Beta Portal Release Notes | ThreatLocker Help Center

3.5.1: 10/24/2025

New Features and Improvements

Introduced a new MDR Incident Response status of "Escalated" for improved alert management
Enhanced runbook inheritance, allowing parent organizations to manage runbooks for selected child organizations
Updated the Incident Notebook to swap the positions of the Export and Filter buttons for improved usability
Changed the Incident Log "Clear" button label to "Clear Filter" for clarity
Set the "Exclusions" tab as the default view in the Incident Notebook for easier access
The Incident Notebook now automatically closes upon completion of a response
Added input validation to prevent duplicate Microsoft Tenant IDs in Office 365 Connectors
Added the ability for organization admins to take over MDR incident claims, and MDR users to take incidents from other MDR team members
Added the ability to group Agent Logs by any column, with counts by computers and error occurrences
Enhanced Agent Logs UI with new columns and filtering options for better log management
Fixed runbook saving logic for computers and groups in ThreatLocker Detect.
Updated LiveChat integration to use the latest API version for continued compatibility

Bug Fixes

Improved label input validation on Detect policies page to prevent blank or overly long tags
Improved token error handling to prevent unexpected logouts in the Portal
Fixed word wrapping in MDR Reports to prevent splitting words like "Microsoft 365" across lines.
Added backend validation and default exclusions to prevent invalid exclusions in Incident Notebook
Resolved duplicate success messages when clearing multiple alerts and fixed translation issues

3.5: 10/22/2025

New Features and Improvements

Made changes to the Agent update process to allow for scheduling updates - agents will restart themselves after update
The Computer and Computer Groups pages in the Portal have been updated with a new Agent Update window and a new pending staged update window to show progress
On the Computers and Groups pages, selecting a version next to a computer or group now opens the schedule update window with the relevant item pre-selected
A new Application Control Dashboard has been added to the Portal, providing enhanced charts, filtering, and interactive insights for application activity and policy management. This is controlled with a feature flag, so please reach out to your Account Manager or the Cyber Hero Support team
A language selector dropdown has been added to the login page and user profile window to allow future support of multiple languages
Added Portuguese language support, with initial translations now available on most pages
Added support for CIDR notation in login IP restrictions, allowing more flexible network-based access control in the Portal
Added enhanced search and "show all" functionality to the Policies tab in the Web Control module
Added an editable "Order By" field to the existing policies tab in the Portal application sidebar, allowing users to view and update policy order numbers
Added the "Effective Action" field to Scheduled Reports, allowing users to distinguish between different types of denies in report results.
Organizations page is now displayed in ascending order by name for improved usability
Added sorting functionality to the API Users page to allow users to view results in their preferred order
The DAC Category Distribution chart now displays the number of failed tests per category, rather than the number of computers that failed each test
A message linking to the Agent Settings page has been added to the Proxy and Relay sections in the Create/Edit Computer Group sidebar
The DAC Criticality Distribution chart now displays the number of tests failed instead of the number of impacted computers
Improved labeling in the Copy Policies dialogs for Application Control, Network Control, Storage Control, and ThreatLocker Detect to enhance clarity when copying policies
A message has been added to the Policy Sidebar in ThreatLocker Detect and Microsoft 365 Detect to inform users that undelivered API and Webhook messages will be discarded after 4 hours
The scheduled report dialog now features a renamed "Report Conditions" section and a new "Group By" option, allowing users to group report data and display group counts
The "Agent Settings" label in the portal's navigation menu and page header has been updated to "Advanced Settings" for improved clarity
A "Search Unified Audit" button has been added to the File History page in the Portal, allowing users to open a new tab and search the Unified Audit with the same search parameters as File History
The Existing Policies tab in the Applications sidebar now includes enhanced sorting by policy hierarchy and new filtering options, making it easier to locate and manage policies
A banner has been added to the top of the DAC page to notify users if any Windows agents are running Windows Agent versions older than 10.5.3 as DAC results will be limited on older versions
The computer deletion process in the Portal now includes a required checkbox for administrators to acknowledge that all policies will be lost, which may result in unintended application blocks if the machine returns online
Improved error handling in PortalAPI endpoints: error codes are now shown to all users, with detailed messages visible only to Master users
The Organizations page in the Portal was updated to capitalize the "O" in "Organizations" and standardize the paginator control throughout
Minor UI improvements to the Microsoft 365 page when the connector is not configured
Added display of the Elevation option in Application Control Policies, but disabled with a tooltip when the Elevation module is not enabled for the organization
The process for retrieving failed DAC test categories in the Portal has been improved to display only one failed occurrence per test
Updated the Portal to improve reporting of failed test counts in DAC Analysis Results, ensuring each failed test is only counted once, regardless of the number of affected computers
Reduced the number of calls required when updating application statuses
Backend improvements to integration handling for Entra ID and Microsoft 365
A warning has been added in the Approval Center to notify users when an approval request has already been updated, preventing duplicate escalation actions
A confirmation pop-up has been added in the Approval Center to notify client users when taking ownership of an approval request, clarifying that the request will not be processed by the Cyber Hero Team
Improved performance and accuracy of the AppliesTo dropdown by filtering out removed computers
Improved display of computers set to maintenance mode for over 10 years to display "Indefinite" instead of a numeric time frame
Added sorting functionality to the API Users table, allowing users to sort by API Token Name, Created, and Last Used columns
The DAC criticality trends chart now accurately displays the most recent test results for each computer, ensuring that computers turned off over weekends are represented with their last available result
The Office 365 integration has been renamed to Microsoft 365 throughout the Integrations page and sidebar for improved accuracy
The Microsoft Azure integration has been renamed to Microsoft Entra ID on the Integrations page and sidebars to reflect the correct product name
Added pagination to the Missing Updates card in the Health Center's Patch Management page for improved usability
Export button designs have been standardized and repositioned for consistency across all portal pages, improving usability and alignment with the latest interface guidelines

