Deploying ThreatLocker to Windows devices with Hexnode UEM

ThreatLocker, a zero-trust endpoint protection platform, provides robust cybersecurity solutions to organizations, ensuring continuous verification and protection against potential threats. ThreatLocker protects endpoints from a wide variety of threats, including phishing, malware, ransomware, rootkits, password attacks, and IoT attacks. This document will assist you through the step-by-step process to deploy ThreatLocker to Windows devices with the help of Hexnode UEM guaranteeing strong protection against cybersecurity threats.

How to deploy ThreatLocker to Windows?

Follow these steps to deploy ThreatLocker to Windows endpoints:

1. Download the PowerShell script from the ThreatLocker portal to deploy ThreatLocker on the devices.
   1. Login to your ThreatLocker portal.
   2. Click the option Computers from the navigation panel.
      Create a new group for the Windows devices by navigating to option +Computer Group and providing the details of the group.

      

   3. After creating the group, the Install Key value can be obtained from the device group information in the ThreatLocker portal. This will be used to replace the Groupkey in the PowerShell script.

      

   4. Click the option Install Computer and select deployment method as Manual Deployment and Computer Group as the group created for the Windows devices.
   5. Then an option to download the PowerShell script will appear in the same tab.
   6. Download the PowerShell script.

      

2. Execute the script to deploy ThreatLocker to the devices.
   1. Login to Hexnode UEM portal.
   2. Go to the Manage tab and select the device.
   3. Click on the Actions drop-down and select the Execute Custom Script option.
   4. Click Choose file to upload the PowerShell script downloaded from the ThreatLocker portal. The script is given below:
      

      ThreatLocker installation script

      ThreatLocker installation script for Windows

      #!/bin/bash GroupKey="xxxxxxxxxxxxxxxxxxxxxxxx" # Check for ThreatLocker app if [ ! -d /Applications/Threatlocker.app ]; then # Make API call and extract version number Version=$(curl -H "InstallKey: $GroupKey" https://api.threatlocker.com/getgroupkey.ashx | awk -F ':' '/URL/ {print $2}') # Check if Version is retrieved if [ -z "$Version" ]; then echo "Unable to retrieve version number" exit 1 fi # Download the specific version of ThreatLocker curl --output "/private/var/tmp/Threatlocker.app.zip" "https://updates.threatlocker.com/repository/mac/$Version/Threatlocker.app.zip" # Unzip and install unzip -qq /private/var/tmp/Threatlocker.app.zip -d /Applications if [ ! -d /Applications/Threatlocker.app ]; then echo "Not able to download the file" exit 1 else open /Applications/ThreatLocker.app --args -groupKey $GroupKey echo "Installing Threatlocker" sleep 15 echo "Verifying Group Key" sleep 15 if [ ! -d /Library/Application\ Support/Threatlocker ]; then echo "GroupKey is Invalid" exit 1 else echo "Threatlocker Installed" exit 0 fi fi fi # Check if ThreatLocker is already installed if [ -d /Applications/ThreatLocker.app ]; then echo "Threatlocker is already installed" exit 1 fi

      1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

      #!/bin/bash GroupKey="xxxxxxxxxxxxxxxxxxxxxxxx" # Check for ThreatLocker app if [ ! -d /Applications/Threatlocker.app ]; then     # Make API call and extract version number     Version=$(curl -H "InstallKey: $GroupKey" https://api.threatlocker.com/getgroupkey.ashx | awk -F ':' '/URL/ {print $2}')     # Check if Version is retrieved     if [ -z "$Version" ]; then         echo "Unable to retrieve version number"         exit 1     fi     # Download the specific version of ThreatLocker     curl --output "/private/var/tmp/Threatlocker.app.zip" "https://updates.threatlocker.com/repository/mac/$Version/Threatlocker.app.zip"     # Unzip and install     unzip -qq /private/var/tmp/Threatlocker.app.zip -d /Applications     if [ ! -d /Applications/Threatlocker.app ]; then         echo "Not able to download the file"         exit 1     else         open /Applications/ThreatLocker.app --args -groupKey $GroupKey         echo "Installing Threatlocker"         sleep 15         echo "Verifying Group Key"         sleep 15         if [ ! -d /Library/Application\ Support/Threatlocker ]; then             echo "GroupKey is Invalid"             exit 1         else             echo "Threatlocker Installed"             exit 0         fi     fi fi # Check if ThreatLocker is already installed if [ -d /Applications/ThreatLocker.app ]; then     echo "Threatlocker is already installed"     exit 1 fi

   5. Click Execute.
3. Navigate to the Action History tab of the device to check if the ThreatLocker has been installed successfully.

   

4. In the ThreatLocker portal, navigate to the Computers section to view the devices on which the ThreatLocker is deployed.

   

What happens at the device end?

Once the deployment is successfully completed, the devices will be added to the ThreatLocker portal. It helps ensure that the devices are actively protected against a wide range of threats, including phishing, malware, ransomware, rootkits, password attacks, and IoT-related vulnerabilities.