I am one of two internal support staff for our company of approximately 60 employees. We manage roughly 80 devices, including servers and similar equipment, and utilize ThreatLocker Protect for internal support only. We do not resell this product.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
I am one of two internal support staff for our company of approximately 60 employees. We manage roughly 80 devices, including servers and similar equipment, and utilize ThreatLocker Protect for internal support only. We do not resell this product.
Approving or denying software requests is a simple process for administrators. We have a well-defined workflow, and one of the most convenient aspects is how it handles individual user and computer requests. The beauty of ThreatLocker Protect lies in its ability to approve individual requests while also offering broader deployment options. For example, if a work operation requires specific software and John Smith initiates the request, I can not only approve it for him but also wildcard it. This means that if another member of the same team or someone else in the company wants the same software, they don't need to submit a new request; it's automatically approved based on the initial approval for John Smith. This saves everyone time and simplifies the process.
The visibility into software requests from users is perfect.
We leverage ThreatLocker's Ringfencing technology, which has proven highly effective in our security strategy. While it allows us to whitelist specific applications, it critically prevents those applications from exceeding their authorized access. Even if an approved program theoretically could access PowerShell, the command line, Regedit, or other restricted features, Ringfencing intervenes and blocks such attempts. This granular control is crucial for maintaining a strong security posture.
The need for establishing trust for every access request, regardless of its origin, is crucial. Before implementing ThreatLocker, we faced a significant issue. A department member needed a specific program, so he downloaded it from a third-party site instead of the official source. Unfortunately, the site was riddled with malware. Unaware of this danger, he downloaded and installed the program. Three of us spent two days not just cleaning up the mess, but also verifying that the malware hadn't infiltrated our network. This is where ThreatLocker shines. Even if a trusted program like "Program A" is installed from the official source, ThreatLocker can be configured to only allow future requests from the program's parent company with a valid signed certificate. Any request for the same program from an unauthorized third-party source with an unverified certificate gets automatically blocked. This is truly a powerful feature.
ThreatLocker Protect has significantly reduced our help desk tickets. We used to be bombarded with repetitive requests, particularly software update approvals. The ability to use wildcards for both users and versions in ThreatLocker is fantastic. Previously, when new versions of software were released (e.g., Software A version 1.1), we'd receive up to 15 separate requests for approval. Thankfully, ThreatLocker allows us to whitelist both users and versions. Once we approve Software A from the authorized vendor for version 1.0, we can create a wildcard rule that automatically approves future updates (1.1, 1.2, etc.) from the same vendor. This eliminates the need for manual intervention, saving me an incredible 80 percent of my time. ThreatLocker Protect is truly a game-changer!
ThreatLocker Protect helps our staff focus on other projects.
We saw the value of ThreatLocker Protect shortly after deployment, but it's important to understand how the initial stage works. After signing up and installing the program, the machines enter a learning mode. During this period, ThreatLocker observes and analyzes the software on our devices, identifying common applications and their components (DLLs and EXEs). This learning phase typically lasts around 30 days. While we might not see immediate results during learning mode, it's crucial as it lays the foundation for secure operation. Our first audit review, conducted ten days after deployment, revealed a large number of identified applications because the system was still learning. However, our assigned systems engineer provided excellent explanations and handled the back-end processes seamlessly, eliminating the need for manual intervention. This is one of the program's key strengths. While ten days might seem like a short time to realize the value, it's important to remember the learning phase is essential for effective protection. The automatic learning environment and subsequent transition to secure mode ensure a smooth and efficient deployment process.
I'm deeply impressed with ThreatLocker Protect, and I've been in IT for over 40 years, including four years as a school administrator and teacher. The software is incredibly intuitive and easy to use, even for non-technical users. The interface is clean and well-organized, making it simple to navigate and find what we need. The support team is truly exceptional. They are responsive, knowledgeable, and genuinely helpful. Whether it's a quick question or a complex issue, they are always available to assist. My wait time has never exceeded 15 seconds, and resolutions are typically within five minutes. They even offer regular audit reviews to proactively identify and address any potential problems. ThreatLocker University provides comprehensive, self-paced training that is easy to follow and understand. It empowers users to effectively utilize the software and maximize its benefits. Overall, ThreatLocker Protect stands out for its intuitive design, exceptional support, and comprehensive training. It's a fantastic product backed by a remarkable company culture, making it a true pleasure to use.
