ThreatLocker would benefit from incorporating an antivirus feature or comprehensive 24-hour log monitoring, a valuable enhancement for both business and enterprise-level users.
Cybersecurity Engineer at a tech services company with 51-200 employees
Real User
Top 10
2024-10-16T19:47:00Z
Oct 16, 2024
A valuable addition to ThreatLocker would be a column in the audit page displaying a VirusTotal score for each file. This would allow for quick identification of potentially malicious files during allowlisting. Currently, ThreatLocker has a risk scoring system, but integrating VirusTotal results would provide more granular insight. This would enable users to efficiently assess the safety of audited files and prioritize those flagged by multiple antivirus engines for further investigation.
It would be beneficial to have a tighter integration into PSA systems so that approvals can be done directly without having to leave the PSA. Additionally, having their Cyber Hero support available during non-working hours could improve service for clients. They have a managed version of allowlisting with Cyber Hero so that their Cyber Heroes can approve things. It would be nice if I could implement that during the hours we are not working so that clients who work during our night would have a better experience and do not have to wait till morning to get their applications approved.
Infrastructure Manager at a consultancy with 11-50 employees
Real User
Top 20
2024-04-18T13:12:00Z
Apr 18, 2024
I'm not sure if I'm using it wrong; however, I find that I have to babysit it too much. I've found that if a user opens a file from another location, it might trigger an approval process. The same is true if someone has the same file under a different name. If anything, we get more tickets while using ThreatLocker. It doesn't help us reduce help desk tickets. It's hard to manage multiple policies for multiple companies. It gets cumbersome.
Cybersecurity Administrator at a tech services company with 1-10 employees
Reseller
Top 10
2023-12-14T15:44:00Z
Dec 14, 2023
The current process for viewing software approval requests from end users has room for improvement. While it's generally functional, some users find it confusing. This can be due to either unfamiliarity with the process, unexpected appearance of the request window, or lack of clear instructions. Additionally, the notification box might not be sufficiently noticeable, as some users have reported missing it entirely. Adding applications to the allowlist can sometimes feel overwhelming. The numerous fields, coupled with navigating the unfamiliar portal, can be daunting, especially on our first attempt. Even with explanations, recalling the necessary information and understanding the required actions for file inclusion can be tricky. I believe the initial learning curve for allowlisting is relatively steep. However, once mastered, it proves to be a valuable tool. My main concern lies with the initial learning hurdle.
The portal can be a little overwhelming at times from an administration point of view. It displays a lot of information, and it's all useful. However, sometimes there is too much on the screen to sift through, especially if you're trying to diagnose a client's problem with a piece of software. Maybe something has stopped working since they updated it, and we need to see if ThreatLocker is blocking a component of that software. We must look through the logs, and there's an awful lot of information to go through. It has many options to filter out that information, and it becomes much easier once you've had some training. Still, there is so much information on the screen.
Founder, Vice President, Chief Security Officer at Aurora InfoTech
Real User
Top 10
2023-11-28T17:19:00Z
Nov 28, 2023
From a reporting perspective, enhancing the ability to customize reports would be beneficial. This could include the option to export reports to a Word document for further tailoring, allowing users to add their own executive summaries and additional content.
The reporting could be improved. They're already working on some things with that. That said, as far as its functionality, its stability, and my trust level in it, I honestly don't know how it could get better.
The new portal that they just released took care of a whole lot of improvements. There are some times when applications get submitted, and the hashes don't really line up. It would be excellent if there was a way for the hashes to point to a known application. The biggest example I have is probably web browser plug-ins. Those come up and they look very gross and don't give you very much information at all so you have to go to Google and look up what they are.
Help Desk Coordinator at a aerospace/defense firm with 201-500 employees
Real User
Top 20
2023-03-17T19:16:00Z
Mar 17, 2023
You need to have ThreatLocker agent software on every client or every computer that you want to be protected by the ThreatLocker Allowlisting application. If you have a thousand computers with ThreatLocker agents on them, when you approve or create a new policy saying that Adobe Reader that matches this hashtag and meets certain criteria is allowed to be installed, it applies at the top level or the organization level. It applies to every computer in the company. When you make that new policy and push it out and it goes out and updates all of the clients. Unfortunately, at this time, it does not look like they stagger the push-out. If your company only has a 100-megabytes internet line and you send out that update of 1 megabyte to a thousand computers, because it's sending that out to a thousand at the same time, you're using up a thousand megabytes right there. So, you could saturate your network. We have suggested they stagger it. If the system sees that there are a thousand computers, it should just try to send out to a hundred, and after that's completed, send out to the next hundred. That way, it's not saturating your network. Other than that, feature-wise, it's a great solid product. I have not come up with anything that they should do. Even when I thought I had an issue, they showed me that I have to look here to adjust that setting. For example, when you first join a computer, it automatically puts that computer in learning mode. You can set the time for how long it automatically stays in the mode. I believe the default setting was a month or something like that, and we thought that was too long. Their cyber heroes helped me find the area to adjust that. They already had the solution for that. I just wasn't aware of it.
ThreatLocker could offer more flexible training, like online or offline classes after hours. The fact that they even provide weekly training makes it seem silly to suggest, but some people can't do it during the day, so they want to train after work. They could also start a podcast about issues they see frequently and what requires attention. A podcast would be helpful to keep us all apprised about what's going on and/or offline training for those people who can't train during the week.
