Installing New Software with ThreatLocker

ThreatLocker makes locking down your systems really easy. When a user tries to open an application that is not permitted, they are given a notification that the software was blocked by ThreatLocker.

Applications can contain multiple executables and libraries, often running into hundreds or even thousands. Tracking and knowing what can be installed is difficult when using application white-listing solutions. ThreatLocker makes this process simple.

Before installing unknown applications, put ThreatLocker in installation mode. Installation Mode allows new software to run temporarily and also tracks all file changes and creations during the installation. Once the software installation is complete. ThreatLocker will automatically create or update the application with the new white-listed entries.

You can start Installation Mode in three ways.

Starting Installation Mode from a blocked file.

install-mode-tray.png
  1. Open a file that is not permitted;

  2. ThreatLocker will block the application, and present you with a message;

  3. Select My Administrator is Present;

  4. Enter your ThreatLocker username and password;

  5. Enter an application name for the new application. If you wish to update an existing definition with new files, use an existing application name.

  6. Select one of the following options from the "Permit For" drop down box:-

    1. Every Computer in this Group - a Policy will automatically be created to permit this application for all computers in this group;

    2. Entire Organization - a policy will be created to permit this application for all computers in the organization;

    3. This Computer Only - a policy will be created to permit this application for this computer only; or

    4. Don't Permit - no policy will be created, the application will just be created so you can use in the future.

  7. Check Enable Installation Mode.

When you select Permit Application, installation mode will be started. When you have finished installing the application. Select Finish from the Installation is in Progress box. The application will automatically be updated with the new files, and relevant policies will be created.

Starting Installation Mode from a request to run an application.

installation-mode-from-approval-center.png
  1. Log into the ThreatLocker Portal;

  2. Select the Approval Center from the left navigation menu;

  3. Select the approve check for a request a user has made;

  4. Select “Create a new application”;

  5. Enter a name for the new application, if you wish to update an existing application you can enter an application name that already exists;

  6. Select a security level:-

    1. Moderate (Recommended) - This will permit any newly created or updates files based on the file certificate if the file is not signed a hash will be taken of the file.

    2. Strict - Files will be added based on the exact hash

    3. Relaxed - Files will be added based on the full path. This is only recommended for files that change regularly and are not signed.

  7. Select Enable Installation Mode; and

  8. Select Permit Application.

Within a few minutes a user will be prompted with a message that their computer is in installation mode. Once the installation is complete, you can select finish on the Computer.

Starting Installation Mode from the computers page.

  1. Log into the ThreatLocker Portal;

  2. Select Computers from the Navigation Menu;

  3. Select the Edit icon next to the computer you wish to put into installation mode;

  4. Scroll down to the Install Mode Section of the page;

  5. Enter an application name for the application you are installing. If you are updating an existing application. Make sure the application name matches the existing application name;

  6. Enter a security level:-

    1. Moderate (Recommended) - This will permit any newly created or updates files based on the file certificate if the file is not signed a hash will be taken of the file.

    2. Strict - Files will be added based on the exact hash

    3. Relaxed - Files will be added based on the full path. This is only recommended for files that change regularly and are not signed.

  7. Select a future date that the Installation will end. When you put a computer into installation mode, it will permit new file executions monitor file creations until the end date is reached. If you wish to install a piece of software that will take 10 minutes to install, select the date and time 10 minutes in the future. Once the time has elapsed, installation mode will end, the application will be created any policies will be created automatically;

  8. If you select require user interaction. The user can end install mode by selecting the Finish on the computer. If they do not select Finish before the installation mode date has passed, the tracked changes will be discarded.