Why ThreatLocker
ThreatLocker enforces zero trust by default-deny: only approved apps and scripts run. It stops ransomware, fileless attacks, and privilege escalation — with ringfencing, storage control, and network isolation.
- Application Allowlisting: Only signed, known-good apps execute.
- Ringfencing: Limits what approved apps can do (e.g., Chrome can’t write to C:).
- Storage Control: Blocks USB, encrypts removable media.
- Learning Mode: Auto-builds policy in 7–14 days with zero disruption.
How Blackhawk MSP Deploys It
- Deploy agent via RMM; enable Learning Mode for 10 days.
- Review and approve policy — lock down in Protect Mode.
- Enable ringfencing: Office → no network, PowerShell → approved scripts only.
- Block all USB storage except encrypted corporate drives.
- Include “0 ransomware events” in monthly security report.
FAQ
Q: Will it break software?
A: No — Learning Mode captures all legit apps first.
Q: Can users install apps?
A: No — all execution blocked unless MSP-approved.
Q: Works on servers?
A: Yes — full allowlisting for RDS, SQL, DC.
Q: MSP control?
A: Full policy override, audit log, approval workflow.
Need help? Call 1-925-218-4000 — Blackhawk MSP
