Agent API Release Notes | ThreatLocker Help Center

Released: 11/04/2025

Added validation to ensure successful database insertion when creating OpsAlert records
Added a new AgentAPI endpoint to validate ThreatLockerService_exe.bin update files by SHA256 hash and return version information
When a machine is moved to the Orphaned organization, tamper protection is now disabled and Monitor Only mode is enabled automatically and indefinitely for that device
Added system audit logging to track when a device is reactivated in the computer table
Added support for relaying source application restrictions in Mac application policies
Added agent version information to Detect alerts
Added a new stored procedure to support Cyber Hero Approval Processing

AgentAPI for macOS now properly accepts devices without local admins
Resolved an issue where Linux baselining incorrectly created both custom and built-in policies simultaneously
The GetByAppId endpoint in AgentAPI now returns a 400 error if the request body or ApplicationId is empty
Resolved an issue where system audit logs were not generated during policy creation in Automatic Learning

Added validation to ensure successful database insertion when creating Detect Alerts
Updated the AgentAPI to reference the latest ThreatLocker.Common package for improved compatibility
Performance improvements with validating update files
AgentAPI for macOS now properly accepts devices without local admins
Made improvements to handling approval requests
Added support for relaying source application restrictions in Mac policies
Made improvements to the Orphaned Computer workflow
Added system audit logging to track when a device is reactivated
Added agent version information to Detect alerts, enabling visibility of the agent version in alert details

Resolved an issue where Linux baselining incorrectly created both custom and built-in policies simultaneously
Improved consistency in API responses
Resolved an issue where system audit logs were not generated during policy creation in Automatic Learning

Resolved an issue in which some macOS computers being installed using older ThreatLocker versions were unable to complete registration in the ThreatLocker portal

Resolved an issue in which improper caching of instances sometimes resulted in failed computer registrations

Added a “Baseline Configuration” setting to control whether new Windows agents run an initial baseline scan (requires agent 10.5.3+)
Added a “Register Restrictions” agent setting to allowlist IPs/ranges (IPv4/IPv6, CIDR) for agent registration
Enhanced application control, policies can now restrict launches to approved parent applications
Storage Control policies now support Global groups in “Applies to,” ensuring policies deploy to all endpoints within those groups

Patch Management now automatically removes policies that targeted a device when that device is uninstalled
Resolved 401 errors by making the environment check case-insensitive in configuration

Added additional logging in System Audit and Maintenance History when Self-Approved maintenance modes are enabled
Made improvements to the Monitored Path function for IP addresses

Resolved an issue where self-approval in maintenance mode displayed incorrect scheduling data in the system audit.
Resolved an issue in which Detect alerts were being incorrectly truncated when they exceeded the 1000 character limit
Resolved an issue in which Agent was sending up Null Channel IDs for Applications without a Channel
Resolved an issue in which the Run in Testing Environment was not being displayed from the Unified Audit