Why ThreatLocker
ThreatLocker is a zero-trust endpoint protection platform that blocks unknown executables, scripts, and ransomware by default. It uses application allowlisting, ringfencing, and storage control to prevent breaches — even from zero-days.
- Default Deny Security: Only approved apps and scripts can run.
- Ringfencing™: Limits what approved apps can do (e.g., block Outlook from writing to USB).
- Storage Control: Prevents ransomware from encrypting network shares.
- Learning Mode: Auto-builds policies during onboarding with minimal effort.
How Blackhawk MSP Deploys It
- Deploy agent via RMM (ConnectWise, Ninja, etc.).
- Run 7–14 day learning mode to baseline approved applications.
- Enable ringfencing policies (block USB, limit browser downloads).
- Activate storage control on file servers and OneDrive.
- Monitor deny events and refine policies via centralized portal.
FAQ
Q: Will it break legitimate software?
A: No — learning mode captures all current apps. Post-onboarding changes are rare.
Q: How is it different from EDR?
A: Prevents execution — stops threats before they run. EDR detects after execution.
Q: Can users request app approval?
A: Yes — self-service portal with manager approval workflow.
Q: Does it work with macOS and servers?
A: Yes — full support for Windows, macOS, and Windows Server.
Need help? Call 1-925-218-4000 — Blackhawk MSP
