ThreatLocker Zero Trust Endpoint Protection Platform Reviews

We use ThreatLocker for application allowlisting to enhance security. This is particularly beneficial in school environments, where it prevents students from bypassing security measures by downloading unauthorized applications like VPNs and elevation control, enabling specific local users to gain temporary administrator privileges when running designated applications.

ThreatLocker utilizes a cloud-based system where an agent is deployed on a server or workstation, either on-premise or in a cloud environment like Azure. This agent connects to the ThreatLocker cloud for management and security functionalities.

ThreatLocker simplifies the process for administrators to approve or deny requests. Built-in applications streamline approvals as ThreatLocker manages all associated rules. If a built-in application exists, administrators simply select and allow it. However, if a built-in application is not available, administrators can select from various parameters to create a customized rule. Overall, ThreatLocker provides a relatively easy and efficient approval process.

We use ThreatLocker's ringfencing feature to implement the principle of least privilege. This allows us to control applications like Microsoft Word and Chrome by permitting them to run while restricting potentially malicious actions, such as Word executing PowerShell scripts. This granular control enhances the security of our environment by limiting what applications can do.

ThreatLocker enhances security by verifying the trustworthiness of all access requests, regardless of origin. Its built-in checks ensure applications match their claimed identities, such as confirming that "Word" is indeed Microsoft Word. Additionally, ThreatLocker provides a testing environment to execute executables and scripts in a virtual machine, verifying their legitimacy. Finally, integration with VirusTotal allows for hash analysis, providing further validation. These combined checks offer a robust system for confirming the authenticity of user application requests.

We saw the benefits of ThreatLocker quickly, especially during security incidents. For example, we had a customer where ThreatLocker successfully blocked a threat actor's attempts to install malware and exfiltrate data using legitimate tools. This immediate visibility is crucial, particularly in environments like schools where students might use various unapproved Chrome extensions. ThreatLocker allows for swift action, like blocking ten different VPN extensions, preventing further unauthorized activity.

ThreatLocker has allowed us to consolidate applications by deciding which ones we permit, such as choosing between Firefox or Chrome, while not permitting Opera or Brave. This means we only focus on two browsers for patching and security purposes. It helped us to immediately identify and block unnecessary Chrome extensions in schools, like VPN extensions. We have experienced quick visibility into what students are trying to use and gained more control over our applications.

I find the application control valuable. ThreatLocker provides visibility into user activity and application usage, empowering organizations to define acceptable applications and web browsers. Additionally, elevation control eliminates the need for local administrators by streamlining privilege elevation for specific applications and updates, resolving the challenges customers previously faced with managing local admin rights.

A valuable addition to ThreatLocker would be a column in the audit page displaying a VirusTotal score for each file. This would allow for quick identification of potentially malicious files during allowlisting. Currently, ThreatLocker has a risk scoring system, but integrating VirusTotal results would provide more granular insight. This would enable users to efficiently assess the safety of audited files and prioritize those flagged by multiple antivirus engines for further investigation.

I have been using ThreatLocker for about two years.

The system is generally stable, with one exception during a customer demo where the portal froze and some applications failed to load.

ThreatLocker is scalable. We have customers with ten endpoints to thousands of endpoints. It scales well across different customer sizes and requirements.

ThreatLocker's customer support is exceptionally fast, typically connecting me with a representative within a minute of submitting a ticket and enabling a Zoom call within three to five minutes. While the support team demonstrates knowledge about ThreatLocker, they occasionally provide hasty answers without proper verification, leading to subsequent revisions.

Positive

The initial setup was easy and well-supported by ThreatLocker's documentation and training.

Most new onboardings require approximately 21 days of learning mode before transitioning to secure mode. Therefore, it typically takes about 21 days to a month for an environment to reach secure mode.

I am the one responsible for all the ThreatLocker deployments.

The implementation was completed in-house.

I handle the technical aspects, while my manager deals with pricing. Although the pricing seems good, there have been inconsistencies in contract negotiations. What we are told during calls sometimes differs from what is communicated later causing frustration.

We considered CyberFOX, but it prioritized elevation over allowlisting. ThreatLocker remains the only effective allowlisting tool we've found.

I would rate ThreatLocker nine out of ten.

The agent can be set to update automatically, which is the default setting. ThreatLocker handles the maintenance of the agents. Once in secure mode, the primary maintenance task is approving new application requests from users.

I primarily use it for protecting my clients.

I can sleep well at night. At the end of the day, it provides me with peace of mind.

