1. Home
  2. Endpoint Security Software
  3. ThreatLocker Reviews
  4. User Review of ThreatLocker
ThreatLocker will stifle any unknown/known threats
April 11, 2023

ThreatLocker will stifle any unknown/known threats

Randy Duly | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with ThreatLocker

This is a deny all process until approval is given (whitelisting) process. It has many nice features for approving software to allow it to execute. ThreatLocker has a "learning" mode, "installation" mode, and "elevation" mode. Users can request access to download new software. Admin can either approve or deny it. If denied, they can send a reason why it was denied.

ThreatLocker has an audit feature, so you can see what ThreatLocker has "denied", so you can look to see if it is a good or bad file. Maybe a software was trying to do an update and it was denied since it wasn't whitelisted for automatic approval. For example, Microsoft path Tuesday's patches.

ThreatLocker has paid for itself already. There have been a few times when a user has opened an attachment that had malware in it. ThreatLocker stopped it from executing.
  • Stop users from installing software
  • Stopped malware in a file attachment
  • Stopped any unknown software or update from executing
  • You can give a user "elevate" mode for a one time software installation if necessary
  • Push out ThreatLocker updates without having to reboot computer
  • When running the Unified Audit, I like to use certain filters. I wish there as a way to save those filters, so I don't have to select them every time I do a Unified Audit.
  • Stopping the executable from a file attachment, whether it was downloaded or opened from an attachment.
  • Keep users from running/installing updates from an application. They can ask/request for the updates to be ranned, if necessary.
  • The "blocked items" option from the ThreatLocker icon in the system tray. There are times when something is not working right. You can see if ThreatLocker is blocking something from the ThreatLocker icon in the system tray.
  • I believe that ThreatLocker has prevented us from getting ransomware. I have it set up to block the use of any encryption tools.
  • I know on multiple occasion, ThreatLocker has blocked malware from executing.
  • It has kept users from installing Shareware software. I have a couple of users who like to use Shareware software.
  • It keeps users honest to comply with our Corporate's cybersecurity policies.
  • It keeps us compliant with software licensing.
I have tried WhiteCloud Security, Microsoft Application Whitelisting (AppLocker), and MalwareByte.

WhiteCloud Security is too complicated to use and setup.

AppLocker and MalwareByte don't have hardly any features.

Do you think ThreatLocker delivers good value for the price?

Yes

Are you happy with ThreatLocker's feature set?

Yes

Did ThreatLocker live up to sales and marketing promises?

Yes

Did implementation of ThreatLocker go as expected?

Yes

Would you buy ThreatLocker again?

Yes

I have tested two of software besides ThreatLocker. ThreatLocker by far, was the easiest of the 3 to work with and setup. One of the companies' software was too complicated to run and setup. The other one lacked a lot of the features that ThreatLocker had.

ThreatLocker came with many prebuilt template for common software and utilities, like Office365, putty, Firefox, Google, etc. It came with a bunch of prebuilt blocking/ringfencing rules for utilities like powershell, hyper-v psexec, and many others. This saves setup time.

Unfortunately, ThreatLocker will let you download something from the MS Store, sometime it will let you execute and sometimes it won't. I would like to see this to be able to block the download from MS Store until ThreatLocker approves the download.

ThreatLocker Feature Ratings

Endpoint Security
9.3
Anti-Exploit Technology
10
Endpoint Detection and Response (EDR)
10
Centralized Management
10
Hybrid Deployment Support
Not Rated
Infection Remediation
8
Vulnerability Management
8
Malware Detection
10

Using ThreatLocker

37 - We are a manufacturing facility. We have management, office, and factory employees with ThreatLocker installed on their computers. We also have ThreatLocker installed on all of our servers.
1 - I am an I.T. Support Specialist. You need an understanding of how networks and computers work. Understand what software are on each computer and how are they used. Understand when do they typically update. You need to know how software interacts with the operating system, network, Internet, and other software like powershell.
  • To stop unknown/known malware from executing.
  • To stop the download of any unauthorized software to your computer or server.
  • To stop any unauthorized encrypting process.
  • Don't allow software to execute from a network share.
  • To explicitly disallow any encryption process to run.
  • To explicitly disallow any type of disk wiper process to run.
  • To setup Network Access Control.
ThreaLocker has done its job and has prevented malware from executing. It has stopped an encryption process once already. It has kept a user from going to a bad website. He tried twice and was wondering why he was getting an error message from ThreatLocker and ESET both.

Evaluating ThreatLocker and Competitors

  • Scalability
  • Ease of Use
I was more interested in the features that it had. Also, it ease of use and ability to setup quickly. Other software I tested either were too complicated to setup or were not feature-rich.
I wouldn't. I think I did a fair job of evaluating the software. There wasn't much to choose from 4 years.

