Company logoHelp Center
Visit www.threatlocker.com

Agent API Release Notes

10 min. readlast update: 05.01.2026

3.7.0: 5/1/2026

New Features & Improvements

  • When a computer is restored in the portal, its group membership is now automatically updated
  • Added a new Agent API endpoint to retrieve DNS names and associated IP addresses for a specified computer
  • A new stored procedure was added to retrieve driver application IDs by make and model
  • Improved database performance by adding an index on computerGroupId and optimized storage policy procedures
  • A new API endpoint, API_StoragePoliciesGetV2, has been introduced to optimize storage policy retrieval

Bug Fixes

  • The Advanced Setting 'Feature Override' now applies to both Features and Modules, ensuring consistent behavior across all platforms
  • Full Self-Elevation events in AgentAPI now correctly log the ComputerID and Hostname in the System Audit, improving endpoint identification and audit accuracy
  • Updated the method for sending DNS logs to ensure Web Control DNS filtering logs are correctly displayed in Unified Audit

3.6.2: 04/21/2026

New Features & Improvements

  • Added an exclusion for ARM in ScheduledAgentActionProcessing_Computer_GetVersionInfo
  • Improved the Agent API to ensure ARM version agents upgrading from versions below 11 to above 11 are correctly identified and upgraded directly to the target version

3.6.1: 04/16/2026

Bug Fixes

  • An issue was resolved where devices moved to Orphaned Accounts were not automatically receiving maintenance modes; now, tamper protection is disabled and Monitor Only mode is enabled as expected

3.6.0: 04/15/2026

New Features & Improvements

  • Added support for multiple secure network servers in the get network policy endpoint to enhance device-to-device ZTNA policies
  • Devices previously marked as removed will now automatically reappear in the Access Device table upon heartbeat
  • Added support for future feature to reorder storage policies

Bug Fixes

  • Resolved an issue where Ringfence policies in flat policy structures were not automatically learning IP address exclusions at the organization level
  • Resolved an issue where high memory usage could occur due to excessive event logging

3.5.2: 4/3/2026

Bug Fixes

  • Features and products are now automatically disabled on endpoints when specific advanced override settings are enabled
  • Authentication has been removed from the api/GetFileListSha256 endpoint to support StubInstaller functionality

3.5.1: 3/30/2026

Bug Fixes

  • Resolved an issue in which device memberships were not correctly downloaded due to the OrganizationID not being accepted as a parameter
  • Resolved an issue in which deviceIDs were not being converted to uppercase before applying the SHA

3.5.0: 3/26/2026

New Features & Improvements

  • Added response validation to the UpdateAgentSettings api 

Bug Fixes

  • Resolved an issue in which packages were not correctly being cleared when switching between packages
  • Resolved an issue in which the Linux agent version was not being correctly displayed in the Unified Audit
  • Resolved an issue in which Global patch policies were not being honored on child organizations

3.4.0: 3/25/2026

Bug Fixes

  • Resolved an issue in which FQDN changes were not updating as expected
  • Updated the AgentAPI to check both organization products and features

3.3.0: 3/19/2026

Bug Fixes

  • Resolved an issue where the Windows XP Agent was not learning applications or policies during baseline or installation
  • Resolved an issue where system audit logs for Maintenance Mode and Self Approval actions were not displaying the correct user information

3.2.0: 3/16/2026

New Features & Improvements

  • Added DNS logging from mobile devices to the Unified Audit
  • Added a new Agent API endpoint to track and retrieve all domain name changes for devices within an organization
  • Added a new endpoint in AgentAPI to support future fetching Detect policies for Syslog integration
  • Enhanced the Agent API to ensure device approval status is correctly updated in the PendingDevice table during registration

3.1.0: 3/10/2026

Bug Fixes

  • Resolved an issue in which local IP addresses were not being updated in the portal due to an incorrect endpoint name change

3.0.0: 3/10/2026

New Features & Improvements

  • Added a new Agent API endpoint to support .NET 8 compatibility checks and agent update requests
  • Added a new advanced setting to enable or disable device registration approval
  • Added new device registration and approval/rejection functionality for Secure Network
  • Added support for the upcoming 'Device Discovery' feature
  • Added support for alert states to improve ThreatLocker Detect alert processing

Bug Fixes

  • Resolved an issue where Mac and Linux devices incorrectly displayed an 'Unknown' check-in status
  • Resolved an issue in AgentAPI where Access Device Heartbeat was logging duplicate check-ins
  • Resolved an issue where self-approvals could create policies with negative order values in flat policy structures

Released 2/25/2026

New Features & Improvements

  •  Informational alerts will no longer trigger threat status in Detect

Released 2/19/2026

New Features & Improvements

  • A new endpoint has been added to AgentAPI to display the current state of assets and capture policy enable/disable actions within a case in the Detect product
  • Improved queue processing and reduced CPU usage
  • AgentAPI now sends items to LocalSQL for processing, introducing a new AppSetting and updated logic
  • The Agent API now includes Distinguished Name (DN) and Fully Qualified Domain Name (FQDN) information in the full check-in process, enhancing endpoint identification and reporting
  • Added a new Agent API endpoint to retrieve SHA-hashed private IP addresses for all devices in an organization

Bug Fixes

  • Fixed an issue where monitored paths set at the global level were not being relayed to agents
  • An issue was resolved where devices moved to Orphaned Accounts were not automatically receiving maintenance modes; now, tamper protection is disabled and Monitor Only mode is enabled as expected

Released 2/11/2026

New Features & Improvements

  • Added support for the Self Approval Configuration Advanced Setting

Bug Fixes

  • Resolved an issue in which the VDI Risk Center was failing to insert hash values in custom applications