It has helped to eliminate other security solutions. We do not need as many. We do not use many because we can trust the solution. We were using Sophos. That is completely gone. We are using Penetrates as well because it works very well with ThreatLocker.

It has been great at blocking access to unauthorized applications. It is almost perfect. We deal with developers who use a lot of tools. From a security standpoint, it is very important because we know what is going on. It gives us more visibility.

It has not reduced helpdesk tickets. It has probably increased them by blocking applications and doing its job, resulting in people raising more tickets to know why they cannot use certain things.

It has not freed up the IT team’s time for other projects or tasks, but it is doing its job. It is a good one.

The Zero Trust factor is valuable because it blocks everything. That helps us to stay ahead of bad actors. We do not have to be in recovery mode. 

It is light. It does not give that weird heaviness. It just works. 

So far, it has been great. The Cyber Hero support system is excellent. I have no complaints, but a little bit more Mac support would be great.

It is very easy, but having a dashboard so that we can visualize more might be helpful.

I have used the solution for about a year.

It is great. We have had no issues so far.

It seems great, but we are still growing. We will know in a year.

Cyber Hero's support is excellent, allowing me to talk to a live person, which is significant. It has been amazing.

Positive

We had a bad experience with Sophos. We have industrial printers that we use, and they would just lock in. There was no visibility. We did contact Sophos, but they did not have any solution. The manufacturer also did not have a solution. We just could not figure it out. It was hindering the production.

The initial setup was seamless and very easy. We use Datto RMM.

We implemented it ourselves.

We are still small. We are still growing, so we are not at the stage to know about the ROI or any reductions in the operational costs.

So far, it has been great. I have no complaints. Of course, everybody wishes it was cheaper.

It does what it is supposed to do. Just knowing that it works as intended is reassuring. There are a lot of other EDR software, but you do not know if they are doing their job. With ThreatLocker, I can tell that it works.

I would rate it a ten out of ten.

We're an IT service provider that acts as an IT department for companies that don't have one. We take over a company's IT infrastructure, look after, manage, and secure it. ThreatLocker is a part of our security stack. 

We've got multiple products and vendors that we use, and ThreatLocker is a tool we provide to clients who need it. We use it to control access, block specific programs or activities, and manage things like USBs and other devices. For example, if no one's allowed to use the USB device on the computer, we can do that with ThreatLocker.

ThreatLocker has freed up help desk staff for other projects by saving us time. We don't need to do workarounds to get things to work. It's effortless to deploy. We send out the software to the machines as we would any other piece of software, and it automatically sets up everything in the portal. It works most of the time without the need to configure anything manually.

Adopting ThreatLocker has helped us consolidate solutions. For example, we previously used another product for USB blocking, local administrator access, and things like that. Now, we have that functionality built into ThreatLocker. We can deploy different policies to machines to do other things. And I think there's a community where people can make policies for all the tools. Those solutions were separate paid products, so eliminating them reduced our operational costs. 

The most valuable feature is probably the ability to block programs from running. ThreatLocker has some built-in features that make it super easy. You can also contact their support within the program. If you're having issues, you can click on that button and connect with someone in five to 10 seconds. 

It's easy for administrators to manage requests through ThreatLocker. It's set up so we can get notifications in our ticketing system. Every notification ThreatLocker sends contains a link that we can click. We sign in, look at the options, and select the one we need to apply.

The process is straightforward from the end users' perspective. If they try to run something that they're not allowed to run, they get a popup saying that in plain English. There's a little button they can click to cancel it or request access. If they request access, they're asked why they want to run this and then they click send. That's all they need to do. They don't have to call anyone.

ThreatLocker's ring-fencing capabilities are excellent. I haven't seen any other products that do it. It's certainly not built into Windows. It's quite good, but it could be a bit more granular with the options that it gives you. However, the existing options are enough to cover 90 percent of scenarios.

The solution is effective for establishing trust for requests. For every request that comes in, it tells you who sent it and the reason why. It also gives you a breakdown of the application the user wants to run, and it'll tell you things like the company that published it. It also has links that will take you to a virus-scanning website that has scanned the file in the past, so we can see straight away if it's trustworthy or not.

The portal can be a little overwhelming at times from an administration point of view. It displays a lot of information, and it's all useful. However, sometimes there is too much on the screen to sift through, especially if you're trying to diagnose a client's problem with a piece of software. Maybe something has stopped working since they updated it, and we need to see if ThreatLocker is blocking a component of that software. 

