ThreatLocker Zero Trust Platform Reviews

It's for Application Control and Elevation requests, so just locking down computers.

The application allowlisting feature of ThreatLocker Zero Trust Endpoint Protection Platform has been the most valuable to us, so Application Control.

The application allowlisting feature prevents random software from running. If a user clicks a link or downloads something malicious or potentially an unwanted program that could give away sensitive information or is inappropriate for them to have on their computer, it just prevents it from even running in the first place.

The Ringfencing feature of ThreatLocker Zero Trust Endpoint Protection Platform stops applications from being able to open up other applications and do things beyond what they were controlled to do. A great example is with PowerShell scripts or web browsers opening up a command prompt or something. It stops all of that.

We do use the Elevation Control feature of ThreatLocker Zero Trust Endpoint Protection Platform. That allows us to create a policy. If we know that a user needs to be able to install a program themselves or update a program themselves, we can give them the rights to do that without having to get a hold of IT. The Elevation Control, even for a brand new user on a brand new computer, if they have the policy, they can install it without having to contact IT as well. Then we can get rid of local admin, even on the IT side, so we are not running around as local admins ourselves.

The Just-in-Time administrative access feature of ThreatLocker Zero Trust Endpoint Protection Platform is a great way to have it work. It only works for running the application it has been approved for, and it just gives them the permission to run it with those elevated permissions. Then there's a built-in expiration, so either the user has to request it again or rerun the program. They don't just keep the admin rights.

Now that we've been learning a lot more about what all the other modules of ThreatLocker Zero Trust Endpoint Protection Platform can do, the modules we don't have right now could be eliminated and help us consolidate costs and tooling. So we are considering it, but we're in the middle of contracts, we just got it, and we're just getting used to it. So we're not at that stage yet.

The allowlisting feature of ThreatLocker Zero Trust Endpoint Protection Platform is really good. It's very, very strict. So in some ways, it can be frustrating because you have to explicitly allow each individual thing. Some applications are actually five applications in one, so each little component you have to allow. There has been some friction with the end-users and ourselves just trying to use our computers. But that level of control and granularity really increases my confidence that this is keeping us safe.

I've been using ThreatLocker Zero Trust Endpoint Protection Platform for about six months.

ThreatLocker Zero Trust Endpoint Protection Platform has been really stable. I haven't noticed any issues.

ThreatLocker Zero Trust Endpoint Protection Platform scales pretty well with the growing needs of my company. We rolled it out division by division, group by group, so it was pretty smooth on that end.

ThreatLocker Zero Trust Endpoint Protection Platform's customer service and technical support has been pretty solid.

It is the first solution of this kind that I'm using.

I'm not in purchasing or managing contracts. From the setup side, ThreatLocker Zero Trust Endpoint Protection Platform rolled out pretty smooth, as smooth as blocking people from running a bunch of applications can go. You get a lot of users complaining that things aren't working, but it turns out they were just using some weird browsers or apps they maybe shouldn't have been. So I don't have too much sympathy for those complaints, but there was a flood of tickets for support, and it was hands-on. But I would say ThreatLocker themselves, onboarding us, were very hands-on.

There have been tons of meetings, and they still meet with us regularly.

We do not use the Network Control feature of ThreatLocker Zero Trust Endpoint Protection Platform. We don't have that.

We have not used the Storage Control feature of ThreatLocker Zero Trust Endpoint Protection Platform. It's not a module we have.

We have peeked into the DAC dashboard. We have the Configuration Manager, but we have not fully deployed all of that. I get a monthly and weekly report on configurations, but we haven't deep-dived into it and started cleaning up some of that.

The only thing we do with Web Control is the browser add-ons. We are not using ThreatLocker Zero Trust Endpoint Protection Platform to filter web traffic.

I would like a feature in the next release of ThreatLocker Zero Trust Endpoint Protection Platform, but I don't know because of a lot of the modules we don't have. So maybe what I'm asking for is a module we would just need to add.

If we were going to consolidate tools, we would want to get ThreatLocker Detect, and then we would need the Network Control so you could lock down the network. If you detect a virus or something malicious actually happening on the computer, you can lock it down just using ThreatLocker. But we don't have that. We're not set up to do that yet. We have other things that do that at this time. So we're not necessarily missing that feature, but if I was going to consolidate, I would want to make sure ThreatLocker Zero Trust Endpoint Protection Platform could do that.

I would give ThreatLocker Zero Trust Endpoint Protection Platform a rating of nine out of ten. I would consider, from the start, figuring out how much you want ThreatLocker Zero Trust Endpoint Protection Platform to do for you because I think it could really take over a lot of security functionality in our company. But between renewals and contract length terms when we picked up ThreatLocker Zero Trust Endpoint Protection Platform, it kind of fell in between all of that, and we could have maybe really optimized our costs and deployment. But also, there is something to be said because of how complicated it is, how much it can do, and how much there is to master about it. Doing a more limited Application Control, Ringfencing, Elevation Control, and then slowly expanding as you learn and become more comfortable with it, there is some value to be said there.

My use case for ThreatLocker Zero Trust Endpoint Protection Platform involves monitoring about 2,000 endpoints as an MSP, using it as the default deny on the workstations to prevent malicious applications from being downloaded and run.

My favorite features about ThreatLocker Zero Trust Endpoint Protection Platform are that it gives us so much specific control, especially in application policy creation. The ability to make policies for just a single user, a single computer, a work group, or however wide or narrow I want it to be allows me to narrow in on precisely what I need.

ThreatLocker Zero Trust Endpoint Protection Platform benefits my company by allowing us to be preventative instead of being retroactive or reactive. Instead of having thousands of untrained or minimally trained users downloading and running whatever they come across, things that are already allowed go through, and things that need to be vetted can be looked at before they get run.