Released 1/22/2026

New Features

  • Made enhancements to sending and processing action logs and DAC results

Released 1/09/2026

New Features & Improvements

  • Added a LastModifiedDate property to AgentSetting in AgentAPI to improve tracking of agent setting changes in the Detect product
  • Added a new endpoint to improve reporting of failed patch installations, automatically creating help desk tickets after three consecutive failures in Patch Management

Bug Fixes

  • Resolved a security vulnerability in AgentAPI where .bat scripts could be executed after ending installation mode; devices now perform a full security check when exiting maintenance mode to ensure proper enforcement
  • The API_OpsPolicyGet procedure in AgentAPI was updated to improve how policy IDs are retrieved, enhancing performance and maintainability
  • Resolved an issue where Register Restrictions set to "Entire Organization" now correctly apply to MAC and Linux devices, ensuring consistent registration restrictions across all operating systems
  • Resolved an issue in AgentAPI where install actions on Windows Agent did not include the correct process attribute, ensuring proper handling of process information when ProcessPath is missing

Released 12/15/2025

New Features

  • AgentAPI has been updated to store DAC results in Elastic instead of SQL

Released 12/08/2025

New Features & Improvements

  • A new AgentAPI endpoint has been added to Detect, allowing users to fetch PowerShell scripts created via the Incident Center
  • Added a Monitor Only option to Detect policies in AgentAPI, allowing alerts to be handled in monitor mode for improved policy management

Bug Fixes

  • Resolved an issue where Unified Audit logs were delayed or missing
  • Resolved an issue where self-approvals matching built-in applications did not permit execution as expected
  • Corrected parameter naming in the AgentAPI to prevent potential errors

Released 12/03/2025

New Features & Improvements

  • Backend improvements aimed at optimizing throughput, reducing server overhead, and ensuring stability during high-load traffic scenarios

Bug Fixes

  • Resolved an issue in which Linux Agents were receiving Windows policies applied to the Entire Organization

Released 11/20/2025

New Features & Improvements

  • Added the ability to run PowerShell scripts created via the Incident Center
  • Added API support for Detect Monitor Only modes for policies

Bug Fixes

  • Resolved an issue where self-approval for built-in applications did not permit execution as expected when using the "Run Now"
  • Corrected parameter naming in the AgentAPI to prevent potential errors

Released: 11/17/2025

Bug Fixes

  • Resolved an issue where Agent Settings for Automatic Learning were not correctly applied 

Released: 11/04/2025

New Features & Improvements

  • Added validation to ensure successful database insertion when creating OpsAlert records
  • Added a new AgentAPI endpoint to validate ThreatLockerService_exe.bin update files by SHA256 hash and return version information
  • When a machine is moved to the Orphaned organization, tamper protection is now disabled and Monitor Only mode is enabled automatically and indefinitely 
  • Added system audit logging to track when a device is reactivated in the computer table
  • Added support for relaying source application restrictions in Mac application policies
  • Added agent version information to Detect alerts
  • Added a new stored procedure to support Cyber Hero Approval Processing

Bug Fixes

  • AgentAPI for macOS now properly accepts devices without local admins
  • Resolved an issue where Linux baselining incorrectly created both custom and built-in policies simultaneously
  • The GetByAppId endpoint in AgentAPI now returns a 400 error if the request body or ApplicationId is empty
  • Resolved an issue where system audit logs were not generated during policy creation in Automatic Learning

 

Released: 10/29/2025

New Features & Improvements

  • Added validation to ensure successful database insertion when creating Detect Alerts

  • Updated the AgentAPI to reference the latest ThreatLocker.Common package for improved compatibility

  • Performance improvements with validating update files

  • AgentAPI for macOS now properly accepts devices without local admins

  • Made improvements to handling approval requests

  • Added support for relaying source application restrictions in Mac policies 

  • Made improvements to the Orphaned Computer workflow

  • Added system audit logging to track when a device is reactivated 

  • Added agent version information to Detect alerts, enabling visibility of the agent version in alert details

Bug Fixes

  • Resolved an issue where Linux baselining incorrectly created both custom and built-in policies simultaneously 

  • Improved consistency in API responses 

  • Resolved an issue where system audit logs were not generated during policy creation in Automatic Learning

Released: 10/20/2025

Bug Fixes

  • Resolved an issue in which some macOS computers being installed using older ThreatLocker versions were unable to complete registration in the ThreatLocker portal

Released: 10/13/2025

Bug Fixes

  • Resolved an issue in which improper caching of instances sometimes resulted in failed computer registrations

Released: 10/2/2025

New Features & Improvements

  • Added a “Baseline Configuration” setting to control whether new Windows agents run an initial baseline scan (requires agent 10.5.3+)
  • Added a “Register Restrictions” agent setting to allowlist IPs/ranges (IPv4/IPv6, CIDR) for agent registration
  • Enhanced application control, policies can now restrict launches to approved parent applications
  • Storage Control policies now support Global groups in “Applies to,” ensuring policies deploy to all endpoints within those groups

Bug Fixes

  • Patch Management now automatically removes policies that targeted a device when that device is uninstalled
  • Resolved 401 errors by making the environment check case-insensitive in configuration

Released: 9/16/2025

New Features & Improvements

  • Added additional logging in System Audit and Maintenance History when Self-Approved maintenance modes are enabled
  • Made improvements to the Monitored Path function for IP addresses

Bug Fixes

  • Resolved an issue where self-approval in maintenance mode displayed incorrect scheduling data in the system audit.
  • Resolved an issue in which Detect alerts were being incorrectly truncated when they exceeded the 1000 character limit
  • Resolved an issue in which Agent was sending up Null Channel IDs for Applications without a Channel
  •  Resolved an issue in which the Run in Testing Environment was not being displayed from the Unified Audit
Was this article helpful?