Management will grant the Cyber Heroes Full Control access to your ThreatLocker account.

undefined

Note: ThreatLocker Cyber Hero Management does not have the capability to put any devices into Learning, Installation, or Monitor Mode. We also cannot, under any circumstances, place devices into a state of Tamper Protection Disabled.

Escalate to MSP

For instances in which the Cyber Heroes are unable to process a request, they will escalate the approval to the administrator you have designated. That administrator will receive an email that will link them directly to the request. Any items that have been escalated will also be visible on the 'Approval Center' page, and will be highlighted and marked as 'Escalated from the ThreatLocker Cyber Heroes'. There is also the option to search for all items that have been Escalated to MSP from the search dropdown box on the Approval Center page.

undefined

Once an item has been escalated, the email the MSP receives is a no-reply email. It will be up to the MSP to action the request. If you need to add additional instructions for the Cyber Heroes to use when processing future requests, please log into the ThreatLocker portal and edit the instructions.

Was this article helpful?