To improve ThreatLocker Zero Trust Endpoint Protection Platform, I think the biggest addition would be to ThreatLocker University. Training has been our biggest hurdle, and getting people on board or having active integration with modules that maybe we don't have access to would help. We don't use the web control or the network control, but having a sandbox to get an idea of what they could do for us would not only potentially lead us to purchasing more of the suite, but it would make us more confident in our ability to train those using it.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform for about six months.

I have experienced no downtime, crashes, or performance issues with ThreatLocker Zero Trust Endpoint Protection Platform. It has always been operational, with no issues with maintenance or anything of that nature. It has always been available to us.

ThreatLocker Zero Trust Endpoint Protection Platform scales very well with the growing needs of my company. We have been expanding usage, and it has been very easy. As an MSP, our child organizations are increasing constantly, and onboarding or offboarding has been very easy to get new devices and endpoints into the fold.

I evaluate the customer service and technical support as very helpful. The Cyber Hero and the support online have been great. I have not used it very much personally, but people that I work with have had need for it. Whenever they have a question, by the time I get there, Cyber Hero is already chatting with them and helping them through their issue.

Positive

Prior to adopting ThreatLocker Zero Trust Endpoint Protection Platform, we were overlapping in our use of Huntress. It was not exactly the same thing, but it was in a similar vein. We use that now more for just training purposes rather than monitoring or getting ahead of potential threats.

I purchase ThreatLocker Zero Trust Endpoint Protection Platform directly from ThreatLocker.

My impression of the solution's allowlisting feature is that it is a powerful tool, but it requires either considerable practice or training to get it right because you can set it up so specifically, and it is then also susceptible to making a mistake, having to re-allow something on a different person's computer when I really wanted it on everybody's. This comes down to training and experience, and it has its pitfalls, but it has been positive.

I have used the ringfencing feature with ThreatLocker Zero Trust Endpoint Protection Platform. I assess the impact of the ringfencing feature on controlling the behavior of approved applications as very positive. We had a specific user who had to run software through a storage device, and we were able to use the ringfencing feature to allow that specific storage to run that specific program and interact with nothing else. It was an older program that had to be from a CD, so we were able to use the ringfencing to allow it through instead of having to approve it every time it came in.

Regarding the storage control feature when it comes to enforcing policy-driven access across various storage devices, we have found it to be very positive. We only have the restrictions for specific customers, so much of it is just the default deny to read and write off of the admin or the C shares. When it is enforced, we have seen it make protections against people who obtained something they should not have and possibly something personal, tried to connect it, and it disallows them from being able to run that.

It is very easy to identify which security and configuration settings need fixing using the DAC Dashboard. The DAC Dashboard shows what is out of date or what is misaligned, and it gives you the specific ones that need changing, so I am not going through looking for it manually. It does a good job of gathering what it already can find, and then I can make the adjustments if I see fit.

I rate this solution an 8 overall.

We have been using the solution for about five years now. We started shortly after our company was acquired by an ISP that was looking for a managed services provider solution. I was looking at our stack and deciding which one would answer the pressing questions, which usually involved cyber insurance questions, such as if we have application whitelisting. I happened to call ThreatLocker and fell in love with the offerings. At the time, it had application control, ringfencing, and elevation. They have, of course, advanced their platform a lot since then.

The biggest benefit is application whitelisting. We have customers who have a set of products that they expect their users to use, and we have the ability to enforce that policy by restricting them from adding additional software on their own. It helps reduce the risk of the shadow IT type of solutions being brought in by users who think they know better or do not realize the risks.

In the beginning, it was almost an augmentation to antivirus, but now, antivirus is almost an augmentation to Zero Trust. If the applications do not run, the antivirus does not have to block them, so the antivirus is almost the second layer. With the layered protection approach, it is one of our key layers at the endpoint to keep the endpoint from running ransomware or unknown software packages.

A number of times, we have had customers who did not see the need for it until the first time we called them and said, "Hey, did you realize so-and-so wants to run this application?" and they went, "Why would they be doing that?" The ability for us to let the end-users or customers know the things going on in their environment and to stop attacks dead in their tracks has been great. We have seen it multiple times where a bad actor would have gotten a whole lot further along if they had been able to run the software they wanted to. ThreatLocker stopped that.

It is not hard to use, but it also depends on the customer base that you are working with. It can be a challenge to educate the end user and the customer with regard to why this is the right answer. A lot of times, if you have customers who have older applications, custom-written applications, and things like that, dealing with updates and dealing with changes can be time-consuming. It is not hard. None of it is particularly difficult, but it can be a bit of a draw on time.

We have been able to do consolidation primarily in the antivirus realm. Because of the fact that the applications are never allowed to run, we have been able to reduce some of our costs by not having to go to top-line AVs. We can go to Windows Defender, which is a good antivirus, but it is not centrally-managed SentinelOne or something like that. We have been able to see some big advantages in cutting back. Some of the other tools do not have to carry the heavy load. ThreatLocker carries a heavier load of protection.

I do not know if it has helped our organization save on operational costs or expenses. It has to be manned by people. We are not using the functionality where ThreatLocker Cyber Heroes respond to the tickets. Instead of hiring two people, if we let ThreatLocker manage that, we would see some definite advantages cost-wise.

It is priceless in its ability to block access to unauthorized applications. We have had everything from attacks on financial institutions to shutdown holds where the attacker was about to exfiltrate four years of data, but the PowerShell script was still sitting on the screen, unable to run because ThreatLocker blocked it. It is well worth it.

It has helped reduce help desk tickets because we get a lot fewer situations where end users are running software that they should not be and are causing conflicts with the business protection software. There are a lot fewer situations where someone is compromising the machine.