Bug Fixes

Resolved an issue where some organizations were not loading within the ConnectWise Manage integration in the Portal
Resolved an issue in the Web Control dashboard to ensure charts load correctly when viewing organization-wide data for custom and 90-day timeframes
Resolved an issue where the "Download Installer" popup on the Computers page did not display correctly on smaller screen resolutions, ensuring full visibility and usability across devices
Unverified certificates in the Response Center now correctly display with a red background to improve visibility and user awareness
Resolved an issue in Application Control where re-adding a tag type after unsaved deletion no longer triggers a duplicate error
Resolved an issue in which the VDI Testing Environment was incorrectly being displayed for macOS file approval requests
Deleted users no longer appear in the Schedule Report recipient list
Resolved an issue in the Unified Audit page where the "Action Type" and "Group By" drop-down menus did not display all options on smaller screens
A character limit of 50 has been added to the "Display Name" field when creating agent setting parameters in the Portal to prevent input errors
The "DAC Report" option in the Schedule Reports dropdown will now only appear for organizations with DAC enabled
Resolved an issue where users did not see all relevant records in the System Audit tab when using the "Create" action filter
Corrected an issue on the Organizations page where organization names and identifiers were displayed in the wrong locations
Fixed an issue in Elevation Control where searching by organization name returned no results
Resolved an issue in the Unified Audit where the "Copy Link" button overlapped with other buttons when scrolling
Resolved an issue where the 'Deploy Policies' button state would incorrectly revert after switching browser tabs
Resolved an issue where changing a device's maintenance status incorrectly caused the Deploy Policies button to appear active
Searching in the Unified Audit is now case-insensitive, ensuring consistent results regardless of letter case
Resolved an issue where the 'Upgrade to Flat Policy Structure' button was not appearing for parent organizations without devices, resulting in the inability to apply the upgrade to child organizations
Resolved an issue where the DAC page displayed unnecessary empty space when no results were available
Resolved an issue in Application Control where applications from child organizations could not be moved to the parent organization when viewed from the parent organization
Updated the Storage Control Policies sidebar to clarify local drive options, improve button placement, and enhance selection validation for file paths
Resolved an issue in the Agent Settings module where port number inputs could incorrectly display commas; port numbers now accept only continuous numeric values
Resolved an issue where the warning label for Ringfencing™ auto-populate was incorrectly displayed on the Application Control page for devices running version 10.5.1 or higher
Resolved an issue in the Unified Audit export where the network operation count was missing from CSV files; the "GroupByCount" column now displays correctly
Corrected the alignment of the Syslog Ingestor logo on the Computer Groups page
Resolved an issue in the Application Control > Policies page where deleting a network Ringfencing exclusion on later pages would reset the grid to page one; the grid now remains on the current page after deletion
Corrected the phone number format tooltip in the Users sidebar Passwordless Authentication section to remove extra spacing
The Selected Interface list in the Approval Request Storage Device Sidebar is now displayed in alphabetical order for improved usability
Resolved an issue in the Unified Audit page where CSV exports were previously limited to 10,001 records
Resolved an issue where parent-level users could not select ticketing integrations for Cloud Detect Policies in child organizations; integrations from the parent organization now apply as expected
Resolved an issue where the Deploy Policies button was not visible to users with only the "Edit Endpoint Detect Policies" permission
Super Admin Child users can no longer delete global parent Application Control policies in the Policies tab
Resolved issues with the DAC Report by removing the PDF creation option and improving layout responsiveness for small screens
Resolved an issue where entering an email address in the Schedule Reports section of Custom Reports could cause a console error
Improved application performance by optimizing database queries for faster loading of applications
Improved performance by optimizing database queries
Resolved an issue on the Computers page where maintenance mode conditions were not visible after maintenance mode ended
Implemented validation in Network Policies to prevent creating policies with objects as sources and a port range exceeding 50 ports
Resolved an issue where global policies with Ringfencing™ in Application Control were not auto-populating data from child organizations in the Unified Audit search
Resolved an issue where the calendar on the API History tab in Integrations would display incorrectly after resizing the browser window
Corrected the "No Tags Exist" message in Network Control to remove unnecessary characters
The "Upload Install File" button in Application Control > Store is now disabled for users with read-only permissions
Resolved an issue in the Devices > Maintenance tab where the "Allow Schedule End By User" toggle did not function as expected
The Organizations page now supports sorting by key fields to improve usability
Improved the policy promotion process in the Portal so that a "Promotion Pending" indicator is shown until the policy promotion is complete, ensuring accurate status display without requiring a manual refresh
Resolved an issue where the Web Control dashboard was only displaying data from the last four days
Resolved an issue in Application Control where copied suggested policies were not correctly ordered for organizations that have already upgraded to a flat policy structure
Improved the policy order logic when copying existing policies in organizations that have already upgraded to a flat policy structure
Resolved an issue in PortalAPI where downloaded Community Policies are now correctly ordered at the top for organizations that have already upgraded to a flat policy structure
Adjusted the layout of the Threats tab in the Response Center to reduce excess white space on larger screens
Resolved padding inconsistencies in the Portal's Download Community Application Policy, Edit User, and Custom Notes sidebars for improved visual alignment
The confirmation message in the Remediation tab was updated to clearly state that all active alerts will be cleared when removing a computer from isolate or lockdown mode
A warning dialog has been added in the Storage Device sidebar to notify users that removing a storage device from a policy will convert it to an "All Storage Devices" policy, helping prevent unintended security changes
Performance improvements were made to database queries to reduce response times for user organization lookups
Resolved an issue in Unified Audit where the Computer Mode was incorrectly displayed
System Audit logs for updating the order of web control policies now correctly record these actions as "modify" instead of "delete"
Aligned the tooltip and icon in the Application Control policy sidebar to improve visual consistency.