We must look through the logs, and there's an awful lot of information to go through. It has many options to filter out that information, and it becomes much easier once you've had some training. Still, there is so much information on the screen. 

I have used ThreatLocker Protect for around two or three years.

Yeah. Never never noticed it. So Yeah.

I can imagine it's very scalable. Yeah. We've got it, like, clients many two people up to, like, fifty. So, yeah, it seems for it's got I think, obviously, you can go much much higher I

I rate ThreatLocker support 10 out of 10. They're quick and helpful. Whenever I've had a problem, they've fixed it for me. They have this Cyber Heroes feature, which is a button built into the solution that connects you to support within seconds. I've only used it a few times, but they have been spot-on every time. 

Positive

The deployment was straightforward, but we had a lot of hand-holding from the ThreatLocker team, and they did regular review meetings with us to ensure we're on track. We would do a Zoom meeting where a guy would go through it and do a lot of the work for us.

It doesn't take long to set ThreatLocker up for a client. It takes around 30 minutes to add the client to the portal, get the software, and deploy it to the machine. After that, we let it run in learning mode. It runs in the background for about a week. That part is automated, so we don't need to do anything. Once that's done, we probably spend an hour or so just looking through what it found and ensuring everything's all settled. After deployment, it doesn't require much maintenance aside from keeping everything up to date. 

I can't complain. Cheaper would always be nice, but I think it's reasonable compared to other software in the cybersecurity market.

I don't think there was anything else on the market that does all the same things as ThreatLocker. If there was, I was unaware of it. 

I rate ThreatLocker eight out of 10. Before implementing ThreatLocker, you should consult one of the company's support engineers. Don't try to do it by yourself because there's a lot of information there. They've got some excellent documentation, but I personally like to be shown how to do it. 

As a Managed Security Service Provider, we have numerous clients. We offer ThreatLocker's application whitelisting as a key component of our security stack, leveraging its capabilities as intended. For client-specific applications, we utilize learning mode to automatically whitelist them. Additionally, we employ global whitelisting for commonly used software such as QuickBooks, Sage, and other applications pre-configured by ThreatLocker. This proactive approach ensures seamless operation of essential enterprise applications.

For administrators, approving or denying requests is a straightforward process. They have three options available. The first is on-site with credentials. When a pop-up notification appears on the computer, an administrator can easily navigate through it, log in with their credentials, and approve the request. The second is a remote administrator. For administrators who work remotely and need to approve requests, an email will be sent to the ticketing queue. This notification allows them to access the tenant and approve the request from anywhere. The third is the mobile app. The top-level administrator and I can use a mobile app to approve requests on the fly, even while traveling. All three options are user-friendly and facilitate a smooth approval process.

The visibility is good. While it doesn't overwhelm users with information, ThreatLocker allows us to tailor the request message when approvals are needed. This means it's not just a generic notification. We can incorporate our branding and write a customized message containing relevant details. For example, in our case, the message would state, "Iowa Solutions is requesting this information." This approach helps avoid appearing malicious or unusual, promotes user comfort due to clear communication, and leverages name recognition to ensure users understand the request and its destination.

We use ringfencing when it's applicable. This can be a bit more challenging, particularly with certain global apps. Nevertheless, we utilize it to ensure that solutions without internet access requirements remain disconnected.

Our initial implementation of whitelisting applications did not seem to reduce the number of support tickets. It may have even generated slightly more. However, this was primarily an issue with the initial setup and the values have since returned to normal levels. The included Elevation module, however, has demonstrably reduced tickets, particularly once properly configured. While we are still experimenting with its optimal configuration, we are confident that it represents an internal process improvement rather than a product issue. The ThreatLocker solutions engineer we work with has guided us through this process. The product's ability to elevate already-approved applications directly addresses a significant source of tickets. We have streamlined operations and reduced support overhead by removing the need for end users to request administrator assistance for installing approved applications.

ThreatLocker has enabled us to effectively eliminate the risk of users introducing unauthorized applications into their environment. Occasionally, clients with on-premises IT teams or trusted individuals with administrative privileges might install software that they deem harmless. However, this software is often not part of the standard deployment or approved image, posing a potential security threat.

