ThreatLocker Zero Trust Endpoint Protection Platform Reviews

We use ThreatLocker Allowlisting for application whitelisting, and zero trust. We utilize the elevation portion to allow access without us having to grant it on an individual basis. We also utilize the Ringfencing portion of the solution to block and protect things that normally we don't want to occur, or could occur on a normal basis.

We didn't have a solution for this specific security feature or package. So we added ThreatLocker Allowlisting 3 yrs ago when we realized that we need to step up our game with cybersecurity nowadays.

ThreatLocker does something different than our other tools, so we kept our antivirus and other protection. We changed tools over time, but not because of ThreatLocker; it sits on top of all of that and provides the security we're looking for.

With ThreatLocker Allowlisting, training is key. If we properly train our staff and go through product training, knowledge bases, and learning processes, it is relatively easy to approve or deny requests. Without this training, we would be lost, as the product is too powerful to guess at. I have a standing appointment with Cyber Heroes every Tuesday at ten am for an hour, where we go through any issues I see, seek help or advice, and approve or deny requests. This also allows us to take a look at our environment as a whole, and make any necessary fixes, modifications, or improvements for our clients. By doing this, we can get to know the product and ensure we use it properly, leading to successful results.

The visibility into software approval requests is straightforward due to the presence of an approval center. We can view all the necessary approvals for our clients in one place. Additionally, we receive an email that creates a ticket in our ticketing system, allowing us to track and follow up on it. This provides us with two locations to manage the process, making it easy to keep track of.

By default, Allowlisting is built-in with Ringfencing, so we would need to take action to turn it off. Ringfencing is enabled for all the major items we would want it for. We can make systems more secure by taking additional steps if desired. Out of the box, Ringfencing is enabled for all the potentially dangerous items that could cause problems if not monitored.

The combination of Allowlisting and Ringfencing helps us block unknown threats and attacks. For example, we allow this application to run, which is fine, but it may try to do something we don't want it to do. By Ringfencing it, we can stop the application from doing anything other than what we intend. We can also prevent other applications from being spawned by previously approved applications. By doing this, we create a container and compartmentalize the application to prevent it from doing anything outside of our intentions.

I believe that ThreatLocker Allowlisting has distinguished us from other MSPs and has allowed us to provide our clients with genuine security in a time when there is no reliable solution for security due to the constant presence of zero-day threats. This is the way we can anticipate a zero-day attack and have the means to prevent it if it does occur, which is what gives me peace of mind.

We have recently (Q 2 & 3 of 2024) are implementing across all of our environments Network Access Control (NAC).  NAC has dramatically improved our endpoint firewall control.  This reduced the access to endpoint to a Zero-trust level.   

We still have some work to do, as we need to approve everything. Once things calm down, Allowlisting will help reduce our organization's help desk tickets. We don't want small changes to be made that we don't plan for. Allowlisting is the best way to set our clients up. Allowlisting requires some effort upfront to get it working the way we want it, but once it's set, Allowlisting will do the work for us.

Allowlisting, once is settled does not add any additional labor or time on our help desk staff.

Since ThreatLocker combined four solutions into one, we saved a significant amount on implementation costs.

When all of these features are combined, we have a strong product. If any of these features were to be used as a standalone product, it would be largely ineffective. However, ThreatLocker Allowlisting has all of these features integrated into one console, making it effective. Without this combination, I would need to use four different products to achieve the same result. The combination of integrated features is the reason why ThreatLocker AllowListing is so powerful.

We are an MSP. One of the benefits of this product is that we can monitor our clients' activities beyond just removing the software. Even if they don't have military privileges, we can still keep track of what is happening in their environment, such as file access, application installation, or network access. We can see what they are doing, and we can allow the activities that they are supposed to be doing and prevent them from doing activities that could be harmful to them or us. This enables us to have a lower cost of management for our clients, which would otherwise require more effort.

We identified several areas that we would like to see improved. We submitted these as feature requests and ThreatLocker has acknowledged them. They are in the process of being implemented and many of them have been completed in the past year and a half, which we are delighted about. For example, I had been asking for the ability to copy a policy for a few months, and then it suddenly became available. This saves us a lot of time because if we set something up for one client, we don't have to do all the work again for another client; we can just copy it.

I have been using the solution for 3 yrs

ThreatLocker pushes the boundaries of technology while also integrating well with the core of the operating system. So far, we have not had any problems, so I would say it is quite stable.

ThreatLocker Allowlisting is highly scalable. We currently have thousands of endpoints on it and could easily have ten times more. There is no limit to ThreatLocker Allowlisting scalability.

The technical support is excellent. I appreciate when a solution has great tech support because I don't have time to spend trying to figure out an issue that needs to be fixed quickly. I don't want to have to talk to someone who doesn't know what they're doing when I reach out to them; they usually resolve the issue within minutes. We can contact them by phone, email, or text and submit a ticket, and they will provide an answer promptly. The technical support is truly remarkable.

Positive

The initial setup is straightforward. I was fully involved in the initial setup for my company and in getting ThreatLocker running. We then passed it on to our certified and knowledgeable techs, who can now do it. When we initially rolled out and deployed, we wanted to make sure we were monitoring ThreatLocker closely. 