We run on a very lean team, and we have been able to maintain that status reasonably well because, with ThreatLocker, we do not have to chase things that cannot happen.

All the features are very useful. The biggest one that we focus on is the application control with ringfencing. That combination is very beneficial. We have had some recent benefits. Especially with the elevation functionality, we could remove the local admin requirement for applications that constantly required us to make users local admins on their machines. We take that risk away with elevation control, where we can elevate applications that need elevation instead of all of them. 

Their product is solid. I have a hard time complaining much about it because when we do find little things, they are usually interface-related or related to things that would be nice to have. Their idea portal, unlike so many other vendors we deal with, shows movement. At least four to eight features of ThreatLocker exist because I made a request in the last five years, and it became a feature of the actual product. When it comes to improvements, we moved the product as customers, and we got to move the product by making suggestions. They seem to be very reactive to it, so there is not a whole lot that they actively need to change right now. It is one of those situations where when we run into something that would be nice to have, it happens. They make it work.

We have used the solution for about five years.

The product is highly stable. Obviously, as they add features, every once in a while, there is something that catches us off guard, and we will have to get support. They have the answers right then and there. As a result, it has never been something that has brought us down. We have never had a customer who is down because ThreatLocker is not working. By the nature of what it does, it could be a big problem for a customer, but we have never had it. It has been stable. For five years, we have not had a problem. Customers cannot do what they want to be able to do within reason, and we have never had ThreatLocker be the cause of that.

The solution is very scalable. We started with just our office, and now we have over 3,000 endpoints on it. It scales up very easily. Once again, cloud deployment of the agents and everything else makes it very easy to add new computers to it. It is literally a matter of buying licenses, and it does not seem to care how big our environment is for the most part. The product just handles it.

Their support is world-class. You cannot beat ThreatLocker support. I started a request at eleven at night, and someone started to chat within 30 seconds to a minute. They can easily go to Zoom for conferences and have conversations. Their answers are usually immediate, and if not, it is because they have to go to the engineering team for answers or solutions. If it is an actual feature problem or something like that, it is very fast. We have said more than once that if all of our vendors would act and support us like ThreatLocker does, we would be happy. It would be a perfect world. I would rate them a ten out of ten.

Positive

This is the first time we have done application whitelisting. We brought it in about five years ago looking for an application whitelisting solution, so it was the start of our experience.

We use our own RMM solution for deployment. The setup was definitely easy. Tech support provided us with the scripts and resources needed to push it. It is all pushed from PowerShell scripts, and that downloads straight from ThreatLocker, so we do not have to ever be on-site to do anything. When we are offboarding customers, it is just as easy. We can turn off the self-defense in ThreatLocker and run scripts to uninstall it. Generally, there is no on-premises requirement for it. From an MSP standpoint, it is truly cloud-managed.

We contacted ThreatLocker directly.

From the reputation capability or the ability to show customers that we are doing what we say we do, the return on investment is immense. We also have customers who are frustrated because they cannot do what they used to do, which was run anything they wanted to. However, the first time we save them from something that would have been really bad had we not been there, that instantly changes.

We have not had any real issues with the pricing. As they have added more features, due to the way our contracts are structured with our customers, we have had to hold off on adopting the new features because they do add costs. We have to be able to price them into our contracts. That has probably been our biggest challenge. Once we are in with a customer for one to three years on a contract, bringing in those new features at an additional cost is a challenge. 

We are moving towards the Unified solution, where they basically bundle everything together, providing us better stability with the ability to bring in new product offerings without having to go back to the customer and say, "This is going to cost you."

We looked at a few others. A customer we had many years ago had brought a solution that I helped them with to some degree. I do not remember the name of it, as it was fifteen years ago. It was one of the early ones and was a management nightmare. The amount of effort and work it took to make it work and keep it working was a lot. Compared to that, ThreatLocker is amazing.

Overall, I would rate it a solid nine out of ten. It is a complex solution if you are like me and do not necessarily want to call for help frequently. They have help available all the time and will walk you through the process of setting it up if you are trying to figure it out on your own. That is not going away, in my opinion. It is not really a bash against it; it is just a fact about ThreatLocker Zero Trust Endpoint Protection Platform.

We use it as an endpoint protection solution. It pretty much sits on all of our devices. We manage the app control piece through it. 

We use it for elevation requests. Worldwide, we have set Zero Trust, so people need to elevate through applications. We do not want to give them an admin account on the machine, but we need these applications to run with administrator privileges. That is the piece we leverage the most.

The greatest benefit is the ease. The mobile app is great. I get requests in the portal, and I can allow or reject them, and it works almost instantly, getting teams up and running within 60 seconds. That is the best part. We can train global teams in a half-hour meeting. We are able to break down all their permissions. It is done in a few seconds. We are happy with it.

Elevation control has been second to none for us. It has been amazing. We switched off the last product we were using. We did not have a great experience with them, but we have had a great experience with ThreatLocker Zero Trust Endpoint Protection Platform.

We have eliminated our original endpoint app. We will look into consolidating some of the other tools that our Information Security team uses, but at the moment, it is a replacement; it has not cut any other apps out of our environment. We have already started exploring different ways to eliminate or at least add to our security posture. Specifically, we are targeting the storage control and deeper application control with ringfencing and things like that. We have had lots of demos from ThreatLocker. They are always very good about giving demos on the spot. Thanks to Blaine and Jesse for that.

ThreatLocker Zero Trust Endpoint Protection Platform is fantastic at blocking access to unauthorized applications. With our old product, we had so many issues with policies being all over the place. It was not very intuitive, and the product could not even update itself. ThreatLocker has broken it down in terms of how exactly it is run and the science behind it all. That education and their knowledge base have helped us with understanding. It has been a fantastic platform. It has been in our environment for a relatively short period of time. It has been fantastic so far, and I am hoping that it continues to prove itself.