ThreatLocker serves as an additional layer of defense, ensuring that only authorized software is installed. For example, we have blocked and consolidated the installation of older Adobe versions, which may be vulnerable due to a lack of security updates. Similarly, when Adobe transitioned to a new licensing model, we prevented users from deploying older versions they might have had on hand, ensuring compliance and mitigating potential compatibility issues with the operating system or modern MSA-related items. One of the most common instances of unauthorized software installation involves printer drivers. Users may attempt to install specific drivers or software packages, which can introduce unwanted bloatware or adware. ThreatLocker effectively prevents this type of installation, ensuring a clean and secure environment. For example, if someone attempts to download Adobe Reader directly, the installer might attempt to bundle McAfee software. ThreatLocker efficiently blocks such bundled installations, preventing the introduction of unwanted adware.

We had already anticipated the benefits of ThreatLocker, and these benefits were subsequently confirmed in real-world scenarios. This prior knowledge solidified our understanding of the value it provides. We have a client who unfortunately fell victim to a compromised campaign that ThreatLocker would have prevented. This specific case serves as a compelling use case demonstrating the product's effectiveness. Notably, we were able to identify this value proposition quickly by reviewing the documentation and implementing ThreatLocker in our test environment. However, having a real-world example—where we can confidently state that ThreatLocker would have stopped the attack—further reinforces the product's potential value.

While it can be frustrating at times, we appreciate the low-level security provided by the application whitelist. Although incorrect implementation can lead to unintended blocking of desired applications, it serves as a crucial layer of defense against unauthorized activity. This whitelist effectively enforces established policies, ensuring minimal potential damage in the event of a malicious incursion.

This is our first time using whitelisting software in a production environment, so I can't speak from experience with other solutions. However, one of the main challenges we've encountered is that whitelisted applications can sometimes result in blocked requests, which disrupts workflows. If there's a way to mitigate these disruptions, it would significantly improve the end-user experience. While I don't have a specific solution in mind, I think ThreatLocker's current implementation is elegant. It allows users to customize what they see, submit a request, or simply exit without creating a ticket. This flexibility avoids forcing users to create tickets unnecessarily. While I think ThreatLocker is doing a good job overall, I believe the biggest pain point is the potential disruption to user workflows.

One area I see for improvement is in the visibility of support tickets within the ThreatLocker ticketing system. While my interactions with individual representatives and my solutions engineer have been excellent, communication through the ticketing system itself lacks transparency. Specifically, when an issue is escalated or marked as "being worked on," I'm not provided with any updates or information about the progress being made. This lack of visibility is frustrating, especially when dealing with complex issues that may take longer to resolve. While I understand that not every problem can be fixed in five seconds, I would like to see improved visibility in the ticketing system. This could be achieved by providing regular updates on the progress of tickets, particularly those that are older than three weeks. I appreciate the responsiveness and expertise of the individual support personnel I've interacted with, but enhanced visibility within the ticketing system would be a welcome improvement.

I have been using ThreatLocker Protect for two years.

One of the recent tickets we opened resulted in stability issues for a very small population of deployed agents less than 0.1 percent. While the scale of the issue is minor and it only emerged recently, with a previously perfect stability record, it does represent a blemish on the otherwise excellent track record. I wouldn't allow this short-term problem to overshadow their previously pristine performance.

I have not encountered any scalability issues.

The technical support team is incredibly fast and efficient. Their live chat feature connects us directly with a support engineer, not an automated system or auto attendant. This direct connection is fantastic and ensures a swift resolution to your issue.

The accuracy of their solutions for common problems is impeccable, consistently exceeding 99 percent. While I've encountered some uncommon issues that required escalation to the development team, this is not a reflection of support's competence. It simply indicates an underlying product issue, not a support-related one.

The team's tier-one support engineers are exceptional, and the solutions engineer assigned to our account is equally impressive. They are both invaluable assets to the support side of the operation.

My only critique concerns the visibility of tickets that aren't resolved immediately. However, every time I've interacted with a support representative, they've been professional and helpful.

Positive

We deployed the agents using our cloud-hosted RMM software, Ninja RMM. ThreatLocker provided us with a script to facilitate the deployment, making it incredibly easy. Management is also handled through the cloud portal, making the entire process cloud-exclusive and efficient for large-scale deployments.

I am involved in the initial deployment process for each newly onboarded client. The process is very straightforward, requiring only a few clicks and confirmation of the organization in the portal pop-up. Issues are extremely rare, and any encountered have been on our end during deployment, not with the product itself.

Deployment is typically a one-person job, especially for new clients. When we first launched the program, we had two people in the testing environment to ensure smooth execution. However, this included ThreatLocker integration, which required two additional key players: our account manager and solutions engineers. Therefore, the initial onboarding process involved two individuals, while subsequent client deployments required only one. This has proven sufficient to manage deployments without issues.