ThreatLocker has lots of documentation and explanations on how to deploy it. I strongly recommend using their free concierge service with Cyber Hero to guide you step by step. This eliminates the need for you to figure it out on your own. Their professionals will help you deploy properly and successfully. This is one of the great benefits of this company and product, as they want us to be successful with their product.

The deployment was done primarily myself with a script and we deployed two thousand endpoints over a three to six-month period. 

Our deployment covers approximately fifty companies in multiple countries, with multiple sites across those companies. Some of the companies have more than two hundred endpoints.

The implementation was completed in-house.

There is certainly a return on investment due to the increased control we have over our clients' environments and the peace of mind it provides us and them. ThreatLocker is an additional layer of protection that surpasses our standard security measures.

The price is very reasonable, and we have been able to integrate ThreatLocker with all of our clients. We do not offer it as an option for only some of our clients; it is a standard feature for all of our clients. One of the reasons for this is that the pricing is quite reasonable considering all that ThreatLocker offers.

I attended several conferences and viewed numerous demonstrations, and I found ThreatLocker to be particularly impressive. I was very impressed with the features and product design, which showed that a great deal of thought had gone into it. I believe ThreatLocker is quite advanced in comparison to some of the other products on the market, which are more established but have yet to achieve what ThreatLocker can already do.

I give the solution a ten out of ten.

With any product of this type, we should always maintain ThreatLocker Allowlisting. The more we maintain it, the more successful it will be and the more secure our environment will be. Maintenance should become part of our normal routine to manage our environments.

Potential users should take the time to work with Cyber Heroes in deploying ThreatLocker AllowListing, learning how to use it, and managing it. They will be very pleased with the results. They should not attempt to do this alone; it is not something they should have to do on their own, given the services ThreatLocker provides.

We're an IT service provider that acts as an IT department for companies that don't have one. We take over a company's IT infrastructure, look after, manage, and secure it. ThreatLocker is a part of our security stack. 

We've got multiple products and vendors that we use, and ThreatLocker is a tool we provide to clients who need it. We use it to control access, block specific programs or activities, and manage things like USBs and other devices. For example, if no one's allowed to use the USB device on the computer, we can do that with ThreatLocker.

ThreatLocker has freed up help desk staff for other projects by saving us time. We don't need to do workarounds to get things to work. It's effortless to deploy. We send out the software to the machines as we would any other piece of software, and it automatically sets up everything in the portal. It works most of the time without the need to configure anything manually.

Adopting ThreatLocker has helped us consolidate solutions. For example, we previously used another product for USB blocking, local administrator access, and things like that. Now, we have that functionality built into ThreatLocker. We can deploy different policies to machines to do other things. And I think there's a community where people can make policies for all the tools. Those solutions were separate paid products, so eliminating them reduced our operational costs. 

The most valuable feature is probably the ability to block programs from running. ThreatLocker has some built-in features that make it super easy. You can also contact their support within the program. If you're having issues, you can click on that button and connect with someone in five to 10 seconds. 

It's easy for administrators to manage requests through ThreatLocker. It's set up so we can get notifications in our ticketing system. Every notification ThreatLocker sends contains a link that we can click. We sign in, look at the options, and select the one we need to apply.

The process is straightforward from the end users' perspective. If they try to run something that they're not allowed to run, they get a popup saying that in plain English. There's a little button they can click to cancel it or request access. If they request access, they're asked why they want to run this and then they click send. That's all they need to do. They don't have to call anyone.

ThreatLocker's ring-fencing capabilities are excellent. I haven't seen any other products that do it. It's certainly not built into Windows. It's quite good, but it could be a bit more granular with the options that it gives you. However, the existing options are enough to cover 90 percent of scenarios.

The solution is effective for establishing trust for requests. For every request that comes in, it tells you who sent it and the reason why. It also gives you a breakdown of the application the user wants to run, and it'll tell you things like the company that published it. It also has links that will take you to a virus-scanning website that has scanned the file in the past, so we can see straight away if it's trustworthy or not.

The portal can be a little overwhelming at times from an administration point of view. It displays a lot of information, and it's all useful. However, sometimes there is too much on the screen to sift through, especially if you're trying to diagnose a client's problem with a piece of software. Maybe something has stopped working since they updated it, and we need to see if ThreatLocker is blocking a component of that software. 

We must look through the logs, and there's an awful lot of information to go through. It has many options to filter out that information, and it becomes much easier once you've had some training. Still, there is so much information on the screen. 

I have used ThreatLocker Protect for around two or three years.

Yeah. Never never noticed it. So Yeah.

I can imagine it's very scalable. Yeah. We've got it, like, clients many two people up to, like, fifty. So, yeah, it seems for it's got I think, obviously, you can go much much higher I

I rate ThreatLocker support 10 out of 10. They're quick and helpful. Whenever I've had a problem, they've fixed it for me. They have this Cyber Heroes feature, which is a button built into the solution that connects you to support within seconds. I've only used it a few times, but they have been spot-on every time. 

Positive

The deployment was straightforward, but we had a lot of hand-holding from the ThreatLocker team, and they did regular review meetings with us to ensure we're on track. We would do a Zoom meeting where a guy would go through it and do a lot of the work for us.

