ThreatLocker will stifle any unknown/known threats
ThreatLocker has an audit feature, so you can see what ThreatLocker has "denied", so you can look to see if it is a good or bad file. Maybe a software was trying to do an update and it was denied since it wasn't whitelisted for automatic approval. For example, Microsoft path Tuesday's patches.
ThreatLocker has paid for itself already. There have been a few times when a user has opened an attachment that had malware in it. ThreatLocker stopped it from executing.
- Stop users from installing software
- Stopped malware in a file attachment
- Stopped any unknown software or update from executing
- You can give a user "elevate" mode for a one time software installation if necessary
- Push out ThreatLocker updates without having to reboot computer
Cons
- When running the Unified Audit, I like to use certain filters. I wish there as a way to save those filters, so I don't have to select them every time I do a Unified Audit.
- Stopping the executable from a file attachment, whether it was downloaded or opened from an attachment.
- Keep users from running/installing updates from an application. They can ask/request for the updates to be ranned, if necessary.
- The "blocked items" option from the ThreatLocker icon in the system tray. There are times when something is not working right. You can see if ThreatLocker is blocking something from the ThreatLocker icon in the system tray.
- I believe that ThreatLocker has prevented us from getting ransomware. I have it set up to block the use of any encryption tools.
- I know on multiple occasion, ThreatLocker has blocked malware from executing.
- It has kept users from installing Shareware software. I have a couple of users who like to use Shareware software.
- It keeps users honest to comply with our Corporate's cybersecurity policies.
- It keeps us compliant with software licensing.
WhiteCloud Security is too complicated to use and setup.
AppLocker and MalwareByte don't have hardly any features.
- To stop unknown/known malware from executing.
- To stop the download of any unauthorized software to your computer or server.
- To stop any unauthorized encrypting process.
- Don't allow software to execute from a network share.
- To explicitly disallow any encryption process to run.
- To explicitly disallow any type of disk wiper process to run.
- To setup Network Access Control.
- Scalability
- Ease of Use
- Third-party professional services
Afterward, if you still have questions or issues. You can email, call or using the Chat box in the admin's console.
You can also use the ThreatLocker University online training.
ThreatLocker does not leave you hanging.
- Understanding what "ringfencing" is and what it does.
- Online Training
- In-Person Training
Small program installation I would just copy over the local machine. But this software was like gigabytes. We were able to tell ThreatLocker that only the admin user could install this program from a certain network share path.
It made an admin's life a whole lot easier.
- To whitelist an application.
- To allow 'denied' updates to run.
- To use the "Unified Audit".
- To push ThreatLocker updates out to all computers and servers.
- To put a computer into "Installation" mode.
- To install a prebuild application rule.
- Working with Network Access Control, as that is not my area of expertise.
- ThreatLocker is always enhancing or adding new features or fixing any bugs.
- They take user's suggestion and feedback. Then implement them. I asked for a certain report and they added it to the reports list.
- ThreatLocker is always trying to find ways to improve processing speed.
- I am hoping they decrease the agent footprint size. I noticed that the executable has increased in size.