We used an integrator who is the solution engineer assigned to our account and has been very helpful to this day. His involvement extended far beyond the initial 90-day onboarding period, and he remains heavily involved in our ongoing integration efforts. His contributions have been a true boon to our project's success.

I believe ThreatLocker's pricing model is fair and flexible, allowing account managers to offer customized deals based on our specific needs. As a small company internally, we also appreciate the ability to scale our subscription easily to accommodate rapid growth periods, which are common for MSPs like ourselves. The tiered pricing structure based on devices is helpful, and the option to commit to specific modules in exchange for discounts is a valuable feature. Overall, I find their pricing fair and transparent, and I am impressed with their willingness to collaborate with us to achieve our goals.

I would rate ThreatLocker Protect a nine out of ten.

Building trust in ThreatLocker's protection relies on the visibility of application requests, demonstrating that the product is actively working. However, this approach may not always achieve the desired outcome. Unfortunately, end users can perceive the constant prompts as a burden, hindering their workflow. While it's crucial to ensure that unauthorized applications are not running, these interruptions can erode trust unless users fully understand the security rationale. Instead of fostering confidence, the prompts can feel like roadblocks, obstructing users' ability to perform their tasks.

Our workflow has generally stayed the same with ThreatLocker. We were not looking for a solution that would save us time. We were looking for a robust whitelisting application software.

End users may not always consider the potential consequences of their actions. As security advisors, it's our responsibility to educate them on safe online practices. Downloading files from unknown sources, clicking links in suspicious emails, and entering passwords carelessly are all risky behaviors. Our "Know Before" training program specifically addresses these vulnerabilities through interactive phishing simulations and social engineering exercises. While some users might find this mandatory training disruptive, it's crucial for building awareness and mitigating cybersecurity risks. Security professionals can't afford to remain passive. While a silent, background approach might be ideal, the reality is that active intervention is often necessary. The end user is dangerous and just like a guardian watching over a child crossing the street, ThreatLocker offers an extra layer of protection, preventing users from making critical mistakes.

Users need to be aware that this feature will bring security to the forefront for them. This visibility is not a negative aspect, but rather a positive one, as it increases user awareness. However, it's important to remember that sometimes even tech professionals and security analysts cannot anticipate how users will think or react. So, it's essential to avoid approaching the situation from a purely technical or analytical perspective, and instead strive for a balanced and grounded approach. Be mindful of the increased visibility and leverage ThreatLocker's exceptional support team. They have likely encountered any unique situations we might encounter and can guide us through the implementation process.

I primarily use the solution for access control. We have customers and even though there is an antivirus, sometimes users might open some unapproved files. This solution will flag them for approval or rejection.

The unified alerts are useful. You get all of your alerts and flags in one place. If you approve something, it will send an email. 

It's very easy for admins to approve or deny results.

The visibility is very good. The only downside is you need to be in the portal to see anything. I'm not sure if there is a way to actually know or approve everything off of the portal. 

ThreatLocker does offer ring-fencing, although I do not use it. 

The unified reports make everything go smoother. You can access requests and you can see, for example, if something is repeatedly approved or denied, it makes it faster to make a decision. It helps me trust decisions. 

It's pretty good at detecting programs and does not allow you to run them if necessary.

I'm not sure if I'm using it wrong; however, I find that I have to babysit it too much.

I've found that if a user opens a file from another location, it might trigger an approval process. The same is true if someone has the same file under a different name.

If anything, we get more tickets while using ThreatLocker. It doesn't help us reduce help desk tickets.

It's hard to manage multiple policies for multiple companies. It gets cumbersome.

I've only used the solution minimally. I've used it throughout the year.

I have not dealt with technical support. 

We tend to use Webroot and ThreatLocker, however, I'm working to get rid of ThreatLocker. Webroot is just an antivirus; ThreatLocker is more robust in that it's an antivirus and good at detecting programs and blocking them.

I wasn't involved in the deployment of the process. There isn't much maintenance, however, you are required to mainly look at logs all day. We'd prefer to be more hands-off.

We have witnessed an ROI as we don't get attacks or anything. The protection has pretty much been 100%. The issue is, however, that we have added overhead as there's more time needed to monitor the applications and deal with the tickets related to approvals. 

The pricing is good. 

I'm considering SentinelOne. I'm looking at reviews to see if they are worth it.

We're solution partners. 