3.4.4: 10/16/2025

Bug Fixes

Optimized internal reporting tools and permissions

3.4.3: 10/9/2025

Bug Fixes

Resolved issue where approval requests were incorrectly shown as escalated

3.4.2: 10/3/2025

Bug Fixes

Fixed an issue that caused errors when running DAC checks from the Devices page
Fixed an issue where the Computer Group dropdown would not load correctly for SysLog ingester machines

3.4.1: 9/30/2025

Improvements

Improved DAC reporting and visibility: results now default-sort by severity, exclude devices inactive for 7+ days, elevate Critical findings in ranking, and replace “Compliance Violations” with a “Category Distribution” chart across the dashboard and report

Bug Fixes

Fixed an issue that could prevent installation/activation emails or SMS from sending via the Mobile Devices sidebar on some regions
Fixed an issue that prevented assigning “Applies to” when creating listener configuration agent settings

3.4.0: 9/25/2025

New Features and Improvements

Added links to the System Audit from policy sidebars that will filter to display the history of the selected policy (e.g., when and who created it, and when and who edited it)
Added the ability to restrict the applications that are allowed to launch an application
Added ability to select a Global group in the storage control dropdown
Added API History tab to the SolarWinds integration sidebar
Made improvements to the 'Computer with Same ComputerID' report to include a date range selector
Added a 'File Path' field relating to the 'Excluded Processes' portion of the 'Computer
Group Settings' section when editing or creating computer groups. This allows users to optionally specify a file path related to the excluded process
Added an Include Child Organizations check box on Patch Management policies page
Added support for upcoming feature to schedule agent actions
Added an 'Uncategorized' category to search by in the Application Control module
Added confirmation dialog box when removing emails from DAC report recipients
Approval Center rejection notifications now reach endpoints faster
Minor UI improvements to the Threats tab
Made improvements to the display of search parameter chips in the Unified Audit
Made improvements to the visibility of the Forgot Password function
Made improvements to the Move to Parent Organization button
Made improvements to the display of the DAC page on organizations with no machines installed
Made improvements to the display of all organizations on the Organizations page
Added Register Restrictions Agent Setting functionality

