How to install the ThreatLocker Windows agent?
This document outlines the step-by-step process for installing the ThreatLocker agent on a Windows machine. This installation is essential to enable centralised management and policy enforcement on endpoints.
Implementation
There are two main types of ThreatLocker agent installation, depending on your environment and deployment scale:
- Manual Installation – Suitable for small environments or individual machines.
- Automated Installation (RMM or Script-based) – Recommended for large-scale or remote deployments.
However, In this document, we will focus on the Manual Installation method, using the Stub EXE installer for a Microsoft Windows PC
Manual Installation of ThreatLocker Windows Agent
This method is used for individual or small-scale installations, typically done directly on each device.
Step 1: Log in to the ThreatLocker Portal and Go to “Devices”:
After logging into the ThreatLocker web portal, navigate to the “Devices” tab in the left-hand menu. This section displays all endpoints where the ThreatLocker agent is installed or can be deployed.
Step 2: Download the Agent Installer:
From the Devices section of the ThreatLocker Portal, click the “Install Computer” button located at the top of the screen.
This will open the Agent Installer window, where you can:
- Choose the target Computer Group
- Select your deployment method:
- MSI Installer
- Single Click EXE
- PKG Installer (for macOS)
- PowerShell Script (for RMM tools)
Step 3: Choose Deployment Method and Launch Installer
After clicking “Install Computer”, select “Microsoft Windows PC” as the Computer Group.
Once selected, three installation methods will appear:
- MSI Installer : Standard Windows installer.
- Stub Installer (Single Click EXE) : Simple one-click installation.
- PowerShell Script (for RMM or automated deployment): Requires your Unique Identifier.
Note: At the top of the window, your Unique Identifier will be displayed. This is required if you choose the script-based method.
Since we are choosing the EXE method, proceed by clicking the Stub Installer link to download the preconfigured executable.
- Make sure to select the installer that matches your system architecture:
- x64 for 64-bit systems (most modern PCs).
- x86 for 32-bit systems.
Do not rename the EXE file — it is uniquely tied to your configuration, and renaming it will cause the installation to fail.
Step 4: Run the Installer on the Target Machine
Once the correct Stub Installer (EXE) has been downloaded:
- Copy the EXE file to the target Windows machine (if not already there).
- Double-click the file to launch the installation:
- When prompted by Windows User Account Control (UAC), click “Yes” to allow the installer to run.
- The installer will automatically:
- Install the ThreatLocker Agent
- Link the device to the selected Computer Group
- Register the device in the ThreatLocker Portal
Step 5: Verify Installation in the ThreatLocker Portal.
After the installation is complete:
- Return to the ThreatLocker Portal > Devices
- Find the device by its hostname (e.g., DESKTOP-CLIM2BD).
- You should see that the device is active with all details displayed (such as operating system, status, activity, version, etc.).
This confirms that the ThreatLocker Agent has been successfully installed and is communicating with the portal.
Conclusion
The installation of the ThreatLocker Windows agent is a straightforward process that ensures your endpoints are enrolled in the security ecosystem effectively.
By following the steps outlined in this guide, you have successfully:
- Accessed the ThreatLocker Portal.
- Selected the appropriate installer for your system.
- Deployed the agent on the target machine.
- Verified that the device is active and connected.
With the agent now installed, the device will begin baseline monitoring, allowing ThreatLocker to observe normal behavior before enforcement is applied.