Agent Version 5.25
We are excited to announce our latest build, "ThreatLocker 5.25". The new build brings many improvements and enhancements. The build is currently in beta, and we are inviting our MSP Partners to test it out on your internal systems.
The improvements are listed in order below:-
- Performance improvements. ThreatLocker has made major changes to our system's core so that we process core operating system files directly at the Kernel. This has reduced the memory footprint by about 70%, and CPU on some older or specific models of systems.
- ThreatLocker now directly integrates with Superfetch components of the operating system. The Superfetch component in Windows preloads executables in ram, that may be loaded in the future. This caused ThreatLocker to log the files as executed. This has been changed, so we do not log the entry if it was not executed.
- Changed the preload of data when browsing folders no to show a file as opened. In previous builds, if a user browsed a folder, it may log files as read using Windows Explorer, even if the file was not read. This was because, various shell extensions would read the metadata from the file, before it was read. This has not been changed, so it does show as read, unless it is actually copied or read using Windows Explorer.
- Added the ability to schedule policies at certain times of the day. In the application policy page, you can define what time of day applications can be executed. E.g., you may decide to block PowerShell out of office hours.
- Improved security around tamper protection.
- Added protection, surrounding js files, that are typically just web files that could call other applications to stop them outside of normal behavior.
- Added the username into Network traffic, so you can now see the username that connected to a network resource.
- Added support for override codes with an override policy, if you are unable to connect to the internet or the ThreatLocker APIs are not available.
- Other various stability to security fixes.
If you wish to make use of 5.25, please perform the following steps.
- Log into the ThreatLocker Portal.
- Select the Computer Groups page.
- Select the group you wish to test on.
- Select the "Update ThreatLocker Version"
- Select 5.25
- Wait for 2-3 minutes to give the agent chance to download the new build.
- Select the computers page.
- Select your computer, and select Restart Service.
- Your computer should check in with 5.25 within a few minutes.