Get a FREE Report of the Software Running in Your Environment - Including Risks & Countries of Origin

The Endpoint Protection Platform That Prevents Ransomware

ThreatLocker® Zero Trust Endpoint Protection Platform offers a unified approach to protecting users, devices, and networks against the exploitation of zero-day vulnerabilities.


Giving you complete control to help you manage your applications and better protect your endpoints.

Introducing Ringfencing™

Controlling what software can run should be the first line of defense when it comes to better protecting yourself against malicious software. Ringfencing™ adds a second line of defense for applications that are permitted. First, by defining how applications can interact with each other, and secondly, by controlling what resources applications can access, such as networks, files, and registries. Ringfencing™ is an invaluable tool in the fight against fileless malware and software exploits.

Illustration of how ThreatLocker Ringfencing works

Protect Your Data From Malicious Behavior

  • Stop fileless malware and limit damage from application exploits
  • Define how applications integrate with other applications
  • Stop applications from interacting with other applications, network resources, registry keys, files, and more
  • Stop applications from interacting with built-in tools such as PowerShell, Command Prompt and RunDLL
  • Stop built-in tools from accessing your file shares


Enables you to allow what you need, and block everything else, including ransomware.

Total Endpoint Control

Allowlisting has long been considered the gold standard in protecting businesses from known and unknown executables. Unlike antivirus, Allowlisting puts you in control over what software, scripts, executables, and libraries can run on your endpoints and servers. This approach not only stops malicious software, but it also stops other unpermitted applications from running. This approach greatly minimizes cyber threats by stopping rogue applications from running on your network.

ThreatLocker Allowlisting Icon

Block Unneccessary Executions

  1. Stop any application from running on your machine that is not a part of the allow list. This helps to mitigate and stop cyberattacks from happening across your device and network
  2. Add firewall-like application policies: A powerful firewall-like policy engine that allows you to permit, deny or restrict application access at a granular level
  3. Add Time-Based Policies: Permit access to applications for a specified amount of time. Automatically block the application after the policy has expired
  4. Keep up to date with Built-In Applications: ThreatLocker® automatically adds new hashes when application and system updates are released

Storage Control

Giving you complete control over your storage devices, including USBs and network shares.

More than Just Blocking USB Ports

ThreatLocker® Storage Control is an advanced storage control solution that protects information. We give you the tools to control the flow and access of data. You can choose what data can be accessed, or copied, and the applications, users, and computers that can access said data. By using ThreatLocker®, you are in control of your file servers, USB drives, and your data. Most data protection programs on the market are butcher knife solutions to a problem that requires a scalpel. Blocking USB drives and encrypting data-storage servers can help secure your organization’s private data, but these tools don’t take into account that this data still needs to be quickly accessible. Waiting for approval or trying to find a device that’s allowed to access the needed files can drain hours of productivity.

ThreatLocker Storage Control Icon

Choose How Your Data Is Accessed

  • A full audit of all file access on USB, network, and local hard drives
  • Restrict or deny access to external storage, including USB drives, network shares, or other devices
  • Approve access for a limited amount of time or permanently
  • Restrict access to specific file types, for example only permit access to jpeg files from a camera
  • Limit access to a device or file share based on the application
  • Enforce or audit the encryption status of USB hard drives and other external storage

Elevation Control

Run select applications as a local admin and remove local admin permissions without stopping productivity.

The Extra Layer of Security

When it comes to adding extra layers of security to your cybersecurity stack, it's important to always add a human layer. Users with admin access are often the weakest link across your network, so their movements must be monitored and tracked. ThreatLocker® Elevation Control provides an additional layer of security by giving IT administrators the power to remove local admin privileges from their users, whilst allowing them to run individual applications as an administrator.