It doesn't take long to set ThreatLocker up for a client. It takes around 30 minutes to add the client to the portal, get the software, and deploy it to the machine. After that, we let it run in learning mode. It runs in the background for about a week. That part is automated, so we don't need to do anything. Once that's done, we probably spend an hour or so just looking through what it found and ensuring everything's all settled. After deployment, it doesn't require much maintenance aside from keeping everything up to date. 

I can't complain. Cheaper would always be nice, but I think it's reasonable compared to other software in the cybersecurity market.

I don't think there was anything else on the market that does all the same things as ThreatLocker. If there was, I was unaware of it. 

I rate ThreatLocker eight out of 10. Before implementing ThreatLocker, you should consult one of the company's support engineers. Don't try to do it by yourself because there's a lot of information there. They've got some excellent documentation, but I personally like to be shown how to do it. 

We have deployed it across many clients, including a major client in the caretaking business. They need to be protected well. I am quite satisfied with the product.

I use the product to monitor what users can or cannot do, with variations for each type of customer. We are starting to consolidate all clients into one comprehensive map.

The portal is easy to use and provides a centralized region for management, which is beneficial.

It helped us to consolidate security products. We previously worked with another product but switched to ThreatLocker. It eliminated the need for another product, as ThreatLocker combines multiple functionalities. We used to have antivirus, but if you can block computers from doing anything, the virus has no chance or very little chance.

The endpoint protection itself is very valuable because that is the primary feature I am using. We deal with a lot of users who are not always aware of what they are doing while using their computers for business. In the caretaking business, you have several people who are not IT-minded. Phishing emails or things like that can happen very easily.

It is a comprehensive platform that allows you to do a lot of things. We are not using all the things yet, but it keeps our clients safe, which is the main service we aim to deliver as an IT partner.

The company should strive to stay ahead of all the developments happening externally. If their progress accelerates more rapidly than the ongoing changes outside, it would prove advantageous.

I have been using the solution for more than a year. 

The stability is satisfactory.

It is scalable.

Customer service is good. The Cyber Hero program ensures there is always someone available to help. It was one of the reasons to go with this solution.

Positive

We worked with Enable. We changed it because our company saw ThreatLocker at a convention. They were convinced that the product would do better.

The setup was straightforward. We utilized another platform to deploy ThreatLocker, and this eased the process.

We implemented it ourselves.

I do not deal with pricing, but I assume it is cost-effective for us. We choose a solution based on functionality and affordability.

We did not evaluate other products.

It is easy to use, but we are having some difficulties as we are still learning how to best deploy it for our customers and adjust the endpoints so that they can work efficiently and do whatever they need to do. Even though you put machines in learning mode, it requires finetuning. For some business clients, it is okay, but other clients, particularly the smaller ones, have to be able to do a lot of things. It can be difficult to have that balance.

It has not helped reduce our help desk tickets. We are still in learning mode, and after we are fully knowledgeable, we will be able to see some ticket reductions.

I would rate it eight out of ten. Nobody deserves a ten.

We use ThreatLocker Allowlisting to control inventory and manage software. We want to make sure that we know which software is being used on our client computers and that we are only allowing approved software to run. This is in line with the principle of least privilege, which ensures that users are only allowed to do the things they need to do and not the things they don't. This is especially important for shared-use computers and different environments where users on the same computer may have different access levels.

The visibility into software approval requests of end users is easy. We not only have approval requests pushed directly into the platform, but we also have a ticket opened in our ticketing system. As the manager, I can run reports to see what requests are coming in from client organizations and how my technicians are handling them. This makes my life easier from a managerial perspective.

The combination of ThreatLocker and Ringfencing is excellent for blocking unknown threats and attacks. For example, we can ensure that all software stays within its designated sandbox. This means that I can run the PowerShell scripts from our RMM software, but nothing else can run the PowerShell scripts. With Ringfencing, we can say, "Allow this to run, but not that," or "Allow this website to be accessed to download an installer, but don't allow other websites to be accessed." Other use cases for Ringfencing include selective elevation of a process. For example, if a user needs to run QuickBooks and is elevated to an administrator to do so, then all privileged processes will also be elevated. However, with Ringfencing, we can prevent QuickBooks from opening PowerShell or anything else that it is not supposed to open. This helps to keep us safe and prevents unknown threats from exploiting compromised privileged processes.

In line with the textbook definition of a zero-trust model, every request must be approved. This can create some tension with clients, so it is important to get their buy-in on the process. With ThreatLocker's learning mode, we can make the approval process invisible to clients for the most part. We manually select which requests to approve and which to deny. By the time we set ThreatLocker to enforce everything, we have a good baseline of what is allowed and what is not. We have also communicated everything to the clients and found procedural ways to reduce friction.

ThreatLocker Allowlisting can help to reduce helpdesk tickets. On the one hand, we do receive approval requests with some regularity. However, on the other hand, overall tickets are reduced because we no longer have everyone trying to install iTunes or wondering why they're getting pop-ups in their browser because they have three different browser add-ons for coupon clippers that are laced with malware. After all, with ThreatLocker, users are not allowed to install these programs, to begin with, which reduces the tickets we would get after they've been installed because they're unpublished installations that any standard user could complete. The net result is an overall reduction in tickets, although there are some tickets required to manage the approvals.

