I'm the IT Specialist for our company; and our Managed Services Provider has Threatlocker installed at all of their clients. We use Sage 100 Advanced V2023 with Threatlocker and it has NOT caused any issues. It runs on our server (a virtual machine on a hyperv machine) and our workstations. Not sure what specific issues you are referring to but we have NOT experienced any trouble with Threatlocker running on our systems. And it saved us in at least one situation. If you are not already doing so, you need to put both the server and client machines into 'learning mode' when you install Sage 100 on your equipment. Other than that you would need to discuss with Threatlocker or the MSP handling this business.

NOTE: I also do IT support for a local accounting firm (in my spare time!) and we have the same MSP and also have Threatlocker installed. No problems with any of our software running with Threatlocker installed at this firm.

Just a suggestion for others to be sure to follow the Sage Knowledgebase article on Antivirus Exclusions as real-time scanning of certain files/folders can be a specific issue without it being the Antivirus in general. 

View article

https://us-kb.sage.com/portal/app/portlets/results/viewsolution.jsp?solutionid=223924950045806&fromemail=true

If the link does not work, it is article "How to exclude Sage 100 from antivirus Real-time scans.  Solution ID: 223924950045806.

On one Premium system they first tried Learning Mode, which did not help... and it was not just Sage 100 that slowed down.  Opening SSMS or Crystal Reports designer took about 10 times as long as normal.  10 cores, with the ThreatLocker process at 10% constantly, which looked to me like it was running into a CPU cap, slowing the server's responsiveness immensely.  Only completely disabling the ThreatLocker program entirely allowed the server to function normally.

AV exclusions are a normal first step in troubleshooting performance issues, but did not help with these scenarios.

Couple of ideas. First I'd want to compare the two servers and their specs. I don't have them at my fingertips but we intentionally over spec'd the Hyper-V to ensure we could host multiple VMs. Also we are running Advanced and this Sage version still uses ProvideX database engine, where Premium is SQL. Second, would be interesting to know if this business had their internal staff purchase and setup Threatlocker (therefore maybe an initial configuration and/or learning curve issue) or if they had an outside MSP setup the system (and obviously if the MSP was new with TL they could have the same issue). Our MSP has over 100 clients and have TL installed on all managed devices so they definitely understand and know how to configure and use TL.

Feel like I'm a competent user & local admin using Threatlocker but don't know enough to troubleshoot this issue. I will say that when I install ANYTHING (including initial PC or server setup) we have Threatlocker in learning mode. Specifically installing Sage 100 i have the client and server both in learning mode. Our MSP has a lot of skill and experience with TL and I know they have tools on the backend that I don't so it may require an admin who has that level of permissions to diagnose and fix. Also our MSP is familiar with the AV exclusions we have these all in place here.

I wear a tinfoil cybersecurity hat so I'm generally a big fan of TL even with the inconveniences it can impose on users. Someone opened a phishing email and TL repeatedly kept the malware from installing until we were able to identify the issue and pull said machine off the network. So I'd recommend finding the problem and fixing it so TL & Sage can live and work together. But obviously you need Sage working to run the business so you either solve the problem or remove TL.

It's entirely possible the problem is an under-powered server / configuration issue.  The first problem (Premium) had the client IT pointing accusing fingers at Sage 100 for more than a week.  I ran through everything, and then pointed a questioning finger at ThreatLocker.  They turned it off and everything got better immediately.  The cause was clear.  Could it be made to work?  Perhaps, but that is not my job.

If someone wants to post tuning advice for how to make Treatlocker work with Sage 100, I have no issues with that, but I would clearly say it can cause performance problems on a Sage 100 server.

Today, new complaints for a different client.  We advised to try removing TL, and it again worked immediately.

Makes sense Kevin. As the user responsible for all IT operations here (Sage 100, as well as everything else) my advice to others in my situation would be to find a way to get them working together, as the value of Threatlocker in the overall cybersecurity and network will far outweigh the effort involved to fix the problem.

From my experience I feel comfortable stating that Threatlocker (properly installed) will not cause performance issues with Sage 100 Advanced V2023. But if users just need to get Sage working and Threatlocker is stopping it, and they are comfortable with their other cybersecurity systems then your suggestion makes good sense.

"Properly installed" is a huge caveat, without details on what that means.  It absolutely can cause performance issues.

FYI,

I had another one today.  Workstation software (v2023 Premium) would simply not install on the terminal server with TL running.  (Not even when client IT put it into some kind of application maintenance / install mode). 

• Trying to install pre-req's, even after copying the exe to the local desktop, threw "you do not have permission" errors... while logged with a domain admin account (running As Administrator) which is absolutely insane / wrong.
• Workstation setup simply failed with a generic "...Workstation Setup has failed..." error.

Uninstall ThreatLocker from the machine: software install went perfectly smoothly after that.

(Again, posting this to help others).