ThreatLocker Zero Trust Endpoint Protection Platform has not helped to reduce help desk tickets, but it has streamlined them. Instead of guessing what the user needs, the elevation requests pretty much tell you the properties or the paths of what needs to run. That may introduce more tickets, but it is so much faster that it outweighs that aspect.

ThreatLocker Zero Trust Endpoint Protection Platform has expedited our ticket resolution. Although we are getting more tickets, we are plowing through a lot faster. We can see them in the console. People no longer have to reach out to us. People can create an elevation request for the entire organization. They could go to the console and see it there and do it themselves. It makes things so much easier. It has been awesome.

ThreatLocker Zero Trust Endpoint Protection Platform allows us to see what the user needs immediately and simply hit the Go or Approve button. We can set the rules we want. Our last solution was trial and error. It would take me up to an hour and a half sometimes to get the rules working exactly the way I wanted, whereas, with ThreatLocker, it is already all there for me. I can even break down and specify exactly what I want or drill down even more. 

In a day, it saves us one to two hours a day depending on what is being elevated and what people need. This time saving is significant for our technicians. The overall savings could be two to three days. We get overtime, but that is still a lot of work. ThreatLocker has been amazing at saving us time. 

We use it most heavily for elevation control, blocking and giving rights only to certain people or devices, and not allowing the rest to access the software. Elevation control has been second to none for me.

It is super easy to use. We could train a team in 30 minutes. If you are in it relatively often, it becomes second nature. The reduction in attack surfaces comes down to the elevation approval. If an app cannot be elevated or run as an administrator, it is not running at all. That is the key part there. It helps ensure that people are not running something that they are not supposed to. It is very trustworthy. It was socialized pretty quickly within our company. It was very quick.

ThreatLocker’s support has been second to none.

Better visualizations of what exactly is happening in our logs would be helpful. There can be more visuals on what has been elevated. Presenting this in a more refined manner would be beneficial. 

One area that needs improvement is the hierarchy of permissions. Sometimes ThreatLocker's built-in elevations or apps overtake, leading to conflicts.

I have used the solution for six months in total, with it being in production for three months.

It is super stable. I have not had any issues yet. Knock on wood. It has been great.

It is simple. As long as you have the licenses, you can scale as far as you like. We scaled it in three months to the entire organization. It is very scalable and fast, reaching 4,000 computers in three months, which is pretty nice.

Cyber Heroes are awesome. I can open a chat with them and probably get my question answered within a few minutes. If they need to elevate, they can, or we have our meetings with our contact, Blaine, every two weeks. Those meetings are for higher-level topics, but he is very easy to work with.

Any time I have had to put in a ticket, it has been worked on within the same day or the next hour. This support ranks at the top of all the different software I use.

Positive

We used CyberArk. It would not update itself and was causing blue screens. It even blocked emails and did other unwanted actions. We had it set up to do the bare minimum, and it would sometimes do vastly different things that we did not want it to do. That was one issue.

The updates were blocked, so we could not uninstall it for machines. The dashboard was outdated. Even with a switch to a cloud solution, it was not intuitive. In this age, it is insane to have a console that is not intuitive and looks out of date. It is probably an out-of-date software, and that definitely reflected in our experience.

The initial setup was extremely easy. I did a lot of the packaging and deployment. Once deployed, it shows up in the console within five to ten minutes whenever the machine checks in. No matter where you are in the world, it just works.

We used Access IT. They have always been great. They are super easy to work with. They streamlined the whole process and got us on board quickly.

ThreatLocker is a little cheaper than our last app, and we could continue to save money as we utilize its other aspects. It is doing so much more for our company, which is amazing. Adding more features and eliminating others could save even more and provide more proven value. It has saved us about 25,000 a year.

We have been using it only for about six months. It has only been in production for three months, but we have been testing it for six months. It is a short time, but it has already saved us so much time.

The pricing is pretty fair, considering other solutions. Licensing-wise, it did not take long. The only long piece was the legal lease. Other than that, the only thing that held us up was the holidays. It was more on our end than on their end. The cost structure and everything else seemed very fair and well laid out.

We evaluated BeyondTrust and a smaller company. BeyondTrust’s presentation ran on Windows 7, whereas in 2024, we were on Windows 11. That was an issue for us. 

A significant issue with the other solution was that the UAC prompts were not working anymore. You had to use their software, which pretty much gave up administrators' ability to elevate when needed.

I would rate ThreatLocker Zero Trust Endpoint Protection Platform a ten out of ten.

My main use case for ThreatLocker Zero Trust Endpoint Protection Platform is to block unwanted software that we have. There are a lot of randomness that people have on their laptops, so we get control over that and make sure they are not doing what they are not supposed to be doing.

My favorite feature of ThreatLocker Zero Trust Endpoint Protection Platform is the approval to elevate a system for an amount of time, which is a nice feature. We can say, 'Hey, we're going to let you elevate this, so if you need to run something you can do that,' without having to have any kind of in-between for IT.

The feature benefits our company by saving us time at the end of the day. If it is something that we know that they can install on their own, it is something that we do not have to worry about. We can just have them do it on their own and save us time. Overall, I am not exactly sure how much time it has been saving with ThreatLocker Zero Trust Endpoint Protection Platform, but it could save up to an hour of time by scheduling meetings to get availability and have it installed.

My impression of ThreatLocker Zero Trust Endpoint Protection Platform's Allowlisting feature in terms of managing which software, scripts, and libraries run on our devices is that it makes it easier overall to have it in a place where you can go and see it all. It is just easier for IT.

