Company logoHelp Center
Visit www.threatlocker.com

Agent API Release Notes

4 min. readlast update: 12.03.2025

Released 12/3/2025

New Features & Improvements

  • Backend improvements aimed at optimizing throughput, reducing server overhead, and ensuring stability during high-load traffic scenarios

Bug Fixes

  • Resolved an issue in which Linux Agents were receiving Windows policies applied to the Entire Organization

Released 11/20/2025

New Features & Improvements

  • Added the ability to run PowerShell scripts created via the Incident Center
  • Added API support for Detect Monitor Only modes for policies

Bug Fixes

  • Resolved an issue where self-approval for built-in applications did not permit execution as expected when using the "Run Now"
  • Corrected parameter naming in the AgentAPI to prevent potential errors

Released: 11/17/2025

Bug Fixes

  • Resolved an issue where Agent Settings for Automatic Learning were not correctly applied 

Released: 11/04/2025

New Features & Improvements

  • Added validation to ensure successful database insertion when creating OpsAlert records
  • Added a new AgentAPI endpoint to validate ThreatLockerService_exe.bin update files by SHA256 hash and return version information
  • When a machine is moved to the Orphaned organization, tamper protection is now disabled and Monitor Only mode is enabled automatically and indefinitely 
  • Added system audit logging to track when a device is reactivated in the computer table
  • Added support for relaying source application restrictions in Mac application policies
  • Added agent version information to Detect alerts
  • Added a new stored procedure to support Cyber Hero Approval Processing

Bug Fixes

  • AgentAPI for macOS now properly accepts devices without local admins
  • Resolved an issue where Linux baselining incorrectly created both custom and built-in policies simultaneously
  • The GetByAppId endpoint in AgentAPI now returns a 400 error if the request body or ApplicationId is empty
  • Resolved an issue where system audit logs were not generated during policy creation in Automatic Learning

 

Released: 10/29/2025

New Features & Improvements

  • Added validation to ensure successful database insertion when creating Detect Alerts

  • Updated the AgentAPI to reference the latest ThreatLocker.Common package for improved compatibility

  • Performance improvements with validating update files

  • AgentAPI for macOS now properly accepts devices without local admins

  • Made improvements to handling approval requests

  • Added support for relaying source application restrictions in Mac policies 

  • Made improvements to the Orphaned Computer workflow

  • Added system audit logging to track when a device is reactivated 

  • Added agent version information to Detect alerts, enabling visibility of the agent version in alert details

Bug Fixes

  • Resolved an issue where Linux baselining incorrectly created both custom and built-in policies simultaneously 

  • Improved consistency in API responses 

  • Resolved an issue where system audit logs were not generated during policy creation in Automatic Learning

Released: 10/20/2025

Bug Fixes

  • Resolved an issue in which some macOS computers being installed using older ThreatLocker versions were unable to complete registration in the ThreatLocker portal

Released: 10/13/2025

Bug Fixes

  • Resolved an issue in which improper caching of instances sometimes resulted in failed computer registrations

Released: 10/2/2025

New Features & Improvements

  • Added a “Baseline Configuration” setting to control whether new Windows agents run an initial baseline scan (requires agent 10.5.3+)
  • Added a “Register Restrictions” agent setting to allowlist IPs/ranges (IPv4/IPv6, CIDR) for agent registration
  • Enhanced application control, policies can now restrict launches to approved parent applications
  • Storage Control policies now support Global groups in “Applies to,” ensuring policies deploy to all endpoints within those groups

Bug Fixes

  • Patch Management now automatically removes policies that targeted a device when that device is uninstalled
  • Resolved 401 errors by making the environment check case-insensitive in configuration

Released: 9/16/2025

New Features & Improvements

  • Added additional logging in System Audit and Maintenance History when Self-Approved maintenance modes are enabled
  • Made improvements to the Monitored Path function for IP addresses

Bug Fixes

  • Resolved an issue where self-approval in maintenance mode displayed incorrect scheduling data in the system audit.
  • Resolved an issue in which Detect alerts were being incorrectly truncated when they exceeded the 1000 character limit
  • Resolved an issue in which Agent was sending up Null Channel IDs for Applications without a Channel
  •  Resolved an issue in which the Run in Testing Environment was not being displayed from the Unified Audit
Was this article helpful?