How to check application hashes in ThreatLocker?
This document outlines the step-by-step process of how to check application hashes in ThreatLocker.
This article is a part of our ThreatLocker How-to Guides series, Chapter 11 – Maintenance and Troubleshooting.
Introduction
Checking an application’s hash allows you to verify its integrity and see if it is flagged by VirusTotal or other threat intelligence sources.
Implementation
Step 1: Locate the Application Using Unified Audit
- Log in to the ThreatLocker Portal.
- Navigate to Unified Audit.
- Use the filter section to narrow your search to the target application.
- Date Range – Set a start and end date.
- Action Type – Set to Execution.
- Group By – Select Application Name to have a clearer view.
4. Click Search, locate the target application (e.g., Google Chrome), and open its details.
- Log in to the ThreatLocker Portal.
- In the top-right corner of the page, click Help.
- A small menu will appear, click Chat with Cyber Hero.
Step 2: Scan the Application Hash with VirusTotal
In the event details window, click Check VirusTotal to scan the hash.
A new browser tab will open showing the VirusTotal scan results for that application hash.
Conclusion
Using the Unified Audit and VirusTotal integration, you can quickly verify the legitimacy of any executed application by reviewing its hash and checking if it has been reported as malicious.