We do use the Elevation Control feature. My assessment of the Elevation Control feature's role in facilitating just-in-time administrative access for approved applications is that it is good. If there are things that we know that are safe to have, we can save ourselves time by just having them go out and install it on their own. It definitely makes it easier on us.

We have used the Ringfencing feature of ThreatLocker Zero Trust Endpoint Protection Platform, though I have not personally used it yet. I am still kind of getting into it.

We have partially used the Web Control feature of ThreatLocker Zero Trust Endpoint Protection Platform. Once we got it, we went through and blocked the extensions. There were a lot of random third-party extensions people had installed on their browsers, so we did a full block on all extensions and made people come ask about what extensions they need.

I think the efficiency of the real-time threat intelligence and category controls employed by Web Control in blocking malicious and non-compliant elements has done its job. It is good to see what they have and what they can request, and we can dig down and see what the actual extension is doing and determine if it is good or not.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform for a couple of months now, probably about six to eight months. So not too long.

The stability of ThreatLocker Zero Trust Endpoint Protection Platform has been good. I have not experienced any downtime, crashes, or performance issues. Most of the issues we have had have been on our side, such as internet-based issues. Connection and everything else has been good.

The scalability of ThreatLocker Zero Trust Endpoint Protection Platform has been good. It definitely benefits us to have that extra layer of protection and to be able to be more flexible when it comes to the software and approvals.

Customer service and technical support for ThreatLocker Zero Trust Endpoint Protection Platform are good. They make it really easy to submit a ticket or do a quick chat with them to get in contact with somebody quickly and make it easy.

Positive

By using ThreatLocker Zero Trust Endpoint Protection Platform, I do not think we have looked into eliminating or consolidating any security tools or solutions yet. We are just still kind of testing it out and making sure it is good.

We have not purchased the Network Control feature of ThreatLocker Zero Trust Endpoint Protection Platform. We have not purchased the Storage Control feature either. We have the DAC Dashboard feature of ThreatLocker Zero Trust Endpoint Protection Platform, but we probably have not used it.

My learning process of applying ThreatLocker Zero Trust Endpoint Protection Platform involves figuring out how to set up the pathings for the Allowlist, knowing what to wildcard, and understanding what ThreatLocker looks for and what you need to address when you are making those approvals.

The main learning curve for me at the start was just kind of figuring out what they look for. I think once you get into it and learn it, it is pretty good and simple.

From one to ten, I would probably rate ThreatLocker Zero Trust Endpoint Protection Platform overall a nine. I would say probably just to try it out because it does not hurt to see what it is about, and more than likely they would probably be impressed by how beneficial it is for an IT team.

I am still learning how ThreatLocker Zero Trust Endpoint Protection Platform is used; I am still in orientation, but we mostly use it for application allowances and blacklist whitelist.

My only experience with ThreatLocker Zero Trust Endpoint Protection Platform is with the allowance and disallowance of applications, so I am still very new.

We really consolidate security tools by using ThreatLocker Zero Trust Endpoint Protection Platform, as we use some other security products as well, and ThreatLocker Zero Trust Endpoint Protection Platform is really just a big enhancement for us.

As a new person, I appreciate the Allowlisting feature of ThreatLocker Zero Trust Endpoint Protection Platform; it is intuitive, which makes it easy for me to navigate. I am getting more experience with it, but so far it has all been positive.

The allowance application is important for our company because it really allows our clients to control what is in their environment without having to constantly audit, which is beneficial.

My assessment of the Elevation Control feature's role in facilitating just-in-time administrative access for approved applications is that it is excellent because it is easy; you can do approvals live, which is quite quick. You do not have impatient clients waiting for approvals for a long time, or you do not have to go through a whole process. As long as we have a process on our end to vet these, or if it is already something we know about, it is easy to do without stressing out our client.

ThreatLocker Zero Trust Endpoint Protection Platform has helped my company save on operational costs or expenses because it allows our techs to be much more efficient. If we have already whitelisted products, we do not have to spend time on the phone with the client or a ticket every time for a similar application. We can approve it by policy or provide a quick approval or temporary approval, and our team can move on. It is efficient on both ends for the client and for us.

It could be anywhere from saving fifteen minutes to, if it is an application we have vetted a couple of months ago and it took an hour, when we have a company that needs to install it on a bunch of machines, we can whitelist it, saving ourselves that much time every time.

From my experience until now, I think ThreatLocker Zero Trust Endpoint Protection Platform can be improved by constantly making sure to keep up with the development of new threats every day. As long as ThreatLocker Zero Trust Endpoint Protection Platform is keeping up with that, it gives me the confidence that I can deploy it to my clients.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform for about three months.

I have not experienced any downtimes, crashes, or performance issues with ThreatLocker Zero Trust Endpoint Protection Platform.

From my experience, ThreatLocker Zero Trust Endpoint Protection Platform scales well with the growing needs of my company; we already have a lot of clients in there, and I have not seen any issues with scaling or adding clients. I have added a couple since I have started and I think it is excellent.

I have insights for ThreatLocker Zero Trust Endpoint Protection Platform to work on when training new people, particularly that I really appreciate how the training modules are laid out; it is really easy to navigate and they are not in huge chunks. I appreciate it because it is something I can do between tasks throughout the day and kind of chip away at it, which I really appreciate.

My advice to other companies considering ThreatLocker Zero Trust Endpoint Protection Platform is to go through the training so you fully understand it; you can make sure that you are serving your client the best you can with the product. It is a very powerful product.

My main use case for ThreatLocker Zero Trust Endpoint Protection Platform is the full platform. I use the full platform in my daily work within my organization with application control, network control, security control, and I utilize the Cyber Hero offer.