ThreatLocker Allowlisting has saved our helpdesk around a 15 percent reduction in overall tickets. With the average handle time for a ticket being 14 minutes, if I have 100 tickets in a month, each one will take 14 minutes, for a total of 1,400 minutes per month.

The most valuable feature is selective elevation, which allows elevating an individual process to admin privilege without granting admin privilege to that user, which has been by far the most useful feature outside of the overall solution itself.

Approving or denying requests using the software can be more difficult to do correctly. Overall, it is easy to use, but it is not the easiest in the world to get right. There are some nuances and things that we need to understand.

ThreatLocker Allowlisting needs to improve its user interface and overall workflow. The UI looks very dated and is challenging to navigate, and we spent more time training technicians on how to interact with ThreatLocker than on what to do with it. The user experience needs a lot of work, but their beta portal is solving a lot of that. If I had to pick any lingering difficulty, it would be the learning curve to grasp how ThreatLocker manages what is allowed and the details around that.

I have been using ThreatLocker Allowlisting for almost two years.

We experienced some delays with our cloud agent. For example, when we changed a policy, it would take five minutes for the agent to receive the change. Or, we would tell the agent to enter a specific mode, and it would take five minutes for the agent to comply. This caused some delays in our ability to deliver services. However, the cloud provider has eliminated this issue. We now typically wait no more than thirty seconds for the agent to respond to our requests. This was a problem when we first started using the cloud agent, but it hasn't been a problem for about six months now.

We have had no scalability issues whatsoever, even though our largest environment is only about 75 endpoints. We are not working at the same scale as much larger companies, but for our size, ThreatLocker has been perfectly scalable. Whether I am deploying to one person or ten people, the same script is pushed out by the RMM and everything loads up in ThreatLocker within a matter of minutes.

The technical support team at ThreatLocker is incredibly experienced and knowledgeable. I especially value two things about interacting with them. I never have to wait long for a response. As chief operating officer, if a problem reaches my desk, it means that everyone below me has already tried and failed to solve it, or they simply didn't want to get ThreatLocker support involved. Since I have the most experience in-house, I'm usually the one who engages with ThreatLocker support. When I do, I never have to wait long to speak to someone who knows what they're doing. I always get escalated to the right level technician, even if I'm initially connected with more junior tech. ThreatLocker doesn't waste time walking me through scripts, procedures, and processes. Instead, they escalate my issue to the right person immediately so that they can help me solve whatever creative problem we're facing.

Positive

We had some experience with Microsoft's AppLocker, but managing it required too much manual effort for our small team that required a dedicated full-time employee. ThreatLocker Allowlisting is much easier to manage.

The initial deployment was straightforward. ThreatLocker provided the script to use in our RMM software. To deploy the software, we made some tweaks to accommodate our environment. We were then able to push out the agent in an entirely automated fashion. We had three people involved on our end, but it could have been done by a single person. We divided responsibilities to bring the product to market faster.

The implementation was completed in-house with the support of the ThreatLocker team.

In addition to the overall time savings, there are also quantifiable costs associated with the number of malware attacks that have been stopped by ThreatLocker. I can think of at least four or five instances where an executable file was blocked by ThreatLocker before it could be detected by SentinelOne or any of the other security solutions on the machine. It is difficult to say definitively whether SentinelOne would have detected these files after execution, but I do know that ThreatLocker has helped to improve our productivity and our clients' productivity by preventing users from installing unauthorized software, such as iTunes on work computers or Spotify on protected machines. By limiting users to only approved software, ThreatLocker has also made our jobs easier as IT service providers, as we no longer have to spend time hunting down unauthorized software, uninstalling things, or remediating malware, bloatware, adware, etc. As a result, we are dealing with far fewer rogue browser extensions, which has led to a reduction in tickets and overall management overhead.

We realized the benefits of ThreatLocker Allowlisting after six months of use. This was because we needed to become familiar with the product, build our baselines, and understand how it worked. We also needed to establish routines, build workflows, train our technicians, and educate our clients on how to interact with the software. By the six-month mark, we began to see a return on investment, and it was fully realized by the one-year mark.

The price of ThreatLocker Allowlisting is reasonable in the market, but it is not fantastic. It is also much less expensive than some other products we use.

We considered Auto Elevate from Cyberfox and Microsoft's AppLocker, but managing Microsoft's AppLocker would have required too much manual effort for our small team which would require a dedicated full-time employee. ThreatLocker Allowlisting is much easier to manage. ThreatLocker Allowlisting is a more comprehensive solution, and we liked the way that ThreatLocker said they would support us better than the other companies. With the other companies, it was more of a traditional support model, but with ThreatLocker, we have an average wait time of 30 seconds on our support chat. In the year and a half, almost two years, that we've been with ThreatLocker, this has always been the case. We've never had to wait more than 30 minutes to get a live human being who is an expert on ThreatLocker. If they can't solve the problem, they'll escalate it to someone who can. Beyond that, they stand behind their product. Because it's such a complicated product, and we're a small company, this was all the difference to us. We knew that if we had problems, we would have their team to lean on for help, and they've stood behind their product.