Bug Fixes

Resolved an issue in which the total number of policies on the "Existing Policies" tab of an application would be blank instead of displaying the policy count
Resolved an issue in which a 400 error would appear if a user attempted to permit an application from the Unified Audit, and the Action Type was 'Baseline'
Resolved an issue where Web Control policies permitted users to create duplicates of the same user
Resolved an issue where the search box for promoting a policy in the 'Existing Policies' tab would not yield search results when a valid keyword was entered
Resolved an issue where users listed as a 'Super Admin' were not able to add the 'View ThreatLocker Administrator Password' permission to their account or other accounts
Resolved an issue where MAC groups were not being listed in the 'Applies To' dropdown found in the 'Web Control Dashboard'
Resolved an issue in which the Unified Audit would default to midnight of the previous day and the current date/time instead of displaying a 24-hour timeframe
Resolved an issue in which Global Policies at the Child Organization level that are enabled would display as "disabled" in the Unified Audit
Resolved an issue where adding a tag that already exists on the 'Network Control' page would provide a 'Tag Updated Successfully' notification instead of an error message informing the user of the duplicate tag
Resolved issue where installation dates and times were being rounded to the nearest minute instead of the nearest second, which resulted in inaccurate installation times
Resolved issue where trying to edit a ThreatLocker Detect Policy that was created through the Mobile App would be blank in the 'Applies To' section, which would restrict users from updating or changing the policy
Resolved issue with 'Category' chips found in 'Application Control', where the chips would overlap or display duplicates of the same category
Resolved an issue in which users were incorrectly able to insert IPs using CIDR notation on the Web Control 'DNS Servers', which caused some performance issues
Resolved an issue where creating a new Network Control policy would sometimes give the user the option to apply Objects and Tags where they should not be an option
Resolved an issue where the 'Applications Missing Updates' section of the Health Center was not recognizing the 'ViewDraftScript' option being enabled, causing applications to display inaccessible action buttons
Resolved an issue where certain chips for Group By filters in the Unified Audit would appear without a space between words
Resolved an issue where Super Admin users were not able to view ThreatLocker Administrator Passwords without the separate 'View ThreatLocker Administrator Password' permission enabled
Fixed issue where Incident Notebook would be incorrectly opened
Fixed Patch Management to prevent occasional duplicate listings and ensure impacted items reliably appear in Missing Updates.
System Audit now includes maintenance mode conditions, improving clarity and traceability for maintenance schedule changes
The Policies dashboard now requires a warning and confirmation before you disable, delete, or change the Default Deny policy
The Response Center now pluralizes and counts selections showing "Reject X Requests" when multiple items are selected for clearer bulk actions
Resolved an issue in which the user profile window was not resizing when the browser window was resized
Resolved an issue in which the Upload and Delete File button ws not working as expected
Resolved an issue in which Syslog Ingester group was visible in policy 'Applies to' dropdowns
Resolved an issue in which the Run DAC Check Now button was not including child organizations
Resolved an issue in which filtering the Computers page for "Waiting on Baseline" was incorrectly including Syslog Ingester.
Removed unnecessary filters from the Local Administrator page
Resolved an issue in which the deploy policies list was not clearing after the deploy button was pressed
Resolved an issue in which Super Admin was unable to approve a grandchild org request using a child organization application
Resolved an issue in which exiting the Service Now integration sidebar was incorrectly saving the settings instead of just closing
Resolved an issue in which approving a request and applying permanent Elevation was incorrectly resulting in two policies being created
Resolved an issue in which exporting policies was only exporting Entire Org policies
Resolved an issue in which queries using the Group by parameter were unable to be saved as scheduled reports
Resolved an issue in which Web Control policies were not able to be referenced in Detect policies
Resolved an issue in which setting Elevation time frame was also incorrectly influencing the policy expiration even when Elevation wasn't applied to the policy
Resolved an issue in which the autopopulate Ringfence feature was adding both IP and Domain
Resolved an issue in which the autopopulate feature wasn't using domain name parsing, which resulted in multiple entries for the same domain
Resolved an issue in which built-in macOS applications were being displayed on the application page when there were no active policies referencing them
Resolved an issue in which promoting a child org policy from the parent level that referenced a parent app was prevening the policy from being promoted to Global
Resolved an issue in which unverified certificates were not showing as invalid in the File History table
Added the ability to accept the EULA on behalf of an API user
Resolved an issue preventing a user with sufficient permissions from copying policies across child organizations
Fixed Unified Audit device links that returned 400 errors after a machine was moved
Fixed "Complete for all" so it reliably clears matching alerts
Fixed an issue where scheduling a future Application Control maintenance mode could prematurely end the current one
Resolved an issue for Built-In applications in the Application sidebar, where switching the condition field after inserting a rule in the 'Value' field would delete the condition field
Resolved an issue in which Proxy Server settings were able to be enabled or disabled with only Read permissions

3.3.4: 9/23/2025

New Features

Added scheduled reports for DAC, with the ability to change the frequency and recipients of the report

Bug Fixes

Fixed an issue where escalated approval requests could get stuck in the Response Center; duplicate authorizations are now blocked with a message showing who already actioned the request
Fixed an issue where approving applications from Unified Audit could show a 400 error; approvals now complete without errors

3.3.3: 9/19/2024

Improvements

Made improvements to the last log ingestion details in the 365 Integration sidebar
Modified the Notebook UI (Closed beta product) to enhance the display of Risk Cards, optimizing visibility on both large and small screens, with dynamic adjustments for organization names and analyst tags

3.3.2: 9/17/2025

Improvements

The Unified Audit now has a consistent guideline discouraging exports larger than 100k logs, with clear warnings and timeout messages

Bug Fixes

Temporarily reverted the new Access Device feature while we fix an issue preventing mobile registration via SMS/email invites