The best features ThreatLocker Zero Trust Endpoint Protection Platform offers is that the entire platform is perfect. It is very user-friendly and helps us manage our endpoints easily. The parts that stand out for my team are elevation, password rotation, and application control.

Regarding the features, I would add that response time is quicker, there are fewer problems on problematic end users, and there are fewer weekend calls.

ThreatLocker Zero Trust Endpoint Protection Platform has impacted my organization positively overall, with approximately 99% positive and 1% negative impact on people who are accustomed to having local admin rights, but since it is a security risk, it helps us in the long run.

I see measurable improvements in security incidents and operational efficiency, and it gives us one pane of glass to see all of our clients at once. We can see endpoints, observe what is going on, and we see what is red and what is green.

ThreatLocker Zero Trust Endpoint Protection Platform improves every day on its own, so I have no complaints regarding how it can be improved. I do not want to add more about the needed improvements, even if it is something small or a wish list item for the future.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform since 2019, and I started using the endpoint protection two and a half years ago.

The Network Control feature impacts my ability to manage network traffic across my endpoints and servers by giving us a small problem, but now it is stable with the new build. The main issue I experienced with Network Control before it became stable was related to the network control itself. The platform and the user were good.

By using ThreatLocker Zero Trust Endpoint Protection Platform, my organization eliminated three security tools: Blackpoint, Huntress, and SentinelOne. Consolidating those tools with ThreatLocker impacted our operations as we have fewer portals to view.

I have not seen a return on investment yet, but there is a small amount of time saved because of fewer dashboards.

My experience with pricing, setup cost, and licensing is that they made it very easy to implement with them and gave us time to pay it off.

I do not have anything else to add about how I use ThreatLocker Zero Trust Endpoint Protection Platform, perhaps something unique to my organization.

It is difficult to identify which security and configuration settings need fixing using the DAC dashboard since we do not use the DAC dashboard yet. I do not assess the efficiency of the real-time threat intelligence and category controls employed by Web Control in blocking malicious and non-compliant sites because we do not use Web Control.

I use the Ringfencing feature with ThreatLocker every day. The Network Control feature impacts my ability to manage network traffic across my endpoints and servers by giving us a small problem, but now it is stable with the new build. The main issue I experienced with Network Control before it became stable was related to the network control itself. The platform and the user were good.

I use the Elevation Control feature in ThreatLocker every day, which facilitates just-in-time administrative access for approved applications. I appreciate the Storage Control feature being locked down and controlled through us, and no one can infiltrate and take our data. I have given this review a rating of 10.

In terms of use cases, there are quite a few good ones that come to mind. One instance is when people unexpectedly download items, especially in the downloads folder or the documents folder, and try to run them. It is effective at blocking those. We need to vet them to ensure they are legitimate and intended, not just random malicious downloads. 

Another scenario involves items in the Windows folder itself, where sometimes an update might get blocked, requiring us to verify its legitimacy. 

Occasionally, we receive help from Cyber Heroes as well. Those are the three use cases I can think of.

It helps keep track of shadow IT activities. We have more compliance because we know who is doing what. Previously, we did not know who was doing what, especially at the application control level. Some people had some administrative rights that we did not know about. We now have got more into compliance. We have everything in a single pane of glass. Everything has to be approved before it can be run. It helps our company become more secure and more compliant.

We have more consolidated security. We are three to four times more secure than before using the solution. It helps us be more compliant with what we do on a daily basis, even though sometimes it can be confusing, such as a whitelisted app getting blocked. That is probably because of fine-tuning. We will have to fine-tune that policy to make it run more smoothly.

It helped us consolidate security tools. We are now focused on this rather than looking into other tools we had in the past. We just go to ThreatLocker, look at the path, look at the hash, and see whether it is vetted. If yes, we just allow it. We had ManageEngine Application Control, and we thought we did not need that anymore. It was like an add-on. We had Endpoint Central. On top of that, we had Application Control and other things. Now, with ThreatLocker, we do not need them anymore.

I am not the finance person, but I believe it has helped our organization save on operational costs because we got this product with other security products from our managed service provider. They gave us a good rate when we combined multiple solutions together. We purchased Huntress for antivirus and other security tools from them.

I would rate it highly in its ability to block access to unauthorized applications. It works and does its job. It does what it is supposed to do, especially if you train it well. If we fine-tune the policies, it works the best. Some of the policies might be confusing, but it works well.

I am not sure if it has helped reduce help desk tickets. We still get help desk tickets here and there. We are a small company. We do not have a whole lot of applications running in our environment. In a large organization with thousands of employees, it might reduce helpdesk tickets.

We can now shift the gear and focus on other things, such as server logs or security logs, more firewall rules, etc. It saves us at least three hours every day. 

The most valuable feature is its learning capability. Not every application it learns is allowed to run, so my involvement is necessary. Those based on path and certification are particularly important. When an application is on a specific path in our network and has a valid certificate or hash, it assures me that the application is safe to run and offers comfort that it is probably 100% okay to proceed. It locks a threat.

This is my first Zero Trust conference, and so far, it has been good. The only thing I have noticed is that sometimes they encounter technical issues. For example, in one of the demo labs, the laptop trying to connect to the projector was not working, which affected the demonstration of the victim versus attacker laptop scenarios. It would be helpful to fix these issues. 

Additionally, when people come to the hacking lab, presenters should ensure their fonts are larger. With 500 to 600 people in the room, it is difficult to see everything clearly, especially when there are only two projectors. Improving the sound quality and similar aspects would be beneficial.

It has been over three years now since we have been using it. We got it through our MSP. They have given us access as admins, though not with full control, to allow the whitelisting of some applications and paths if needed.