The snapshots used in the ThreatLocker University portal are outdated snippets and have not been updated in conjunction with the portal itself.
I have been using ThreatLocker Protect for two years.
We have never had stability issues with ThreatLocker Protect.
ThreatLocker Protect is easily scalable.
The technical support is great.
Positive
Deploying ThreatLocker was surprisingly straightforward. Their documentation guides users through the process clearly, offering multiple options for deployment. From traditional MSI installers to EFCs, users have the flexibility to choose the method that best suits their needs.
It took just five minutes to deploy the software on a single machine. However, for the network-wide rollout, we opted for a cautious, phased approach to minimize potential conflicts. Out of our 60 machines, we selected 10-15 users or computers as a test group. After pushing the update to this initial group, we monitored closely for any red flags or issues. As no problems arose, we gradually added more computers to the deployment in 15-user increments until everyone was covered. This approach, while slower, allowed us to identify and address any potential issues before impacting the entire network.
While two of us were involved in the deployment planning, the actual execution was carried out by one individual. Once they started rolling out the machines, I joined in to monitor the results and provide support. It's worth noting that this single person successfully deployed the software to 60 machines.
The implementation was completed in-house.
ThreatLocker's pricing seems justifiable. We get a lot of value for what we pay, with excellent support, the program itself, and everything related to it being top-notch. If my CTO ever suggested dropping it due to budget constraints, I'd be concerned. While I don't have access to the exact cost, even if it was around five thousand dollars annually, I'd suggest reallocating that amount from my salary to keep ThreatLocker Protect. That's how strongly I believe in the program's effectiveness.
I would rate ThreatLocker Protect ten out of ten.
ThreatLocker Protect is not a significant CPU consumer. We've had it for over three years, and while there have been a few minor conflicts with other programs, they were easily resolved. This is to be expected with any software.
I have a biweekly call with an analyst from ThreatLocker, and they treat our organization, which has only 60 computers, the same way they treat businesses with 4,000 computers.
ThreatLocker Protect is incredibly easy to install. I highly recommend engaging their system engineer for assistance. Don't hesitate to reach out with any questions, no matter how simple they may seem. The ThreatLocker support team is known for its patience and willingness to help. They're happy to answer anything you ask, regardless of your initial perception of the question's importance. So, feel free to be open and honest with them; they'll treat you with the utmost respect.
Users submit applications for installation, and I typically review them, granting or denying access as needed. While the volume isn't high, ThreatLocker Protect provides significant peace of mind knowing users aren't installing unauthorized or malicious software. Our biggest challenge has been user errors causing support requests. To address this, I've implemented rules for applications frequently used in daily operations. It's had a learning curve, but the effectiveness has been noticeable.
Making approval or denial decisions on requests is pretty straightforward for me. I haven't encountered any problems. However, I can see how it might be a bit confusing for less technical users. Things like allowing hashes and understanding all the terminology could be stumbling blocks. Still, I believe anyone with a few months to a year of IT experience would find it manageable. And of course, I was able to grasp it myself.
While allowlisting can help verify specific access requests, it doesn't guarantee overall trust as requests can still originate from compromised sources. In my experience, the zero trust model has proven the most effective approach. Its principle of "never trust, always verify" minimizes risk by scrutinizing every access, regardless of origin. We haven't encountered any security breaches with clients who implemented it, suggesting its efficacy. While antivirus remains a valuable layer of defense, I believe the zero trust framework, particularly in conjunction with ThreatLocker, offers the most robust security posture we've encountered. Thankfully, we haven't experienced any issues with this combination so far.
ThreatLocker Protect provides us with peace of mind. It's a game-changer. With it in place, we can be confident that employees are only using authorized applications, minimizing surprises and freeing up our time for other aspects of our work. We used to spend significant time dealing with malware, but that burden has been greatly reduced. Peace of mind is truly the main benefit.