3.3.1: 9/17/2025

Improvements

Added password enhancements, settings, and features, for increased security

3.3.0: 9/16/2025

Improvements

ConnectWise Manage integration has been transitioned from legacy Portal with the following updates:
- Custom Messaging: Add your own messaging to ticket summaries, while retaining Powered by ThreatLocker.
- Request Type in Summary: Ticket summaries now include the request type (Execute, Elevate, or Storage) for quick context.
- Escalated Requests Highlighted: Escalated requests now appear in bold with notes for faster visibility and response.
- Requestor Details: Tickets now display the original requestor's contact and email for clearer tracking.
The Kaseya integration has been migrated to the main ThreatLocker portal, with updated pages for setup and management
Added support for two-level grouping in Report Builder, allowing you to set two separate"Group By" parameters for more granular summaries
Added an API History tab to ConnectWise PSA Manage integrations, giving users visibility into their integration activity when the feature is enabled
Added permission to enable viewing of error logs from a customer account
Added a "Filter By" dropdown next to the search bar on the missing updates page with options for All, Patch Supported, and Not Patch Supported
Added "Last 24 Hours" as an option in the Timeframe dropdown for custom reports
Added DAC reporting to the Report Schedule window with customizable scheduling options, and improved unsubscribe messaging so users clearly see when they are already unsubscribed
Updated application page visuals: replaced the "Built-in" label and old Maintained icon with new ThreatLocker icons that clearly show whether an application definition is maintained or not, with hover-over descriptions for clarity
Added support for mapping Computer Groups in the ServiceNow integration, allowing group details to be included in tickets alongside computer information
Added a show all policies check box when looking at a specific machine in storage control
Updated Network Control policies so the "Applies To" field correctly reflects that it can target both individual computers and computer groups
Updated the Configuration Manager policy sidebar banner to read "Requires ThreatLocker Agent Version 9.0 and above" for clarity
Removed the beta tag from Cloud Control and added an information message in the sidebar
Enhanced display of impacted computers and analyzed totals on the DAC main page for better reporting
Policy expiration settings can now be applied when approving requests with Suggested Ringfencing, allowing temporary policies to follow organizational guidelines
Added a date created field to application sorting functionality
Added scrolling support to long DAC result views
Updated the options dropdown to display all customer-usable settings while restricting advanced debug and internal-only options
Added a success notification when moving applications from a child organization to the parent organization
Added a warning in the Ringfencing settings to inform users that the Autopopulate feature may be limited on ThreatLocker Agent versions earlier than 10.5.1
Implemented data insertion improvements to the Lookup Options table
Simplified the API Users page by removing the unused "Rows Used" button
Enhanced Unified Audit filtering by adding support for "less than" and "greater than" options on Destination Port
Aligned switch spacing in Application Control policies to ensure a consistent and cleaner layout
Improved policy management by ensuring the "Delete Policy" button accurately reflects selected items after promoting a policy
Improved filter functionality to maintain page size settings after search action
Standardized the password reset billing verification button to always display "Submit" for a consistent user experience
Aligned elements in the Password Reset Verification window for better visual consistency
Improved clarity in the Deploy Policies menu by removing links to deleted web control policies
Improved consistency in approval requests by ensuring Firefox extensions follow the same approval restrictions as Chrome and Edge
Made the Denied Count on the Organizations page clickable, linking to Unified Audit with pre-populated deny filters (1, 3, or 7 days) for faster investigation
Extended Maintenance Mode agent settings to macOS, ensuring ticket numbers and notes are required when enabled, consistent with Windows behavior
Improved DAC report exports by displaying compliance values directly on graphs, and correcting inconsistencies in Criticality Trends totals for low-risk items
Removed legacy custom branding options from tray settings; messages set under "Request Window Appearance" will no longer display, as this section has been retired
Improved Store policy management with a new "Published" toggle and an "Applies To" column on the main grid, plus clearer validation that files larger than 2GB cannot be uploaded
Improved performance and security of application policy lookups and added full support for Mac
Updated the Policy Reorder confirmation window to improve clarity and user experience.
Improved agent settings management: the "applies to" field is now locked for consistency, while Syslog OS type machine settings can still be deleted when needed
The Health Center now displays both Path Only and Process Only custom rules, giving clearer visibility into single-parameter application policies

Bug Fixes

Fixed inconsistent chart rendering issues in custom MDR reports
Fixed an issue where the DAC Report option was incorrectly disabled when Cyber Hero MDR is disabled
Fixed an issue where the "Select All" checkbox in the Existing Policies tab did not update correctly when policies were manually deselected
Fixed spacing issues in the SMS verification section of the Password Reset window
Fixed an issue where newly created child organizations did not automatically inherit the DAC feature from the parent, ensuring consistent feature inheritance
Fixed an issue where Mac policies were not appearing in the Copy Existing Policies window, ensuring policies can now be copied between parent and child organizations as expected
Fixed an issue where the Maintenance Mode dropdown was cut off when near the bottom of the Devices list, ensuring the full dropdown menu is always visible
Fixed an issue where approval requests could incorrectly show as approved by a Cyber Hero instead of the client
Fixed Advanced Search chips in Unified Audit for Office 365/Cloud Detect action types to display proper capitalization and spacing, matching other action types
Fixed an issue where the "Resolve All" action on Missing Updates failed when a patch already had an existing transaction, ensuring statuses are now updated correctly
Fixed the Criticality Trends chart to stop backfilling prior "Fail" results when a current-day "Pass" exists, ensuring the chart reflects the latest status accurately
Fixed an issue where tags created in a child organization were not retained in grandchild Network Control policies; selected tags now save and display correctly
Fixed an issue where CSV exports from Unified Audit did not include Network Traffic counts; exports now display counts correctly
Fixed a caching issue where store categories displayed incorrectly until the page was refreshed; categories now load correctly on first open
Fixed an issue where creating a policy on an application that was being merged caused a hidden duplicate until updated; policies now correctly associate with the merged application or show an error
Fixed an issue where removing the Cyber Hero Management product showed an incorrect error if no child organization was using it
Fixed an issue where Mac tray notifications for approval requests displayed extra characters instead of clean line breaks
Fixed an issue where buttons and columns on custom report popups could become misaligned when resizing the screen
Fixed an issue where users with view permissions could not open built-in applications from the Policies page
Fixed an issue where tags appeared blank when policies with parent tags were copied into grandchild organizations; tags now display the full path
Fixed an issue where clients could not see the currently applied ThreatLocker version on computers if the build was not enabled for them, even though it was already applied
Fixed an issue where upcoming patches were showing for computers that had already been removed
Fixed an issue where disabled storage control policies appeared as "null" on devices instead of showing the correct policy name
Fixed an issue where approving Mac storage requests without a serial number failed
Fixed an issue where some modules were incorrectly shown as "Included" on the Organization page
Fixed an issue in Unified Audit where filtering by username with "equals" or "starts with" returned no results
Changed proxy Agent setting to allow a null value in the hostname/IP address field
Resolved an issue where the OS icon would not show on the devices page's dropdown
Scheduled policies now validate time entries
Fixed an issue where enabling the ThreatLocker Administrator Password System (TLAPS) incorrectly applied to Windows Domain Controllers; this policy will now correctly exclude Domain Controllers as intended
Resolved an issue with the Unified Audit where the count no longer shows a "+" symbol when the results are greater than the page size