I would rate ThreatLocker Allowlisting nine out of ten. ThreatLocker Allowlisting is not a perfect product, but they do a fantastic job of continuing to improve it and make it more approachable.

There are management and overhead costs, as well as maintenance costs associated with changing or updating the lists. There is also some limited maintenance required as programs and hashes change. Additionally, we need to make some updates to properly maintain the lists, consolidate policies, and so on.

Try ThreatLocker risk-free and work with their team. They can make their complex product more approachable so that users can see its benefits and capabilities.

It's a solution for software whitelisting. It blocks applications from running. If there is any DLL or something else running on your computer, the admin or admins of the service get an alert. If an end-user is trying to install something that has been blocked by the organization, the admins get alerted.

We can sleep easier knowing viruses aren't installing things, employees aren't installing things, and nothing is running without someone getting an alert and having eyes on it and approving it.

Ringfencing is a great feature. There is grainy clarity. You can get down into the Ringfencing where you can either completely ring-fence something or you can manually choose what you want it to reach out to. The combination of Allowlisting with Ringfencing for blocking unknown threats and attacks is a great combination because you want to allow the software, but then you, as an admin, are not aware of what every piece of software does. So, you wanna start off being strict and just allow the application, but you would want to ring-fence it in case it beacons out to the internet or goes over ports that you don't think it should be traversing across. That's ringfencing, and it blocks that, but then when the end-user reaches back and says that a part of this software isn't working as it should be, then you can get into that granularity where you can look at the ringfencing policy. You can adjust the ringfencing policy from the strictest to allowing certain parts.

Establishing trust for every access request, no matter where it comes from, is a wonderful thing, and it's needed, but it can hinder and slow down. It adds steps for the end-users because they can't just go wild and install whatever they want, but ultimately, that's one of the main reasons why we invested in ThreatLocker and why we love it because it actually works as they say it should.

In terms of Allowlisting helping us reduce our organization’s help desk tickets, it's twofold because if we didn't have this, we would be getting tons of help desk tickets about bad things happening in the company because people are allowed to install whatever they want. They could be watching Twitch, YouTube, etc. They could be installing video games, which in itself would then create tons of help desk tickets for us. On the other hand, anytime someone wants to install something, we would get a help desk ticket for it. So, either way, we'd be getting help desk tickets, but at least the help desk tickets that we're getting for ThreatLocker are the type we want because now we know we're safe and secure and we're ahead of the curve for safety. Instead of being a reactive help desk ticket where you install something, and your computer is broken, now it's more proactive where you raise a ticket to install something, and your computer is not infected. We don't have to spend hours reimaging, tracking things down, being a victim of ransomware, etc.

Allowlisting has helped to free up help desk staff for other projects because now, we can allow elevation, and we can allow the approvals from an admin through it. We don't have to send people physically to go to a person's desk to do installations or set up online meetings with them to share out where we can assist with the installs. It has freed up time for the help desk staff.

Allowlisting has helped to consolidate applications and tools. We now get to see what everyone is trying to install, and we can find out why people are installing a particular application when another one has already been approved to do the same type of thing. Previously, we didn't know about that. One of the big ones would be SolidWorks. A lot of people have looked at three applications for drawing, and when we see that coming through for a request, we can suggest and ask them what about SolidWorks, and then they use that.

Feature-wise, the learning mode and the fact that it's blocking everything are the most valuable. I don't see why more companies don't use the type of product.

I like how it blocks everything. The learning mode is another feature that I like. It operates in the learning mode in the beginning. When you first get it set up in your environment, you don't want every computer to not be able to work and not be able to run the normal fresh install of Windows or other operating systems, so when we first got it set up, we were able to put it into learning mode, which was wonderful. The learning mode is a great feature they have where the computer allows everything and just learns about your typical environment and then makes a good baseline from there.

The idea that it can block everything is wonderful because, in our company, we have to follow the cybersecurity requirements of the Department of Defense. They have very strict guidelines. This software helps us meet and cross off the many cybersecurity checklists for the environment, especially for software installs and what's allowed to run in our environment. That's one of the greatest features.

Its graphical user interface is very intuitive. It's very well laid out and detailed, and it's very easy to find things. I don't have anything to suggest to them in that regard. I've made other suggestions to their company for some features, but for the way its interface is or for proving things or how to use it, I've had no suggestions.

A great thing is that you have to be their customer, but with no extra add-on, you can have access to their ThreatLocker university, where you can learn and watch videos on how to do everything.

Another great thing is that they have online cyber heroes, and I have never created a ticket and waited more than five minutes until a live person was on my check. They're immediately able to get into my tenant. They can set up a Zoom call and share their screen and show me exactly what I'm missing or where to go.

