Note: This article contains directions for both the ThreatLocker Portal and the ThreatLocker Legacy Portal. If you are using the Legacy Portal, you can find the appropriate directions by scrolling down in the article.
From the Organizations Page, there are dropdown menus called 'Modules' (formerly Product) on the right side of the page, with check box options. When closed they say 'X items checked'. These dropdown menus list all of the available ThreatLocker modules, which can be combined to customize your coverage.
This article will detail what each module entails, why some are occasionally grayed out, and how to change these options for your organization.
Explaining the Module Options Dropdown Menu
ThreatLocker Protect - This is the core protection suite of ThreatLocker for endpoint protection and contains modules selected to best protect endpoints from malware, ransomware, and zero-day exploits. Selecting this module will auto-select Default Deny, Ringfencing, Network Control, and Configuration Manager.
Application Control - Our primary module, which houses Allowlisting, including policy creation. This is the foundation module inside our platform and should always be selected except in very rare circumstances.
Storage Control - Storage Control is an optional module that allows you to customize whether a user can access distinct types of storage, such as USB drives, network shares, and local folders. Additionally, you can configure Storage Control to only allow specific interfaces to access particular file paths.
Elevation - Elevation is an optional module that will allow you to determine which programs and users should have access to run programs as administrators within a defined period of time.
Cyber Hero Management - This optional module sends your application approval requests to the Cyber Hero team for processing on your behalf.
Network Control - The optional Network Control (previously Network Access Control) module allows total control of inbound traffic based on IP addresses, specific keywords, and/or objects to your protected devices between a server and client connection.
Default Deny - This option enables the Default Deny policy for Application Control. While it is optional, deselecting it will cancel the Default Deny and put your organization at greater risk.
Ringfencing™ - Our optional Ringfencing module allows you to specify what an application can or cannot interact with (i.e., other applications, your files, the internet, the registry, etc.).
Co-Managed Direct Support - Child organization administrators will have direct access to ThreatLocker Cyber Hero Support with this option.
Cyber Hero MDR - The CHMDR is an add-on to ThreatLocker® Detect that allows organizations to opt for the ThreatLocker Cyber Heroes to monitor and respond to Indicators of Compromise (IoC). When ThreatLocker® Detect identifies suspicious activity in your environment, the Cyber Hero team will automatically review the alert to determine if there is a true IoC or a false positive. In the event an attacker is on your device, the Cyber Hero will follow the customer's runbook to either isolate or lock down the device and notify the customer. They will be able to identify additional information for the customer, including:
- What the threat was
- How initial access was gained.
- Where the threat originated
- What the threat attempted to do
- How the threat was blocked and mitigated
ThirdWall (Legacy) - This option, exclusively available to MSPs, allows for simplified policy creation to further lock down your endpoints.
ThreatLocker Detect - This option will allow a policy to detect and trigger a response. This allows for notifications of blocked threat actors and automated responses to threats.
Configuration Management - This option will allow for simplified policy creation to further lock down your endpoints.
Application Audit and Storage Audit - These are legacy features and are no longer available to our clients. These options will be continuously gray.
Changing the Module Settings for your Organization
Please be cautious when making changes. If you select a module and are not paying for it, you will be billed for it on your next invoice. Your Account Manager can provide further details about pricing.
To add or remove a module from any part of your organizational structure
- Navigate to the Organizations Page.
- To make changes to an Organization, open the dropdown under Modules (formerly Products) and choose which modules to enable or disable.
Once the changes are made, restart the ThreatLocker Service for those endpoints.
- Click the blue name of the organization with changes.
- If there are Child Organizations, select Show Computers for Child Organizations.
- Select Restart All from the Computers page options menu.
If you have questions about these modules or configuring your platform, please reach out to a Cyber Hero. If you want more information about adding modules and reducing your threat surface, please get in touch with your Account Manager.