3.2.4: 9/12/2025

Improvements

Added backend and UI enhancements to support upcoming improvements

3.2.3: 9/9/2025

Bugs Fixes

Fixed an issue on the Devices page where the Machines per page dropdown was missing the 500 option

3.2.2: 9/5/2025

New Features

Added a new full Executive Summary Report for Detect

Bugs Fixes

Resolved an issue in which the incorrect confirmation message was being displayed when moving an application
Resolved an issue in which the Effective Action was not properly displaying in the Incident log in the Incident Notebook
Resolved an issue in which multiple Cloud Detect alerts were unable to be cleared using the multiselect function; only the first alert was being cleared
Resolved an issue in which the Edit Endpoint Detect Policies permission was not allowing users to create Endpoint Detect policies
Resolved an issue in which selecting the Include Child Organizations checkbox in the Incident Notebook was causing errors
Resolved an issue in which the request body was not being cleared when changing a Call RestAPI or Call Webhook action from a POST to a GET or DELETE
Fixed alignment issues in the MDR Runbook sidebar

3.2.1: 9/4/2025

New features

Added new tab on all integration sidebars to show API logs.

Bug Fixes

Resolved an issue in which Configuration Manager policies were unable to be downloaded from the Community without error
Resolved an issue in which Agent Settings were not correctly using nested data fields
Resolved an issue in which the Instance dropdown on the login page was being displayed incorrectly
Resolved an issue in which the delete button on the Existing Policies tab was being displayed with the incorrect label
Updated the API User validation
Resolved an issue in which the hoverover text on the auto-populate button was displaying incorrectly
Resolved an issue where incorrectly formatted Linux baseline logs were not being displayed properly in the Unified Audit

3.2.0 8/29/2025

Improvements

Made improvements to how Criticality levels are displayed for Compliance Frameworks without a manually assigned Criticality
Added Policy ID along with the Application ID to System Audit log details
Added Unified Audit search operators to the System Audit log
Added an EULA to be displayed when first selecting the DNS server in Web Control
Made improvements to the formatting of the 'Install Computers' dialog for better consistency and alignment
Made improvements to the way Web Control policies are ordered when generated by Web Control request approvals
Improved the DAC Compliance Details dialogue interface
Added additional filtering on the DAC dashboard to filter by criticality
Added the ability to view the Policy ID for a Patch Management policy being edited within the 'Edit Patch Policy' sidebar
Updated the 'Select a version' dropdown within the 'Update ThreatLocker Version' dialog to display the correct logo for the Syslog version option
Made improvements to the 'Add' and 'Remove' button styles on the 'Listener Configurations' agent setting sidebar
Updated the pagination system on the 'File History' tab within Unified Audit entry sidebars for consistency across the portal
Made improvements to now show the complete organization's familial relationships in the Organizations page
Added scroll bars to the DAC, Health Center, and Community pages for improved navigation and visibility
Optimized the 'Applies To' validations in the Response Center
Added error notifications to clearly indicate when requests to export a large number of logs from the Unified Audit have timed out
Added the hostname to the details field within the System Audit
Added a link to view the latest DAC results for a specific device from the Devices page
Improved the initial Learning Mode start date under 'Maintenance History' for a device to more accurately display the date of the initial Learning mode
Made improvements to the 'Agent Restart Required' warning chip on the Computers tab of the Devices page to avoid false flags began
Added an 'Applies To' column to the "Show All" filter in Patch Management
Added a new Previous Version column to the Patch History tab of the Computer sidebar
Improved the way Custom Rules are grouped and displayed in the Approval Center
Added CSP to portal security headers
Improved 'Submit Offline Ticket' creation to not require hitting enter after pasting contents from the clipboard
Added a prompt identifying unpatched computers affected by a new Patch policy, with an option to patch them immediately
Added a list of Application Policies and their locations that would apply to that computer in the Application Approvals sidebar
Changed the Escalated Approval Status to reflect all possible escalations better
Added the ability to create new policies and edit existing policies from the Actions section of the Detect policy page
Added two new Detect Exclusion Conditions of "Full Path With CmdLine" and "Process Path With CmdLine"
Made Improvements to the UI when creating or editing Detect policies with a lot of Policy Conditions
Added column sorting to the Cloud Detect Policies page
Added column sorting to the Endpoint Detect Policies page
Improved the Initiate Defender Scan Detect Policy Action feature to avoid multiple
Made improvements to policy layout and display for Detect Recommendation Details scans from being initiated
Added multiselect functionality to Community Policies
Changed the Elevate chip color to blue in the Approval Center to easily differentiate
Improved the 'Create Report' permission by allowing users to save new reports and create scheduled reports. This new permission is called 'Create Custom Schedule Reports'