You need to have ThreatLocker agent software on every client or every computer that you want to be protected by the ThreatLocker Allowlisting application. If you have a thousand computers with ThreatLocker agents on them, when you approve or create a new policy saying that Adobe Reader that matches this hashtag and meets certain criteria is allowed to be installed, it applies at the top level or the organization level. It applies to every computer in the company. When you make that new policy and push it out and it goes out and updates all of the clients. Unfortunately, at this time, it does not look like they stagger the push-out. If your company only has a 100-megabytes internet line and you send out that update of 1 megabyte to a thousand computers, because it's sending that out to a thousand at the same time, you're using up a thousand megabytes right there. So, you could saturate your network. We have suggested they stagger it. If the system sees that there are a thousand computers, it should just try to send out to a hundred, and after that's completed, send out to the next hundred. That way, it's not saturating your network.

Other than that, feature-wise, it's a great solid product. I have not come up with anything that they should do. Even when I thought I had an issue, they showed me that I have to look here to adjust that setting. For example, when you first join a computer, it automatically puts that computer in learning mode. You can set the time for how long it automatically stays in the mode. I believe the default setting was a month or something like that, and we thought that was too long. Their cyber heroes helped me find the area to adjust that. They already had the solution for that. I just wasn't aware of it.

We have been using it since September 2021.

The part that can cause bandwidth issues is one of the only things where I see companies not going with them, but they probably wouldn't know that until they finally get to use the product. That would be the only downfall to it.

It grows with your company, and it learns with your company. It's very good with scalability. They're always pushing updates. It's learning all the newest software that comes out. It's picking up. I'd rate it a 10 out of 10 in terms of scalability.

It's required on every computer and every server in our company nationwide. We're pretty small. Our computer count is 225. We have 120 users, but we have servers. Some people have multiple computers. We have lab computers. We have computers that are just stationary set up to 3D printers. Every computer has to have it. That's why we have more computers than employees.

Their support is phenomenal. I rarely say that about customer support. We all have had our nightmares with certain customer support scenarios, but I've not run into any issues with ThreatLocker. They are one of the best. I've been in this industry for over eighteen years. Not just in this industry, but also as a person, you deal with customer service everywhere you go, such as McDonald's, Target, Comcast, Verizon, etc. ThreatLocker support is one of the best I've ever experienced. I'd rate them a 10 out of 10.

Positive

We didn't use a similar solution before. The closest solution we ever used was to whitelist the internet. So, you cannot go out to any website unless you've requested it, and it has been approved. Once we approve it, anyone can go to that website. We used a proxy for our internet traffic.

I personally don't physically deploy it. It gets pushed out by our software center. Any new computer gets the client installed, and then that client with API package and everything else reaches back to and joins our tenant, and then we see it in the dashboard. My role is to make sure that every new machine has it. I am the admin for our company for ThreatLocker. I do audits on what the system sees as how many computers we have connected to ThreatLocker, and make sure that I'm deleting any computer that was removed from our domain. If any new computer joins, I have to make sure that it does register in ThreatLocker because sometimes, because of an internal networking error or something else, computers get the client, but it doesn't beacon out and get associated with our tenant. So, I have to do that.

Its implementation was very quick. Once we got it, it took maybe a week to work with the team to get everything staged. When it was first introduced, we left our computers in learning mode for several months, which is highly recommended. That's how we worked with ThreatLocker support and how they helped us get it all set up. After six months of learning our environment in terms of what's normal, what's allowed, and what they shouldn't block, the keys were handed over. We were told that this is our baseline and to go from there.

Its maintenance includes receiving updates on a new package. I also audit it because even though employees see a request pop up, not every employee would click on it because they won't know. So, I still need to audit. For example, a bad virus wants to run on Bill's computer. Bill will see a ThreatLocker popup saying this thing is trying to run. A lot of times, end-users think that they didn't run anything, so they just hit cancel, and I won't get alerted for that. So, I do have to physically go into the audit. Often, I look and just pull up an audit since the last time to see everything that got blocked. I go through it, and I still look for anything that was malicious because we still have to be aware of that so that we can take action.

The other part that I have to do maintenance on is just making sure that the license count is correct, and that the number of computers that the user interface says are registered is similar to what we have. I go in there and make sure that there are truly that many.

We have seen an ROI. Knowing that ransomware or viruses have been stopped and can't process, the savings pay for it.

Its time to value was within one week. In the first week, we got to see what was getting blocked. It was very eye-opening to see what was happening on all the computers with the processes that we were trying to run or install. It was definitely within the first week.

Considering what this product does, ThreatLocker is very well-priced, if not too nicely priced for the customer.

I know my manager did evaluate other options. I don't recall which products were looked at, but their features were very similar. Their price was extremely high, especially compared to ThreatLocker. 

Before you buy, you need to educate your employees and let them know this is adding a safety step to the process of installing software. You also need to be prepared because if the admin isn't around, then you're going to slow down. The person is not going to be able to install the software. That is something you do need to be aware of.