ThreatLocker Protect offers zero-trust security, application whitelisting, and software control across endpoints. It blocks unauthorized software, manages application installations, and prevents malicious activity for enhanced cybersecurity.
ThreatLocker Protect enhances security by blocking unauthorized software and managing application installation across endpoints. Admins receive alerts for attempts to run unapproved applications, ensuring secure environments. Utilized by MSPs, MSSPs,...
ThreatLocker would benefit from incorporating an antivirus feature or comprehensive 24-hour log monitoring, a valuable enhancement for both business and enterprise-level users.
A valuable addition to ThreatLocker would be a column in the audit page displaying a VirusTotal score for each file. This would allow for quick identification of potentially malicious files during allowlisting. Currently, ThreatLocker has a risk scoring system, but integrating VirusTotal results would provide more granular insight. This would enable users to efficiently assess the safety of audited files and prioritize those flagged by multiple antivirus engines for further investigation.
It would be beneficial to have a tighter integration into PSA systems so that approvals can be done directly without having to leave the PSA. Additionally, having their Cyber Hero support available during non-working hours could improve service for clients. They have a managed version of allowlisting with Cyber Hero so that their Cyber Heroes can approve things. It would be nice if I could implement that during the hours we are not working so that clients who work during our night would have a better experience and do not have to wait till morning to get their applications approved.
I'm not sure if I'm using it wrong; however, I find that I have to babysit it too much. I've found that if a user opens a file from another location, it might trigger an approval process. The same is true if someone has the same file under a different name. If anything, we get more tickets while using ThreatLocker. It doesn't help us reduce help desk tickets. It's hard to manage multiple policies for multiple companies. It gets cumbersome.
The snapshots used in the ThreatLocker University portal are outdated snippets and have not been updated in conjunction with the portal itself.
The current process for viewing software approval requests from end users has room for improvement. While it's generally functional, some users find it confusing. This can be due to either unfamiliarity with the process, unexpected appearance of the request window, or lack of clear instructions. Additionally, the notification box might not be sufficiently noticeable, as some users have reported missing it entirely. Adding applications to the allowlist can sometimes feel overwhelming. The numerous fields, coupled with navigating the unfamiliar portal, can be daunting, especially on our first attempt. Even with explanations, recalling the necessary information and understanding the required actions for file inclusion can be tricky. I believe the initial learning curve for allowlisting is relatively steep. However, once mastered, it proves to be a valuable tool. My main concern lies with the initial learning hurdle.
The portal can be a little overwhelming at times from an administration point of view. It displays a lot of information, and it's all useful. However, sometimes there is too much on the screen to sift through, especially if you're trying to diagnose a client's problem with a piece of software. Maybe something has stopped working since they updated it, and we need to see if ThreatLocker is blocking a component of that software. We must look through the logs, and there's an awful lot of information to go through. It has many options to filter out that information, and it becomes much easier once you've had some training. Still, there is so much information on the screen.
From a reporting perspective, enhancing the ability to customize reports would be beneficial. This could include the option to export reports to a Word document for further tailoring, allowing users to add their own executive summaries and additional content.
The reporting could be improved. They're already working on some things with that. That said, as far as its functionality, its stability, and my trust level in it, I honestly don't know how it could get better.
The new portal that they just released took care of a whole lot of improvements. There are some times when applications get submitted, and the hashes don't really line up. It would be excellent if there was a way for the hashes to point to a known application. The biggest example I have is probably web browser plug-ins. Those come up and they look very gross and don't give you very much information at all so you have to go to Google and look up what they are.
More visibility in the built-ins would be nice. The learning curve is wide because there are a lot of things to learn.
You need to have ThreatLocker agent software on every client or every computer that you want to be protected by the ThreatLocker Allowlisting application. If you have a thousand computers with ThreatLocker agents on them, when you approve or create a new policy saying that Adobe Reader that matches this hashtag and meets certain criteria is allowed to be installed, it applies at the top level or the organization level. It applies to every computer in the company. When you make that new policy and push it out and it goes out and updates all of the clients. Unfortunately, at this time, it does not look like they stagger the push-out. If your company only has a 100-megabytes internet line and you send out that update of 1 megabyte to a thousand computers, because it's sending that out to a thousand at the same time, you're using up a thousand megabytes right there. So, you could saturate your network. We have suggested they stagger it. If the system sees that there are a thousand computers, it should just try to send out to a hundred, and after that's completed, send out to the next hundred. That way, it's not saturating your network. Other than that, feature-wise, it's a great solid product. I have not come up with anything that they should do. Even when I thought I had an issue, they showed me that I have to look here to adjust that setting. For example, when you first join a computer, it automatically puts that computer in learning mode. You can set the time for how long it automatically stays in the mode. I believe the default setting was a month or something like that, and we thought that was too long. Their cyber heroes helped me find the area to adjust that. They already had the solution for that. I just wasn't aware of it.
ThreatLocker could offer more flexible training, like online or offline classes after hours. The fact that they even provide weekly training makes it seem silly to suggest, but some people can't do it during the day, so they want to train after work. They could also start a podcast about issues they see frequently and what requires attention. A podcast would be helpful to keep us all apprised about what's going on and/or offline training for those people who can't train during the week.