Category filter

Deploy ThreatLocker to macOS devices with Hexnode UEM

ThreatLocker, a zero-trust endpoint protection platform, provides robust cybersecurity solutions to organizations, ensuring continuous verification and protection against potential threats. ThreatLocker protects endpoints from a wide variety of threats, including phishing, malware, ransomware, rootkits, password attacks, and IoT attacks. This document will assist you through the step-by-step process for deploying ThreatLocker to macOS devices with the help of Hexnode UEM guaranteeing strong protection against cybersecurity threats.

Pre-requisites:

How to deploy ThreatLocker

ThreatLocker can be deployed to macOS devices using Hexnode’s Scripts policy. Deploying ThreatLocker to devices involves configuring System Extensions, Notification Settings, and Web Content Filtering. You can use a single policy or separate ones to configure the System Extension, a configuration profile with Notification Settings and Web Content Filtering, and the ThreatLocker app installation script. In this document, we will configure all these settings in a single policy.

Follow these steps to deploy ThreatLocker to macOS endpoints:

ThreatLocker installation script

  1. In the Hexnode UEM portal, navigate to Policies > New Policy > macOS.
  2. Select Scripts from the left menu and click on Configure.
  3. Click on Choose Scripts and choose the ThreatLocker installation script. The script should be modified to include your Group Key which can be obtained from the ThreatLocker portal.
  4. Click on Configure.
  5. Once the script is added, a window will show up to configure the installation settings based on the requirements. Here, we are setting the script to execute on subsequent user log on.

    Options to configure the script installation process for deploying ThreatLocker to macOS devices

Configure System Extensions

  1. Select System Extensions under Configurations from the left menu and click on Configure.
  2. Under the Team Identifiers section, enter MSY54GN4KF as the identifier and click on Add.

Configure Web Content Filtering and Notification Settings

Web Content Filtering and Notification Settings can be configured using Hexnode’s Deploy Custom Configuration feature.

  1. Under the macOS tab, navigate to Configurations > Deploy Custom Configuration.
  2. Click Configure.
  3. Click on Choose File and upload the .mobileconfig, .xml, or .plist file. You can either use the configuration profile given below or create your own custom configuration profile using any profile creator tools.
  4. Click OK.

Associate target device

  1. Navigate to Policy Targets and select the Devices, Device Groups, Users, User Groups, or Domains you would like to associate the policy with.
  2. Click on Save.

What happens at the device end?

Once the ThreatLocker app is successfully deployed on macOS devices through Hexnode UEM, the devices will be added to the Threat