It's extremely easy for an admin to approve or deny requests using Allowlisting. The only caveat to that is that because of the way that ThreatLocker is set up and how minutely you can dive down into a software install, there could be issues with some pieces of software. For example, I approve of you installing Adobe Reader. If you run that install from your desktop, and I approve it, there's a certain way to say I want it to approve this exact installation. What that means is that I approve it for that one person. If someone else tries to run that exact same install package, but it, for example, is not from the desktop and is from a shared drive or from a USB, because of that one tiny change, it will technically get blocked. To some people, it's a little confusing. If you understand how the system works, it's easy. You can use a wildcard to say this install package can be installed from any location. So, when you learn those little tips and tricks, it gets a whole lot easier, but in the very beginning, if you're fresh getting into this, or it was thrown in your lap and you were told that you're the administrator for ThreatLocker, it can be a little confusing. The great thing is that ThreatLocker has something called the install mode. Basically, you're putting a computer in a mode for a temporary amount of time, which the admin can control. When a computer is put into the install mode, ThreatLocker won't block anything. You can go ahead and run any executable. It'll allow the installation, and it'll apply it to that application or policy name that you wanna apply it to. If you're doing it for Adobe, you could add it to the Adobe Reader policy. So, it's very easy. Even if you had any issues, their support is phenomenal.

Overall, I'd rate ThreatLocker Allowlisting a 9 out of 10.

We are a managed service provider offering comprehensive network and security monitoring for other service providers. We remotely monitor our clients' systems, many of which utilize ThreatLocker. This application allows us to provide end-to-end technical support, including proactive protection against malicious scripts and applications. ThreatLocker prevents unauthorized installations and execution of potentially harmful programs, such as PowerShell or CMD scripts, by blocking them in real-time. Essentially, it's a comprehensive security application that logs events, captures data, and aids in recovery and analysis, enabling us to understand and respond to security incidents effectively.

We have deployed ThreatLocker in the Azure and AWS clouds for some of our customers, while others utilize it in a hybrid model.

Administrators can easily approve or deny requests using their ThreatLocker allow list. With full access, an administrator can enable learning mode or create exclusions for any user, allowing them to execute specific files or actions within their user space.

The software provides superior visibility into end-user software approval requests compared to other EDR applications I've encountered. Real-time scanning is available when an exclusion occurs, and the software captures comprehensive logs of all activity on the machine.

We use allowlisting once a user access request is submitted. We verify the reason for the request and, once verified, we send an email notification to the requesting user. After approval through the ThreatLocker console, the user can access and execute the requested resources.

ThreatLocker has significantly improved numerous techniques that mitigate vulnerabilities and viruses initiated on the back end of a network. This prevents recurring attacks that utilize script files or various hacking methods by stopping them at the network level.

Previously, users with installation privileges often installed various third-party applications without oversight. ThreatLocker prevents unauthorized application execution, requiring users to submit installation requests. Since most users are reluctant to request third-party applications, this policy significantly reduces the volume of help desk tickets related to software installation and troubleshooting.

ThreatLocker helps consolidate applications and tools.

ThreatLocker's most valuable feature is its scanning capability, which executes all types of executable files. Rather than denying specific applications, it denies all applications originating from the back end, providing comprehensive protection.

ThreatLocker would benefit from incorporating an antivirus feature or comprehensive 24-hour log monitoring, a valuable enhancement for both business and enterprise-level users.

I have been using ThreatLocker Protect for approximately seven to nine months.

I haven't experienced any performance or stability issues with ThreatLocker.

ThreatLocker is highly scalable and useful for real-time protection.

ThreatLocker's technical support process could be streamlined by reducing the number of steps required to reach a human agent. Currently, users must navigate through multiple chatbot interactions before being connected, which can be time-consuming and frustrating.

Neutral

The initial setup involves deploying the solution through an agent procedure within cloud platforms. Configuration is done according to system administrator instructions, and policies are set accordingly.

A team of five is involved in deploying and configuring ThreatLocker, as well as monitoring its use.

The measurable benefits of using ThreatLocker include ensuring real-time protection of organizational resources and maintaining user authentication and protection levels to reduce risks. It fosters business growth by securing the business module.

I rate ThreatLocker Protect eight out of ten.

There is no maintenance required by the customers.

The endpoint value typically falls within the range of 300 to 450 per MSP, although this can vary depending on the client. Larger enterprise-level clients may have up to 500 endpoints.

I recommend purchasing the exact number of agent subscriptions needed for the environment to avoid unnecessary expenditures.

We use ThreatLocker for application allowlisting to enhance security. This is particularly beneficial in school environments, where it prevents students from bypassing security measures by downloading unauthorized applications like VPNs and elevation control, enabling specific local users to gain temporary administrator privileges when running designated applications.

ThreatLocker utilizes a cloud-based system where an agent is deployed on a server or workstation, either on-premise or in a cloud environment like Azure. This agent connects to the ThreatLocker cloud for management and security functionalities.

ThreatLocker simplifies the process for administrators to approve or deny requests. Built-in applications streamline approvals as ThreatLocker manages all associated rules. If a built-in application exists, administrators simply select and allow it. However, if a built-in application is not available, administrators can select from various parameters to create a customized rule. Overall, ThreatLocker provides a relatively easy and efficient approval process.

We use ThreatLocker's ringfencing feature to implement the principle of least privilege. This allows us to control applications like Microsoft Word and Chrome by permitting them to run while restricting potentially malicious actions, such as Word executing PowerShell scripts. This granular control enhances the security of our environment by limiting what applications can do.