Allowlisting has significantly reduced the number of tickets we receive from compromised accounts. It's eliminated them. However, we still get tickets from users who are confused about the new process, need things approved, or are feeling impatient. While the volume has decreased, these legitimate tickets related to access limitations are still present. Ultimately, we believe this trade-off is worth it for the sake of enhanced security. This is what we communicated to the team.
Implementing an allowlist has not only freed up our help desk staff for other projects but also aligns with my preference for approved application lists on both mobile devices and computers. This approach ensures smooth operation with minimal complications, and a positive outcome overall.
We utilize allowlisting alongside other security measures, with ThreatLocker as an additional layer. This choice stems from the absence of other comprehensive endpoint protection solutions, ensuring ThreatLocker doesn't overlap with existing safeguards. Therefore, it complements our antivirus for all users.
It initially took a couple of months for us to fully appreciate the benefits of ThreatLocker. While we put our people in learning mode for approximately a week to understand normal system processes, it wasn't until the lack of suspicious activity became evident that we truly recognized the impact. This doesn't diminish the importance of our existing security measures, including sound user guidance, phishing training, and other protocols that discourage risky behavior and minimize software installation needs. In essence, it took some time for the benefits of ThreatLocker to become fully apparent due to the effectiveness of our pre-existing security practices.
When new files arrive and people mention they've been tested twice in the virtual environment, I like to double-check for potential malware by scanning them on VirusTotal and other antivirus platforms. This adds an extra layer of security, which is especially helpful when I'm unsure about approving a file and research doesn't provide clear answers. The sandbox functionality is fantastic. It bolsters my confidence considerably, as it can reveal suspicious behavior like registry modifications even if initial scans are inconclusive. Overall, these features have been game-changers for me.
The current process for viewing software approval requests from end users has room for improvement. While it's generally functional, some users find it confusing. This can be due to either unfamiliarity with the process, unexpected appearance of the request window, or lack of clear instructions. Additionally, the notification box might not be sufficiently noticeable, as some users have reported missing it entirely.
Adding applications to the allowlist can sometimes feel overwhelming. The numerous fields, coupled with navigating the unfamiliar portal, can be daunting, especially on our first attempt. Even with explanations, recalling the necessary information and understanding the required actions for file inclusion can be tricky. I believe the initial learning curve for allowlisting is relatively steep. However, once mastered, it proves to be a valuable tool. My main concern lies with the initial learning hurdle.
I have been using ThreatLocker Protect for around four months.
ThreatLocker Protect has been mostly stable over the past six months. We did experience a single outage that lasted a day, which was disruptive due to pending approvals. However, this has been the only major incident in that timeframe, suggesting overall good stability.
ThreatLocker scales well and has been successfully deployed on all our required devices. We offer it as part of a premium package, but due to its higher cost, adoption among our clients is currently limited. Nevertheless, it meets our scalability needs effectively.
The implementation was relatively straightforward. We developed components or scripts for deployment to devices, avoiding major complications. Furthermore, we have a remote management tool in place for efficient installation.
Installing on everyone's machines is a fairly quick process, typically taking an hour with online devices. While it doesn't require much time, we recently spent two hours on calls with someone to guide us through it. This was because our previous setup, done by someone else in the company, had some errors. We've rectified them now, but it meant changing a few things. Overall, deployment should be smooth and swift, requiring two people and around an hour if all the devices are online.
The implementation was completed internally by our team. Given our extensive experience deploying vulnerability scanners for assessments, this process was relatively straightforward.
I would rate ThreatLocker Protect a seven out of ten. The learning curve is quite steep, especially for those without extensive IT experience. I found it challenging to master and had to rely on my team for guidance on several occasions. Even my manager isn't completely comfortable with it yet. However, once we overcome the initial hurdle, it truly shines.
ThreatLocker requires minimal maintenance, except for one recent instance where we reviewed its configuration. While it's designed to automatically update on user machines, I noticed some devices hadn't yet received the latest version. I manually initiated the update for these devices. The cause of the delay is unclear, though the devices are online, so it might be a network issue.
Ensure all future ThreatLocker users are thoroughly briefed on its functionality. We've encountered surprises among some users regarding the approval requirement for new activities. To avoid such issues, we recommend comprehensive pre-deployment communication, outlining ThreatLocker's purpose, features, and approval process.
