ThreatLocker helpdesk fundamentals
The mental model and console moves a new helpdesk hire needs to triage ThreatLocker tickets confidently, from the Response Center through approval requests, the Unified Audit, and Learning Mode.
Lessons
- 01 ~7 minWhat ThreatLocker is and where it sits
A five-minute mental model of ThreatLocker as a default-deny zero-trust agent that prevents anything not explicitly permitted from running, with ringfencing constraining what allowed apps can do.
- 02 ~6 minTour of the ThreatLocker Portal
The four console areas a helpdesk technician opens every shift, plus how to switch organisation context safely.
- 03 ~8 minTriaging an approval request, four questions
A repeatable triage flow for the most common ThreatLocker ticket. Identify the file, decide if it should run, pick the policy scope, and document the decision.
- 04 ~7 minReading the Unified Audit
How to use the Unified Audit's filters to answer the two questions the helpdesk asks every shift, what happened on this machine, and was anything denied.
- 05 ~6 minLearning Mode basics
What Learning Mode does on a freshly-deployed agent, the three Automatic types, and the signs a customer is or isn't ready to flip to Secured Mode.
- Final quiz
Test what you learned. Wrong answers are explained on the spot.