It is pretty stable. It is doing its job well. The algorithms and coding, developed by smart individuals, ensure the app performs its tasks effectively.

It is quite scalable. From what I understand and have learned, we can manage as many environments as we want. It remains scalable and manageable from one portal.

Customer service is pretty good. I would rate it highly. Their response is almost instantaneous when issues arise. I just communicate my concern, and within minutes, I get a response. 

Positive

We previously used ManageEngine Application Control, but we eliminated it. It was doing a similar thing, but it was a little bit different.

By switching, we were getting a better discount, and the consultants or the advisor also said that this solution is better based on the previous experience with the solution. 

We have a cloud version when it comes to the portal. The agents are installed on every machine and server. For the most part, we use the Azure cloud. We also have AWS. 

The initial setup was pretty easy since we received assistance from a third party. Everything is deployed via GPO, so once a computer joins, it installs by itself. However, we have limited access to the portal as of now, and I hope this will change.

From a technical perspective, it does its job by saving our team time and reducing confusion. It saves effort working on people who engage in shadow IT by preventing unauthorized applications from running on their computers. The installation of the ThreatLocker agent has ceased such activities. With only three IT personnel, it has proved efficient, assisting us in managing and streamlining our workload.

I do not know about the licensing and price as it comes bundled from our MSP. However, it seems fairly reasonable for us, which is why we chose it.

We did not evaluate other solutions.

It is not easy to use. I am still learning. I highly recommend finishing the Cyber Hero course to understand the solution, the way it works, and the secret behind each tool. This course is available in ThreatLocker University. It has a lot of modules that you can go through. Once you can master those, you will have a good idea of what is going on. After that, it is easy to implement.

I would rate it a nine out of ten. At the Zero Trust conference, eliminating some technical difficulties in future iterations could raise this to ten. Overall, everything is excellent, and everything is well-prepared, from the laptops provided to the overall setup. These minor issues could happen anywhere, not just here. If resolved, it would be a perfect ten. It is not a huge issue.

When we assessed application whitelisting and ringfencing controls, we decided to sign on with ThreatLocker. The way we operate our business is that it is deployed across all our clients. Once we identified the benefits of application whitelisting, we knew it belonged in every client's setup, and we implemented it for all our clients.

When we adopted ThreatLocker Zero Trust Endpoint Protection Platform, there were frustrations among clients as everybody was learning and getting used to it. We were learning how to administer it, and our customers were learning what it was, but it ended up becoming a fantastic thing where we now get referrals from our customers to other companies. Over time, it transformed into a positive experience, leading to customer referrals and advocacy for ThreatLocker. Although some clients overstate it by claiming it makes them ransomware-proof, the product's impact is undeniable. The contributions of Ben and Garrett were pivotal in this success, resulting in enthusiastic customer recommendations.

It has not helped eliminate or consolidate any security tools or solutions. We do not see ThreatLocker as a replacement for any of the current base functionality of existing tools; we see it as augmenting it. We see it as something that is important to have. One of the philosophies at our company is that we do not believe there should ever be an all-in for any security product. There should always be a check and a balance in place. One of our main checks on ThreatLocker is Huntress, so we use them in combination. It is something that maintains a balance. They are not overlapping by any means. Even though ThreatLocker has an MDR product now, we are electing not to use it because we want to have a separation and those checks and balances in place.

We initially anticipated a reduction in ticket hours through elevation control, but rather than a decrease, over the years, the nature of the tickets changed. Instead of broad, permissive policies, we now focus on diligent policy creation, accompanied by an increase in technical costs. I do not see that as a negative. While it increased our overall technical costs on an average basis, the benefits that come with it make it completely worthwhile and something that I would recommend to every MSP.

It has not decreased help desk tickets. It has changed the nature of the tickets, and that is not a bad thing. It means that we are using ThreatLocker properly, and we are not making broad sweeping policies that are overly permissive. It requires us to do our job a little more diligently.

It has increased our operational costs, but it is entirely worth it to increase those operational costs.

It can block access to unauthorized applications. It is very dependent upon the implementation and the access that is allowed. If you are giving this to your technicians without the appropriate training, it can be dangerous and not helpful. It can be a false sense of security, but if you implement it properly and are willing to make the investment in training your team properly on how to manage ThreatLocker, it is fantastic.

It has changed what our IT team is working on. Instead of working on old-style things, such as GPO or CryptoLocker policies and reviewing enforcement and deployment of that GPO and linkage, they are now spending their time reviewing policies within ThreatLocker. There is a shift in focus, but it is far more worthwhile. Every hour that has been replaced with ThreatLocker time is a much more effective use of their time.

Application whitelisting is significant, though it may seem obvious. What sets ThreatLocker apart from competitors offering similar solutions is ringfencing. The ringfencing controls, along with the application elevation features, keep it out of the user's line of sight while still protecting them. This protection is unobtrusive but effective, as users are protected without their awareness. 

I find that the learning mode is too accessible. Technicians sometimes default to it instead of manually building policy controls. I would prefer the learning mode to be harder to access, ideally hidden behind a layer that requires creating at least one policy first before using the learning mode as a supplement. 

Because of the accessibility of things like the learning mode, it moves towards defeating the purpose. The level of learning and the processes required to use ThreatLocker properly is high. You require a very high-tech person to truly understand its in-depth nature. We have tried it with our junior techs, and they just default to throwing learning mode on everything. It is too easy and allows techs to push through things that they should not. When you are using it properly, it has a high learning curve and a high difficulty level.

It requires quality-of-life enhancements from an administrative perspective. Currently, there is a strong technical focus but less emphasis on the business aspects, such as billing and portal administration.