ThreatLocker Elevation Control Icon

Key Capabilities of ThreatLocker® Elevation Control

Complete Visibility of Administrative Rights

Gives you the ability to approve or deny an individual’s administrator access to specific applications within an organization even if the user is not a local administrator

Streamlined Permission Requests

Users can request permission to elevate applications and add notes to support their requests

Varied Levels of Elevation

Enables you to set durations for how long users are allowed access to specific applications by granting either temporary or permanent access

Secure Application Integration

In combination with ThreatLocker® Ringfencing™, ensures that once applications are elevated, users cannot jump to infiltrate connected applications within the network

Network Control

Cloud-managed endpoint and server firewall with dynamic ACLs to lockdown your endpoints and block unwanted network traffic.

More on Network Control

Network Control (NAC) allows for total control of inbound traffic to your protected devices. Using custom-built policies, you can allow granular access based on IP address or even specific keywords. Unlike a VPN that needs to connect through a central point, the ThreatLocker® NAC is a simple connection between server and client. ThreatLocker® NAC is built in a way that creates a seamless experience, enabling users to work as normal while eliminating the need for a solution, such as a VPN.

ThreatLocker Network Control Icon

Key Capabilities of Network Control


NAC gives users the ability to configure network access to endpoints using global and granular policies.


The cloud-managed solution provides customers with a centralized view of endpoint policies across your customers.


NAC enables users to deny all traffic to published servers while only allowing a single IP address dynamically or even a keyword. This is great for users who travel often.

ThreatLocker® Detect (Ops)

Detect and identify suspicious activity within your environment.

Don't Let Vulnerabilities Go Unnoticed

ThreatLocker® Detect (formerly known as Ops) looks for any anomalies that may make an environment vulnerable to a cyberattack. It analyzes data from ThreatLocker® modules and notifies the admin if their system is using a version of software that's known to have cyber vulnerabilities. Should a breach be attempted, ThreatLocker® Detect can take steps to defend the system, such as taking automatic remediations, and Application Control will block any malicious payloads.

ThreatLocker Detect Icon

Key Capabilities of ThreatLocker® Detect

Alert and Detect

Using industry-known indicators of compromise, ThreatLocker® Detect can detect and alert IT professionals that their organization may be under an attempted attack based on customizable thresholds and notification methods.


Set policies to enable, disable, or create Application Control, Storage Control, or Network Control policies in response to specified observations.

Custom Threshold

Policies can be tailored to alert and respond differently based on the threat level to reduce alert fatigue.

Leverage Community Knowledge

IT admins can easily share their own ThreatLocker® Detect policies or “shop” for vetted policies shared by their industry peers and the ThreatLocker® team.

ThreatLocker® Key Uses

Proactive Approach to Cybersecurity

Unlike antivirus or traditional EDR, ThreatLocker® Allowlisting solution puts you in control of what software, scripts, executables, and libraries can run on your endpoints and servers. This approach stops not only malicious software in its tracks but also stops other unpermitted applications from running. This process greatly minimizes cyber threats and other rogue applications from running on your network.

Preventing the Weaponization of Legitimate Tools

Normally, applications have access to all the same data as the end user. If an application is absolutely necessary, ThreatLocker® Ringfencing™ can implement Zero Trust controls comparable to, but more granular than, traditional application containment toolsThreatLocker® Ringfencing™ controls what applications are able to do once they are running. By limiting how software can interact on your devices, ThreatLocker® can reduce the likelihood of an exploit being successful or an attacker weaponizing legitimate tools such as PowerShell. These controls can prevent applications from interacting with another application, your files, data, or the internet.

Limiting Application Hopping for Administrators

Elevation Control puts IT administrators in the driver’s seat, enabling them to control specific applications that can run as a local admin without giving users local admin rights. With applications such as QuickBooks that need to run with local admin access, elevation control can limit that access without impacting operational workflow, which can prevent the further spread of an attack, like application hopping, in case there is a breach in the endpoint.

Control Over Storage Devices and Data Access

ThreatLocker® Storage Control provides policy-driven control over storage devices, whether the storage device is a local folder, a network share, or external storage such as a USB drive. Storage Control allows you to set granular policies, such as blocking USB drives or blocking access to your backup share except when your backup application is accessed.