ThreatLocker Implementation

ThreatLocker is a family ran business. The owners, co-founders work with you to ensure you are up and running as quickly as possible. They went to ensure your success with ThreatLocker.
  • Third-party professional services
ThreatLocker has all new users go through several Zoom calls with them to show you how the software works and help you set up some applications rules and to push ThreatLocker out to all the computers and servers. They will work with you till you feel comfortable using it.

Afterward, if you still have questions or issues. You can email, call or using the Chat box in the admin's console.

You can also use the ThreatLocker University online training.

ThreatLocker does not leave you hanging.
Yes - During each Zoom meeting, they would show you something new and have you do the steps. The training was not an overload. They didn't throw everything at you at once.
  • Understanding what "ringfencing" is and what it does.

ThreatLocker Training

  • Online Training
  • In-Person Training
The owners and co-founders work with you through Zoom Meetings. They walk you through how to use and setup ThreatLocker. They also have webinars.

You also can go through ThreatLocker University online training.
Using ThreatLocker University online training is very easy and informative. You take online tests to see how well you learned the material. It is great!

ThreatLocker Support

You can email, call or do online chat with tech support. I love their online chat. They are quick and friendly. Also, if you need to show them something, you can give the chat technician permission from your Chat box to allow the tech access to your computer.

They also can pull out your admin console on their side. They can look at your "Unified Audit" log and see the same thing that you can.

They have a good KnowledgeBase that you can look for answers.

They have what is called "ThreatLocker University" where you can go through tutorials and take tests.
ProsCons
Quick Resolution
Good followup
Knowledgeable team
Problems get solved
Kept well informed
No escalation required
Immediate help available
Support understands my problem
Support cares about my success
Quick Initial Response
None
There is no premium support. Everybody gets the same support.
Yes, normally ThreatLocker blocks the execution of software from running from a network share drive. I have one installation software that is huge and have multiple programs to install depending on whether the user needed any add-on programs.

Small program installation I would just copy over the local machine. But this software was like gigabytes. We were able to tell ThreatLocker that only the admin user could install this program from a certain network share path.

It made an admin's life a whole lot easier.

Using ThreatLocker

ThreatLocker ease of use allows me to get the answers I need to any threats or denied action that ThreatLocker took. The "Unified Audit" is a great tool to show what is happening/executing on a user's computer or on a server. Unified Audit will allow to look at what steps a programs takes when it executes. It will show you if it calls on Powershell or what DLL's it is executing and many other things.
ProsCons
Like to use
Easy to use
Technical support not required
Well integrated
Consistent
Quick to learn
Convenient
Feel confident using
Unnecessarily complex
Lots to learn
  • To whitelist an application.
  • To allow 'denied' updates to run.
  • To use the "Unified Audit".
  • To push ThreatLocker updates out to all computers and servers.
  • To put a computer into "Installation" mode.
  • To install a prebuild application rule.
  • Working with Network Access Control, as that is not my area of expertise.
Yes - The mobile interface works very well. I don't use it a whole lot. Occasionally when I am out of the office and someone has an urgent need. I get in and take care of it from my cellphone.

ThreatLocker Reliability

ThreatLocker is very easy to add new ThreatLocker agents on computers and servers. It is very easy to do. You can install an agent on a computer or server in about 2 minutes or less.
There is rarely ever an outage. I have seen slowness in ThreatLocker service. But that is very rare too!
ThreatLocker is always available. The admin's console loads very fast and report runs almost instantly. It does not interfere with operating system.

Integrating ThreatLocker

None. Have not integrated with anything yet.

Relationship with ThreatLocker

Easy. You just deal with ThreatLocker and no third parties. They did a great demo on the user of ThreatLocker and its features.
Very easy. You had Zoom Meetings and Webinars to get you up and running as quickly as possible.
Price was very competitive.
Just work, ask questions, they are very willing to work with you and answer any questions that you may have. They want to see you succeed in using their software.

Upgrading ThreatLocker

Yes - It is so easy to upgrade to a new release. It is simple as a couple of mouse clicks and the latest release is pushed out to all computers and servers. Or with a couple of mouse clicks you can upgrade just one computer or server.
  • ThreatLocker is always enhancing or adding new features or fixing any bugs.
  • They take user's suggestion and feedback. Then implement them. I asked for a certain report and they added it to the reports list.
  • ThreatLocker is always trying to find ways to improve processing speed.
  • I am hoping they decrease the agent footprint size. I noticed that the executable has increased in size.