I'd rate the solution seven out of ten. 

I'd advise new users to just make sure they have good policies in place. Otherwise, they'll find themselves babysitting the product all day long. 

We've seen a lot of malicious actors trying to get in and execute stuff and with ThreatLocker, we're able to catch them. We're able to see if it's an admin executing a program or not. If we don't know who's doing what, we're able to block it.

We use ThreatLocker Allowlisting to control inventory and manage software. We want to make sure that we know which software is being used on our client computers and that we are only allowing approved software to run. This is in line with the principle of least privilege, which ensures that users are only allowed to do the things they need to do and not the things they don't. This is especially important for shared-use computers and different environments where users on the same computer may have different access levels.

The visibility into software approval requests of end users is easy. We not only have approval requests pushed directly into the platform, but we also have a ticket opened in our ticketing system. As the manager, I can run reports to see what requests are coming in from client organizations and how my technicians are handling them. This makes my life easier from a managerial perspective.

The combination of ThreatLocker and Ringfencing is excellent for blocking unknown threats and attacks. For example, we can ensure that all software stays within its designated sandbox. This means that I can run the PowerShell scripts from our RMM software, but nothing else can run the PowerShell scripts. With Ringfencing, we can say, "Allow this to run, but not that," or "Allow this website to be accessed to download an installer, but don't allow other websites to be accessed." Other use cases for Ringfencing include selective elevation of a process. For example, if a user needs to run QuickBooks and is elevated to an administrator to do so, then all privileged processes will also be elevated. However, with Ringfencing, we can prevent QuickBooks from opening PowerShell or anything else that it is not supposed to open. This helps to keep us safe and prevents unknown threats from exploiting compromised privileged processes.

In line with the textbook definition of a zero-trust model, every request must be approved. This can create some tension with clients, so it is important to get their buy-in on the process. With ThreatLocker's learning mode, we can make the approval process invisible to clients for the most part. We manually select which requests to approve and which to deny. By the time we set ThreatLocker to enforce everything, we have a good baseline of what is allowed and what is not. We have also communicated everything to the clients and found procedural ways to reduce friction.

ThreatLocker Allowlisting can help to reduce helpdesk tickets. On the one hand, we do receive approval requests with some regularity. However, on the other hand, overall tickets are reduced because we no longer have everyone trying to install iTunes or wondering why they're getting pop-ups in their browser because they have three different browser add-ons for coupon clippers that are laced with malware. After all, with ThreatLocker, users are not allowed to install these programs, to begin with, which reduces the tickets we would get after they've been installed because they're unpublished installations that any standard user could complete. The net result is an overall reduction in tickets, although there are some tickets required to manage the approvals.

ThreatLocker Allowlisting has saved our helpdesk around a 15 percent reduction in overall tickets. With the average handle time for a ticket being 14 minutes, if I have 100 tickets in a month, each one will take 14 minutes, for a total of 1,400 minutes per month.

The most valuable feature is selective elevation, which allows elevating an individual process to admin privilege without granting admin privilege to that user, which has been by far the most useful feature outside of the overall solution itself.

Approving or denying requests using the software can be more difficult to do correctly. Overall, it is easy to use, but it is not the easiest in the world to get right. There are some nuances and things that we need to understand.

ThreatLocker Allowlisting needs to improve its user interface and overall workflow. The UI looks very dated and is challenging to navigate, and we spent more time training technicians on how to interact with ThreatLocker than on what to do with it. The user experience needs a lot of work, but their beta portal is solving a lot of that. If I had to pick any lingering difficulty, it would be the learning curve to grasp how ThreatLocker manages what is allowed and the details around that.

I have been using ThreatLocker Allowlisting for almost two years.

We experienced some delays with our cloud agent. For example, when we changed a policy, it would take five minutes for the agent to receive the change. Or, we would tell the agent to enter a specific mode, and it would take five minutes for the agent to comply. This caused some delays in our ability to deliver services. However, the cloud provider has eliminated this issue. We now typically wait no more than thirty seconds for the agent to respond to our requests. This was a problem when we first started using the cloud agent, but it hasn't been a problem for about six months now.

We have had no scalability issues whatsoever, even though our largest environment is only about 75 endpoints. We are not working at the same scale as much larger companies, but for our size, ThreatLocker has been perfectly scalable. Whether I am deploying to one person or ten people, the same script is pushed out by the RMM and everything loads up in ThreatLocker within a matter of minutes.

