Threatdown | FAQ

What does Threatdown do for my organization?

• Threatdown EDR is a non-disruptive, lightweight endpoint agent that helps detect & protect against “zero-day” threats.

How do I get support for Threatdown?

• Threatdown requests can be submitted from the Support Center in IT hub or by emailing product-support@electric.ai. Admins can also submit a ticket via the Admin center by clicking Get help with Threatdown.

• Product Support will work with you directly on the request. If needed, Electric will escalate the request to our partner support team and liaise with Threatdown Support via our reseller relationship with Pax8 to drive the issue to resolution.

How does a new user get onboarded to Threatdown?

• Specific user accounts do not need to be created for this application to work.

• Application deployment will be as follows:

  • Quickstart customers: The POC selected during deployment will be provided with installer links to share with all end users to install Threatdown.

    • When an onboarding/offboarding request is submitted, The App Champion will be notified via ITHub to add or remove a device from Threatdown.

    • The POC selected during deployment will also receive Site Admin access to generate installer links for future use. Documentation to generate installer links from Threatdown console are below:

      • Mac Instructions

      • Windows Instructions

  • All other customers: The application will be pushed automatically to the end user’s device as soon as it is enrolled in MDM.

Can I make changes to the Threatdown policies or settings?

• Yes, an administrative account is provided to a single POC specified in the deployment questionnaire.

• If multiple admins on customer side are needed, open a ticket with product-support@electric.ai and the team will get them set up!

What training resources/documentation are available for my team?

• You can find additional support materials here.

What type of information can I see in IT Hub?

• Threatdown information will be visible in the Security tab of ITHub after project completion.

How can a user see/confirm that Threatdown is installed on their device?

• On Mac:

  • Open up Finder > File pathway: /private/var/log/com.Threatdown.EndpointAgent.log

• On Windows:

  • Open the Search Bar or Control Panel> Add/Remove Program > “Threatdown”

  • OR Navigate to C:\Program Files\Threatdown Endpoint Agent\

What is the difference between Protected and Scan Only status?

• The differences in protection status can be found here. To get a device from scan only into protected mode, the user must allow full disk access. This is more common on Mac machines. The Electric Endpoint team can help enable full disk encryption if the customer is on MDM. Enable FDA via this link.

How does a Windows device get scan approved?

• Windows device becomes "scan approved" by Threatdown when a scan is run using the application and no malware or other threats are detected, meaning the scan completes without finding any malicious files or suspicious activity on the system; essentially, a clean scan with no threats identified signifies a scan-approved device. You can read more about scan policies here.

Can I access reports for Threatdown?

• This information can readily be found in the Security tab of IT Hub or the Threatdown Reporting tab in Turbine. If more granular reporting is needed, please submit a ticket and we’ll be happy to assist.

I have the Microsoft Defender native antivirus running on my window device. Do I need to turn it off?

• Threatdown EDR and Microsoft Defender Antivirus can coexist, but Defender Antivirus can be set to passive/inactive mode when ThreatDown is the primary endpoint protection solution. You don't need to uninstall Defender Antivirus, but Threatdown will take over as the primary endpoint protection.