Bug Fixes

Resolved an issue where the 'Prioritize Built-In Applications' Agent Settings checkbox was always checked
Resolved an issue in which adding an Object as a selected source on a Network Control policy would cause the 'All Ports' destination option to remain disabled after switching back to 'All' sources
Resolved an issue in which assigned managers for organization admins would not show properly on the Users page
Removed the ability to edit the 'Applies To' of an agent setting after the setting is created and saved
Resolved an issue in which the 'Selected Users & Groups' input field on an Application Control policy would not clear properly after successfully adding a user or group
Resolved an issue in which selecting 'Add Policy to Top' on a Web Control policy would not follow the correct hierarchy when assigning the policy order
Resolved an issue in which the checkbox for the 'Prioritize Built-In Applications' agent setting would always display as enabled
Resolved an issue in which the Run in Testing Environment was not being displayed from the Unified Audit
Resolved an issue in which the 'Pending Restart' tag would be displayed incorrectly on the Devices page when sorting by certain columns
Resolved an issue in which Agent Settings would be incorrectly displayed for deleted computers
Resolved an issue in which a 500 error would occur when using the 'Copy Link' option to download the SysLog Ingester Installer from the 'Install Computer' dialog
Resolved an issue in which copying policies was incorrectly resulting in an Invalid ID error
Resolved an issue in which Linux policies set for specific users and groups were incorrectly clearing the users on save
Resolved an issue in which a scheduled Application Control policy was incorrectly permitting Elevation to be set to expire
Resolved an issue where the Requestor details were not being saved to the Application Policy in the Approval Center
Resolved an issue in which Tags could be saved with the same name
Resolved an issue with running a file in the Testing Environment that contained an ampersand in the filename
Removed help text in the Login Settings that noted IP addresses could be added in CIDR notation, as that is not a valid configuration entry
Resolved an issue where a 500 error was given when trying to access the Detect Executive Summary Report
Resolved an issue where specific Cloud Detect Threats would produce inconsistent errors
Resolved an issue with being unable to copy inactive Detect policies
Resolved an issue where the 'Applies To' in a Detect Policy was not searchable by Hostname
Resolved an issue with a 500 error when trying to Clear All Detect Alerts
Resolved an issue where long Policy names were cut off in Detect Policy Conditions

3.1.3 8/28/2025

Bug Fixes

Resolved an issue with Unified Audit filter chips not clearing when the filter itself was cleared
Resolved an issue with the Unified Audit filter chips not loading automatically when using Advanced Search
Resolved an issue with the Unified Audit filters not clearing when filter chips are closed (x)

3.1.1: 8/20/2025

Improvements

Updated DAC Criticality Trend Chart logic to better account for Tests that have been run multiple times per day
Alerts are no longer displayed for objects (M365 accounts or Devices) that are in Remediation

Bug Fixes

Resolved an issue where a specific Unified Audit Simulated Deny could not be opened

3.1.0: 8/19/2025

New Features & Improvements

Added ability to build and schedule custom reports using the Report Builder
Added a button to the Unified Audit which opens the Schedule Report dialog
Added a new permission which provides access to create new scheduled reports from the Schedule Report window
Added the ability to filter Application Control policies by a new "Policies Without Ringfencing" filter option
Improved the user creation process by allowing individual permissions to be assigned at time of creation
Improved UI alignment on the Maintenace tab in the Computer sidebar
Changed the Storage Control Policies default view to include Inactive and Expired policies
Improved the Upload File button functionality in an Approval Request to behave more consistently with the expected use case
Improved the automatically generated Unified Audit recent search names for readability and conciseness
Improved alignment of components in the DAC dashboard
Improved alignment throughout the Community Policy sidebar
Improved Unified Audit filter chip alignment
Improved alignment of IP Addresses table in the Computer sidebar
Updated pagination wording to better reflect page content on the Policies tab of the Elevation Control Module
Updated Version title text on the Computer sidebar to better reflect the information being displayed
Updated text on Agent Restart success toast
Added Application Control Policy Creation from Approval Requests to the System Audit, including Applies To and Ringfencing
Made improvements to the Missing Updates tab regarding minimum Agent version
Improved the logical grouping of information being presented in the Maintenance History section of the Maintenance tab on the Computer sidebar
Made an improvement to how Web Control Dashboard chart labels are displayed
Improved display of the shadow text when setting proxy or relay settings to include http or https
Added 'Applies To' for Patch Management, Configuration Manager, and Web Control policies to their respective System Audit entries
Now displaying what policy was responsible for the deny in the Approval Center
Removed the ability to set Exclusions in the Organization sidebar as they are no longer supported
Removed the All Ports Destination option when using Objects as a source in a Network Control policy
Implemented Categories for Custom Applications in the Application Store
Updated the Copy Existing Policies feature help and error messaging in Application Control for clarity when duplicate policies exist in the destination
Added a file counter to the Additional Files tab when the file count was less than required for pagination
Made improvements to the settings layout and verbiage in the 'Computer Group Settings' section of the 'Edit Computer Group' sidebar
Updated the IT Glue integration to move it off of legacy portal
Updated the verbiage for ThreatLocker App email and SMS notifications to remove the word "Access"