The technical support team at ThreatLocker is incredibly experienced and knowledgeable. I especially value two things about interacting with them. I never have to wait long for a response. As chief operating officer, if a problem reaches my desk, it means that everyone below me has already tried and failed to solve it, or they simply didn't want to get ThreatLocker support involved. Since I have the most experience in-house, I'm usually the one who engages with ThreatLocker support. When I do, I never have to wait long to speak to someone who knows what they're doing. I always get escalated to the right level technician, even if I'm initially connected with more junior tech. ThreatLocker doesn't waste time walking me through scripts, procedures, and processes. Instead, they escalate my issue to the right person immediately so that they can help me solve whatever creative problem we're facing.

Positive

We had some experience with Microsoft's AppLocker, but managing it required too much manual effort for our small team that required a dedicated full-time employee. ThreatLocker Allowlisting is much easier to manage.

The initial deployment was straightforward. ThreatLocker provided the script to use in our RMM software. To deploy the software, we made some tweaks to accommodate our environment. We were then able to push out the agent in an entirely automated fashion. We had three people involved on our end, but it could have been done by a single person. We divided responsibilities to bring the product to market faster.

The implementation was completed in-house with the support of the ThreatLocker team.

In addition to the overall time savings, there are also quantifiable costs associated with the number of malware attacks that have been stopped by ThreatLocker. I can think of at least four or five instances where an executable file was blocked by ThreatLocker before it could be detected by SentinelOne or any of the other security solutions on the machine. It is difficult to say definitively whether SentinelOne would have detected these files after execution, but I do know that ThreatLocker has helped to improve our productivity and our clients' productivity by preventing users from installing unauthorized software, such as iTunes on work computers or Spotify on protected machines. By limiting users to only approved software, ThreatLocker has also made our jobs easier as IT service providers, as we no longer have to spend time hunting down unauthorized software, uninstalling things, or remediating malware, bloatware, adware, etc. As a result, we are dealing with far fewer rogue browser extensions, which has led to a reduction in tickets and overall management overhead.

We realized the benefits of ThreatLocker Allowlisting after six months of use. This was because we needed to become familiar with the product, build our baselines, and understand how it worked. We also needed to establish routines, build workflows, train our technicians, and educate our clients on how to interact with the software. By the six-month mark, we began to see a return on investment, and it was fully realized by the one-year mark.

The price of ThreatLocker Allowlisting is reasonable in the market, but it is not fantastic. It is also much less expensive than some other products we use.

We considered Auto Elevate from Cyberfox and Microsoft's AppLocker, but managing Microsoft's AppLocker would have required too much manual effort for our small team which would require a dedicated full-time employee. ThreatLocker Allowlisting is much easier to manage. ThreatLocker Allowlisting is a more comprehensive solution, and we liked the way that ThreatLocker said they would support us better than the other companies. With the other companies, it was more of a traditional support model, but with ThreatLocker, we have an average wait time of 30 seconds on our support chat. In the year and a half, almost two years, that we've been with ThreatLocker, this has always been the case. We've never had to wait more than 30 minutes to get a live human being who is an expert on ThreatLocker. If they can't solve the problem, they'll escalate it to someone who can. Beyond that, they stand behind their product. Because it's such a complicated product, and we're a small company, this was all the difference to us. We knew that if we had problems, we would have their team to lean on for help, and they've stood behind their product.

I would rate ThreatLocker Allowlisting nine out of ten. ThreatLocker Allowlisting is not a perfect product, but they do a fantastic job of continuing to improve it and make it more approachable.

There are management and overhead costs, as well as maintenance costs associated with changing or updating the lists. There is also some limited maintenance required as programs and hashes change. Additionally, we need to make some updates to properly maintain the lists, consolidate policies, and so on.

Try ThreatLocker risk-free and work with their team. They can make their complex product more approachable so that users can see its benefits and capabilities.

We use the application for whitelisting, elevation, and ringfencing purposes.

The coolest part is that we do not need local admins anymore. It was a great switch to take away the local admin rights.

The benefits include a little bit more relaxation and peace of mind because we have control over what is going on.

ThreatLocker Zero Trust Endpoint Protection Platform has helped our organization save on operational costs, but I do not have the metrics.

ThreatLocker Zero Trust Endpoint Protection Platform is good at blocking access to unauthorized applications. It only allows running applications that are allowed. If there is anything new to the environment, it is not going to run.

ThreatLocker Zero Trust Endpoint Protection Platform has helped reduce help desk tickets.

