Help CenterNote: This article contains directions for enabling and disabling modules. This ability is being deprecated beginning in March 2026. Once a new contract is entered into, the 'Modules' dropdown will become a 'Packages' dropdown where you can select to apply any of your purchased packages to listed organizations. The ability to disable purchased features will be coming soon to the Advanced Settings page.
On the Organizations page, there is a column labeled 'Modules'. This column contains a dropdown list of all modules available to ThreatLocker customers. All modules that are included in your current quote are grouped under the heading 'Included' (For information on what modules are included in specific bundles, scroll to the bottom of the page). These modules can be enabled and disabled without any changes to billing. Any modules that are not currently included in the quote will be grouped under the heading 'Not Included'. These modules can also be enabled and disabled, but can result in additional charges. Please reach out to your Account Manager for assistance.
This article will detail what each module entails, why some are occasionally grayed out, and how to change these options for your organization.
Explaining the Module Options Dropdown Menu
ThreatLocker Protect - This is the core protection suite of ThreatLocker for endpoint protection and contains modules selected to best protect endpoints from malware, ransomware, and zero-day exploits. Selecting this module will auto-select Allowlisting, Ringfencing, Network Control, and Configuration Manager.
Allowlisting - Our primary module, which houses Allowlisting, including policy creation. This is the foundation module inside our platform and should always be selected except in very rare circumstances.
Cloud Control - Cloud Control allows you to create Named Locations in the ThreatLocker Portal that can be used in Conditional Access policies in Microsoft 365 to protect login sessions to 365 from ThreatLocker- protected devices against token theft.
Cloud Detect - Cloud Detect allows you to create policies to detect, alert, and respond to unwanted or suspicious activity in Microsoft 365.
Configuration Manager - Configuration Manager provides access to create and enforce GPO- type policies from the ThreatLocker Portal.
Cyber Hero Approvals - This optional module sends your application approval requests to the Cyber Hero team for processing on your behalf.
Cyber Hero MDR -Cyber Hero Managed Detection and Response is an add-on to ThreatLocker® Detect that allows organizations to opt for the ThreatLocker Cyber Heroes to monitor and respond to Indicators of Compromise (IoC). When ThreatLocker® Detect identifies suspicious activity in your environment, the Cyber Hero team will automatically review the alert to determine if there is a true IoC or a false positive. In the event an attacker is on your device, the Cyber Hero will follow the customer's runbook to either isolate or lock down the device and notify the customer. They will be able to identify additional information for the customer, including:
- What the threat was
- How initial access was gained.
- Where the threat originated
- What the threat attempted to do
- How the threat was blocked and mitigated
Direct Support - Child organization administrators will have direct access to ThreatLocker Cyber Hero Support with this option.
Elevation - Elevation is an optional module that will allow you to determine which programs and users should have access to run programs as administrators within a defined period of time.
Endpoint Detect - Endpoint Detect allows you to create policies to detect and respond to activities on the endpoint based on specified conditions. Admins can receive notifications of potential suspicious behavior, and ThreatLocker can take automatic actions based on your policy settings.
Network Control - The optional Network Control (previously Network Access Control) module allows total control of inbound traffic based on IP addresses, specific keywords, and/or objects to your protected devices between a server and client connection.
Patch Management - Patch Management allows you to create policies to automatically patch applications that have been flagged as out of date by ThreatLocker. Out-of-date applications can also be patched instantly by pressing the Patch Now button in the portal.
Ringfencing™ - Our optional Ringfencing module allows you to specify what an application can or cannot interact with (i.e., other applications, your files, the internet, the registry, etc.).
Storage Control - Storage Control is an optional module that allows you to customize whether a user can access distinct types of storage, such as USB drives, network shares, and local folders. Additionally, you can configure Storage Control to only allow specific interfaces to access particular file paths.
Syslog Ingestion - The Syslog Ingestion module provides access to install a Syslog Ingester, which will collect Syslog messages that are broadcast in your environment, parse them, and send them to the Unified Audit.
Web Control - Web Control gives administrators the controls needed to restrict specific content accessed over the web through a policy-driven system. Policies can be applied to computers using the ThreatLocker agent for granular configurations as a recommended approach.
Changing the Module Settings for your Organization
Please be cautious when making changes. If you select a module and are not paying for it, you will be billed for it on your next invoice. Your Account Manager can provide further details about pricing.
To add or remove a module from any part of your organizational structure
- Navigate to the Organizations Page.
- To make changes to an Organization, open the dropdown under Modules (formerly Products) and choose which modules to enable or disable.
Once the changes are made, restart the ThreatLocker Service for those endpoints.
- Click the blue name of the organization with changes.
- If there are Child Organizations, select Show Computers for Child Organizations.
- Select Restart All from the Computers page options menu.
If you have questions about these modules or configuring your platform, please reach out to a Cyber Hero. If you want more information about adding modules and reducing your threat surface, please get in touch with your Account Manager.
Bundles
ThreatLocker Unified 2024 includes:
Allowlisting, Configuration Manager, Cyber Hero Approvals, Cyber Hero Managed Detection, Elevation, Endpoint Detect, Network Control, Ringfencing, Storage Control
ThreatLocker Protect includes:
Allowlisting, Ringfencing, Configuration Manager, Network Control
ThreatLocker Unified Endpoint includes:
Allowlisting, Configuration Manager, Cyber Hero Approvals, Cyber Hero Managed Detection, Elevation, Endpoint Detect, Network Control, Patch Management, Ringfencing, Storage Control, Web Control
ThreatLocker Unified Security + Cloud includes:
Allowlisting, Configuration Manager, Cloud Control, Cloud Detect, Cyber Hero Approvals, Cyber Hero Managed Detection, Elevation, Endpoint Detect, Network Control, Patch Management, Ringfencing, Storage Control, Web Control