ThreatLocker enhances security by verifying the trustworthiness of all access requests, regardless of origin. Its built-in checks ensure applications match their claimed identities, such as confirming that "Word" is indeed Microsoft Word. Additionally, ThreatLocker provides a testing environment to execute executables and scripts in a virtual machine, verifying their legitimacy. Finally, integration with VirusTotal allows for hash analysis, providing further validation. These combined checks offer a robust system for confirming the authenticity of user application requests.

We saw the benefits of ThreatLocker quickly, especially during security incidents. For example, we had a customer where ThreatLocker successfully blocked a threat actor's attempts to install malware and exfiltrate data using legitimate tools. This immediate visibility is crucial, particularly in environments like schools where students might use various unapproved Chrome extensions. ThreatLocker allows for swift action, like blocking ten different VPN extensions, preventing further unauthorized activity.

ThreatLocker has allowed us to consolidate applications by deciding which ones we permit, such as choosing between Firefox or Chrome, while not permitting Opera or Brave. This means we only focus on two browsers for patching and security purposes. It helped us to immediately identify and block unnecessary Chrome extensions in schools, like VPN extensions. We have experienced quick visibility into what students are trying to use and gained more control over our applications.

I find the application control valuable. ThreatLocker provides visibility into user activity and application usage, empowering organizations to define acceptable applications and web browsers. Additionally, elevation control eliminates the need for local administrators by streamlining privilege elevation for specific applications and updates, resolving the challenges customers previously faced with managing local admin rights.

A valuable addition to ThreatLocker would be a column in the audit page displaying a VirusTotal score for each file. This would allow for quick identification of potentially malicious files during allowlisting. Currently, ThreatLocker has a risk scoring system, but integrating VirusTotal results would provide more granular insight. This would enable users to efficiently assess the safety of audited files and prioritize those flagged by multiple antivirus engines for further investigation.

I have been using ThreatLocker for about two years.

The system is generally stable, with one exception during a customer demo where the portal froze and some applications failed to load.

ThreatLocker is scalable. We have customers with ten endpoints to thousands of endpoints. It scales well across different customer sizes and requirements.

ThreatLocker's customer support is exceptionally fast, typically connecting me with a representative within a minute of submitting a ticket and enabling a Zoom call within three to five minutes. While the support team demonstrates knowledge about ThreatLocker, they occasionally provide hasty answers without proper verification, leading to subsequent revisions.

Positive

The initial setup was easy and well-supported by ThreatLocker's documentation and training.

Most new onboardings require approximately 21 days of learning mode before transitioning to secure mode. Therefore, it typically takes about 21 days to a month for an environment to reach secure mode.

I am the one responsible for all the ThreatLocker deployments.

The implementation was completed in-house.

I handle the technical aspects, while my manager deals with pricing. Although the pricing seems good, there have been inconsistencies in contract negotiations. What we are told during calls sometimes differs from what is communicated later causing frustration.

We considered CyberFOX, but it prioritized elevation over allowlisting. ThreatLocker remains the only effective allowlisting tool we've found.

I would rate ThreatLocker nine out of ten.

The agent can be set to update automatically, which is the default setting. ThreatLocker handles the maintenance of the agents. Once in secure mode, the primary maintenance task is approving new application requests from users.

I primarily use it for protecting my clients.

I can sleep well at night. At the end of the day, it provides me with peace of mind.

It has helped to eliminate other security solutions. We do not need as many. We do not use many because we can trust the solution. We were using Sophos. That is completely gone. We are using Penetrates as well because it works very well with ThreatLocker.

It has been great at blocking access to unauthorized applications. It is almost perfect. We deal with developers who use a lot of tools. From a security standpoint, it is very important because we know what is going on. It gives us more visibility.

It has not reduced helpdesk tickets. It has probably increased them by blocking applications and doing its job, resulting in people raising more tickets to know why they cannot use certain things.

It has not freed up the IT team’s time for other projects or tasks, but it is doing its job. It is a good one.

The Zero Trust factor is valuable because it blocks everything. That helps us to stay ahead of bad actors. We do not have to be in recovery mode. 

It is light. It does not give that weird heaviness. It just works. 

So far, it has been great. The Cyber Hero support system is excellent. I have no complaints, but a little bit more Mac support would be great.

It is very easy, but having a dashboard so that we can visualize more might be helpful.

I have used the solution for about a year.

It is great. We have had no issues so far.

It seems great, but we are still growing. We will know in a year.

Cyber Hero's support is excellent, allowing me to talk to a live person, which is significant. It has been amazing.

Positive

We had a bad experience with Sophos. We have industrial printers that we use, and they would just lock in. There was no visibility. We did contact Sophos, but they did not have any solution. The manufacturer also did not have a solution. We just could not figure it out. It was hindering the production.

The initial setup was seamless and very easy. We use Datto RMM.

We implemented it ourselves.

We are still small. We are still growing, so we are not at the stage to know about the ROI or any reductions in the operational costs.

So far, it has been great. I have no complaints. Of course, everybody wishes it was cheaper.

It does what it is supposed to do. Just knowing that it works as intended is reassuring. There are a lot of other EDR software, but you do not know if they are doing their job. With ThreatLocker, I can tell that it works.

I would rate it a ten out of ten.