I believe we have been with ThreatLocker for about three years.

The platform's stability is solid, but I have concerns over their rapid expansion into areas like the endpoint solution acting as an EDR. They might be trying to become an all-in-one solution instead of focusing on their niche of augmenting other solid solutions. Companies like SentinelOne and Huntress have strong offerings, and ThreatLocker excels in complementing them instead of competing directly.

It is quite scalable. This scalability is partly due to our implementation strategy, where every client receives it without exception.

It has been fantastic. The feedback from our technicians working with Cyber Heroes has been positive, and my experience with our account managers, Ben, Lansard, and Garrett, has been exceptional. The service has been outstanding.

I would rate their customer support a ten out of ten.

Positive

We had no application whitelisting platform prior to ThreatLocker.

The agents are on-premises. The deployment of ThreatLocker agents has been very smooth and clean. Our challenge has been the maintenance of the accounts. As devices go offline and are retired, there are no automated falloff methods, and that has caused some challenges for us.

We had a sales engineer provided by the ThreatLocker team to assist us. I want to specifically acknowledge Garrett, our second sales engineer, who made the product work effectively and built our trust and confidence in ThreatLocker.

It is less about a tangible dollar return on investment and more about risk management and peace of mind for both our MSP and our clients. Feedback from technically inclined clients indicates that having this solution in place allows them and their teams to feel secure, helping us all sleep more soundly at night. For an MSP, it has been one of the most effective solutions.

We have encountered a few challenges regarding pricing, contract renewals, and additions. As we explored adding features like Cyber Hero, it proved to be an increased expense for our clients. This was primarily a mistake on our part due to how we initially priced it to clients. After conversations with other partners, it became clear we underpriced it initially, which caused most of our issues, rather than any fault with ThreatLocker.

We evaluated multiple solutions beforehand such as SentinelOne, CyberFOX's AutoElevate solution, and others. We evaluated these options before adopting ThreatLocker and continue to reevaluate them annually, but ThreatLocker has consistently remained in our stack because they do it right. ThreatLocker stands out because they understand application whitelisting and elevation controls deeply, addressing real issues effectively.

A lot of companies get into application whitelisting and elevation control, but they lack a true understanding of the real issues and how to properly address them. ThreatLocker does a great job of knowing what they do well, and in a good way, staying in their lane and excelling at what they do. A lot of the other people who have similar products either are vastly overpriced or try to do it all. When you try to do it all, you end up not doing it all well. ThreatLocker excels in knowing its strengths and not overextending.

I would rate the product a nine out of ten. More emphasis on the business aspects, such as billing and portal administration, would push the rating to a ten.

Our main use case for ThreatLocker Zero Trust Endpoint Protection Platform is to protect our Linux endpoints.

The feature I prefer most about ThreatLocker Zero Trust Endpoint Protection Platform is the default deny because our endpoints are mirror machines, and we do not expect any behavior other than the expected. Blocking everything by default is the best solution that we found in ThreatLocker Zero Trust Endpoint Protection Platform.

ThreatLocker Zero Trust Endpoint Protection Platform benefits our company because we can be secure while remaining relaxed, as we are only expecting normal behavior and nothing unusual. Every action that is not expected will be locked by default.

My impression of the allow-listing feature in ThreatLocker Zero Trust Endpoint Protection Platform in terms of managing which software, scripts, or libraries run on our device is that it is amazing because we can block everything and only allow the things that need to be executed to work. It is a ten out of ten for us.

We use the Ringfencing feature. I would assess the impact of the Ringfencing feature in controlling the behavior of approved applications as perfect, but I do not know how well it performs overall because we do not use it extensively. We only use it for one application, and it is only to control which server it connects to.

ThreatLocker Zero Trust Endpoint Protection Platform can be improved by making the installation easier. We have one policy applied for all devices, and that policy was created for the first device. Since they are mirror machines, we can copy and paste the policy on all machines, and we do not need to do a manual deploy for each new device that we add to ThreatLocker Zero Trust Endpoint Protection Platform.

One thing I would improve in ThreatLocker Zero Trust Endpoint Protection Platform is the time it takes to apply a policy. Although it is very short, it can be improved. Additionally, I think there should be more options for Linux distributions because I am a penetration tester, I use Kali Linux, and it is not available for Kali Linux. I need to execute some tricky commands to be able to install ThreatLocker Zero Trust Endpoint Protection Platform on my machine, and I think this is something that needs improvement.

I have been using ThreatLocker Zero Trust Endpoint Protection Platform for the last two months, and we are very new to it.

Regarding the reliability and stability of ThreatLocker Zero Trust Endpoint Protection Platform, it is a ten out of ten. I have never experienced a problem or downtime with ThreatLocker Zero Trust Endpoint Protection Platform, and everything runs correctly.

ThreatLocker Zero Trust Endpoint Protection Platform scales well with the growing needs of our company, and we are planning to expand the usage, so I think it will be expanded.

I did consider other solutions before choosing ThreatLocker Zero Trust Endpoint Protection Platform. We considered Huntress, but it was not very accurate for our solution.

We were thinking of a solution based mostly in Linux, and Huntress is more for Windows. The principal device was a Linux machine, so we decided to select ThreatLocker Zero Trust Endpoint Protection Platform for that.

This is my first experience with a solution of this kind in this area. I do not use the Network Control feature. I do not use the Elevation feature. I do not use the Storage Control feature. I do not use the DAC Dashboard. I do not use the Web Control feature. I would rate ThreatLocker Zero Trust Endpoint Protection Platform a nine out of ten, only because it does not have compatibility with Kali Linux. My advice to other companies considering ThreatLocker Zero Trust Endpoint Protection Platform is to use it and create great policies because it is amazing.