ThreatLocker Zero Trust Endpoint Protection Platform has helped free up our IT team’s time for other projects or tasks.

The solution has made knowing and managing what is running on our clients' devices much easier for us. We know they cannot run what they are not supposed to run. We have peace of mind because we are aware of what is happening if anything new tries to come into the workstation. 

It is pretty easy to use. The UI is pretty straightforward, especially after the upgrade. I like it more than what it was previously. There is also a phone app. When a user sends a request, we can see it on our phones. It makes our work a bit easier.

From my point of view, logging could be improved. Logging should be easier. Sometimes, we have noticed that there is too much logging that can apply to different types of software.  

We have been using the solution since the end of 2021.

The customer service is amazing. I would rate it a ten out of ten.

Positive

We did not use a solution of this type before.

The platform is great. I would rate it an eight out of ten.

We use it over our 31 clients, and twelve hundred devices. We use it over all of our Windows workstations and Mac workstations to prevent unauthorized installs and downloads of applications.

Allow Listing is great. The biggest improvement has been knowing that something unauthorized isn't going to get installed on anyone’s machines. Even if somebody did manage to get into their systems, they wouldn't be able to do anything without us knowing about it.

Definitely, the allowed listing and the Zero Trust platform are the most useful aspects of the solution.

It is very easy for an administrator to approve and deny requests. So easy in fact that I have given it to a majority of our client's main point of contact, where they are able to approve them, whether it's via their mobile cell phone or logging into the portal on their computers.

The overall visibility into software approval requests of end users is very good. We can see everything that we need to see including the application path, the user that requested it, and the computer host name. When it's approved on the workstation endpoint, it pops up with a text box saying, “Hey, this has been approved. Click here to install your application.”

We allow listing with the ring-fencing. We do implement that when needed. For example, for Word and Excel, there's no need for those to talk out to PowerShell and command prompt, so we do have those ring-fenced where they cannot speak to that.

Their combination for blocking unknown threats on attacks is good. If it's not something we've previously approved, it does get locked every time. Sometimes it even gets in the way of our day-to-day, which is good. It's what we wanted it to do. It does its job a little too well.

It is great for establishing trust for every access request no matter where it comes from. Whether the user is an admin or not, they all still have to get their software approved. Once it has been approved, it makes it easy for everyone as they're able to install it on their own without approval again.

It helped reduce our organization's help desk tickets. We haven't had nearly as many clients submitting tickets, say, for example, McAfee installing when they're trying to install Adobe. We approve Adobe and we don't install the McAfee install. That will get in the way a lot, and we have seen a major reduction in tickets such as those.

Being able to not have to worry about what everyone's installing all the time has definitely improved our ability to focus our attention on other projects.

The new portal that they just released took care of a whole lot of improvements. 

There are some times when applications get submitted, and the hashes don't really line up. It would be excellent if there was a way for the hashes to point to a known application. The biggest example I have is probably web browser plug-ins. Those come up and they look very gross and don't give you very much information at all so you have to go to Google and look up what they are.

I've used the solution since February of 2022. It's been about a year and eight months. 

The stability is very good. I have not seen any outages.

It is deployed to every single endpoint that we currently manage Windows-wise and then a majority that we manage Mac-wise. We currently have 712 computers being monitored.

They continue to grow. They produce Mac releases, Windows updates, and patches. 

Technical support is great, they get to the requests before we can go through them. 

Positive

We did not previously use a different solution.

The initial setup was pretty straightforward to the point where the documentation was good enough that I could have a level one brand new green tech to handle it and be confident.

Deploying it through DATTO RMM is probably the biggest way we deploy and then we might have a manual agent deployment if necessary.

We utilized two people for the deployment. 

It does require maintenance. We'll do monthly check-ins with Threat Locker and an account manager to go over just to see what we can improve. 

The deployment was handled in-house. 

We have seen an ROI via the amount of hours we save not having to worry about looking at different applications getting installed. We also don't have to worry about clients getting ransomware attacks and things like that, so that has helped us a lot.

Pricing is a little high, however, you get what you pay for.

We did look at other solutions before choosing this solution. 

We have noted time to value. It's easier than ever to approve very quickly rather than having to talk with clients to see what they are trying to install. The virtual deployment allows you to see what's going on super quick. The onboarding was pretty extensive. It took us a solid six to eight months before seeing time to value. 

I'd rate the solution eight out of ten. 

I'd advise others that if they use the product they have lots of peace of mind and sleep better knowing your clients are better protected.