Bug Fixes

Resolved an issue where an admin received a 401 error trying to schedule an Elevation Maintenance Mode while the Computer was in Application Control Learning Mode
Resolved an issue where admin able to click 'Add Note' button without entering all required fields first resulting in an error message
Resolved an issue where the Unified Audit filter chips were not clearing when the current filters were cleared
Resolved an issue where unable to save an Application Control policy successfully when the only change was toggling 'Attach file with request' on or off
Resolved an issue within certain modules where the Home and End keys were not functioning
Resolved an issue where the Application name was not being displayed when adding an application to an Existing Policy
Resolved an issue where pagination wasn't updating when switching between organizations in the Unified Audit
Resolved an issue where a false 400 error is continuously encountered when setting a new Maintenance Mode after getting a legitimate 417 error from an invalid date being entered
Resolved an issue where you were able to promote a policy in Application Control to the 'Removed Computers' Computer Group
Resolved an issue where trying to merge Applications spread across multiple pages would deselect the first selected when navigating to the next page
Resolved an issue where the reveal password button would disappear if you clicked off the field and not come back after clicking back into the field
Resolved an issue where HaloPSA integration was not pulling down Client name changes
Resolved an issue where specific PowerShell process paths were being filtered out of the Unified Audit when 'Remove White Noise' was applied
Resolved an issue with Cyrillic Usernames appearing as ?????? in the Response Center
Resolved an issue where the Organization dropdown when setting Roles or Permissions was not showing the full available list
Resolved an issue where Unified Audit Export to CSV was limited to 10,000 rows without checking the Show Count checkbox
Resolved an issue where unable to make changes to Application Policies attached to hidden Mac Applications
Resolved an issue with being able to add Entra groups to a Web Control policy from the Response Center
Resolved an issue with getting a 500 error when trying to sync Datto Service Bundles with long names
Resolved an issue with the tab counters not displaying properly in the Response Center without clicking the in-page refresh button
Resolved an issue that allowed users to rename a Computer Group containing devices into a Global Group unexpectedly
Resolved an issue in which selecting 'Forgot Password' was causing errors
Resolved an issue in which Portal Banners would incorrectly include line breaks

3.0.6: 8/18/2025

Improvements

Additional updates and improvements to the Portal and API in support of future functionality

3.0.5: 8/15/2025

Improvements

General updates to the Portal and API in support of future functionality

3.0.4: 8/14/2025

Improvements

Improved cache performance for Portal API

3.0.3: 8/12/2025

Improvements

Disabled the 'Application' Condition in a Detect policy when paired with a Read or Write Action Type Condition as it would never produce an Alert
Improved how Policy Conditions are displayed in the Detect sidebar when creating a policy
Made improvements to how the Detect Alert Center displays on lower resolutions
Removed the unnecessary Body field for Detect Call Rest API/Call Webhook Actions using the DELETE Method
Added 'View Administrator Account Password' permission to allow for an admin with the permission to view the password from the portal

Bug Fixes

Fixed an issue with the Super Admin Child permission, where it was able to move an application to the parent organization
Fixed an issue with password reset for SAML on beta.threatlocker.com
Fixed an issue with Cyber Hero privileges for DAC reporting tab
Resolved an issue with a field validation error being displayed unexpectedly when creating a Detect policy utilizing the 'Create Connectwise Ticket' Action
Resolved an issue with a Call Rest API/Call Webhook Detect Policy Action failing when configured as an IP versus FQDN
Resolved an issue with not being able to disable or delete Cloud Detect policies on a Child Organization from the Parent
Resolved an issue with a field validation error being displayed unexpectedly when creating a Detect policy utilizing the 'Send Email' Action

3.0.2: 8/8/2025

Bug Fixes

Resolved an issue where selecting an application from the 'Add to Application' search results with multiple matches would incorrectly choose the closest match instead of the selected one

3.0.1: 8/8/2025

Improvements

Improved wording of and streamlined available options for Network Control policies by Process
Improved DAC layout of compliance chips

Bug Fixes

Resolved an issue where the 'Patch Now' button appeared for applications with patches still undergoing testing

3.0.0: 8/6/2025

New Features & Improvements

We are excited to open up the new Defense Against Configuration (DAC) feature to Beta. Please reach out to your Account Manager or Sales Representative for additional details
Navigating the Defense Against Configuration Dashboard | ThreatLocker Help Center
Added new Syslog Ingester feature
How to Install the Syslog Ingester | ThreatLocker Help Center
Improved Portal API memory usage and performance
Changed the default for the 'Notify Requestor' checkbox on Approval responses to checked

Bug Fixes

Resolved an issue where approving an application with permanent Elevation was creating an expired policy in specific circumstances

To view beta portal release notes for version 2.25.2 and lower, please visit: Beta Portal Release Notes - Version 2.25.2 and lower | ThreatLocker Help Center