Portal 2.6.4: 11/15/2024
Bug Fixes
- Resolved an issue with logging in to the portal caused by an incorrect check on geolocation restrictions when signing in through SAML
- Removed the pending deploy policies feature until performance is improved
- Removed the Unified Audit Details tab on Approval Requests for design improvements
Portal 2.6.2: 11/14/2024
Bug Fixes
- Resolved an issue where starting a chat with a Cyber Hero from the login page was not working as expected
Portal 2.6.3: 11/14/2024
New Features
- Added a new feature to allow Administrators to be selected to receive specific Request Notifications for Elevation, Applications, and/or Storage
- Added a hover-over on the Deploy Policies button to display System Audit records for pending policy changes - This feature is being rewritten in the next portal build
- Added a new tab on Approval Requests to display the Unified Audit with results for the hostname from 10 minutes before the requested file was observed up to 24 hours after the requested file was observed
- Added a link from the Denied File Count on the Computers page to open the Unified Audit filtered to show the timeframe of the denied count selected
- Made improvements to the speed of loading the initial Unified Audit search by date/time
- Added display of the Organization name on the Cloud Detect policy main grid
- Changed the error message displayed when attempting to upload a profile picture that is too large
- Added a check to look for the keyword 'mismatch' and change the color of the Certificate chip appropriately
- Added additional character space for inserting a URL in the ServiceNow integration
Bug Fixes
- Resolved an issue in which users were unable to effectively disable the Configuration Manager policy CVE-2021-34527: Configure Print Spool Service (Print Nightmare)
- Resolved an issue in which the MFA method was being incorrectly cached when an admin was deleted
- Resolved an issue in which certificate mismatches were being displayed in green instead of red
- Resolved a minor UI bug on the Health Center page in which on small screens the progress bars could end up under the tile
- Minor verbiage correction on the error message received when a user doesn't have permission to edit or create an application
- Resolved an issue in which a leading or trailing space was not being trimmed as expected in Storage Control Policies > Selected File Paths
- Resolved an issue in which there were no System Audit logs when a user failed login due to being blocked by geo-restrictions
- Resolved an issue in which a single login was logging 4 login attempts on the Health Center page
- Removed Harddrive Serial Number from the variable dropdown in Detect as it is not information that is collected
- Resolved an issue in which the Create Configuration Manager Policy sidebar was incorrectly allowing the policy to be saved with the Applies To being blank
- Resolved an issue in which ThreatLocker Detect policies were unable to be created using the Destination IP Matches condition
- Resolved an issue in which the Home and End keys were not moving the cursor within a text field in the Unified Audit
- Resolved an issue in which opening an Elevation Control Exception was incorrectly opening the Entire Organization level instead of the selected Exception
- Resolved an issue in which a hostname hyperlink was not correctly opening the hostname sidebar when selected from an Approval Request
- Resolved an issue in which Super Admin users were unable to update Detect policies on grandchild organizations
- Resolved an issue in which specific API calls were incorrectly extending authentication token expiration
- Add additional resolution to the issue in which the action log for the Detect policy TL.AAL.117 - Monitor Know Ransomware Notes was not generating
- Removed the Enabled/Disabled button from the top of the Elevation Control Module > Remove All Except tab. Exclusions must be set and enabled or disabled from the sidebar
- Resolved an issue where starting a chat with a Cyber Hero from the login page was not working as expected
- Resolved an issue in which logins using SAML were failing
Portal 2.5.2: 11/14/2024
Bug Fixes
- Resolved an issue where starting a chat with a Cyber Hero from the login page was not working as expected
Portal 2.5.1: 10/31/2024
Bug Fix
- Resolved an issue in which the action log for the Detect policy TL.AAL.117 - Monitor Know Ransomware Notes was not generating
Portal 2.5: 10/25/2024
New Features
- A new feature that allows ThreatLocker administrators to take ownership of approval requests, indicating to the rest of the team that an approval request is currently being worked on
- A new feature was added to allow the editing of the subject line for emails generated upon ignoring an approval request from the Response Center
- Created a new sidebar window that is accessed through the Unified Audit by selecting an IP address that contains a list of known devices in ThreatLocker that match the selected IP address
- Added a link from the Denied File Counts on the Computers page to open the Unified Audit, filtered to show those denies
- Added a new feature to let users select their preferred display timezone. Once selected, all date/times throughout the portal will be displayed to the user in their preferred display timezone
- Added additional permission checks on the MaintenaceModeInsert API
- Added the Reports page APIs to our published API documentation
- Added the Unified Audit page APIs to our published API documentation
- Added new buttons to Elevation Action Type logs in the Unified Audit, allowing administrators to permit the application with elevation or to add files to a new or existing application definition
Improvements
- Improved ThreatLocker Detect functionality to support the use of wildcards in the CMD line parameters and IP address exclusion options
- Improved custom rule input boxes to automatically resize once the contents fill the current input box size
- Improved the Copy Policies target dropdown menu to include a search field to filter for a desired destination
- The portal's Reports page has been renamed 'Custom Reports' to better suit its purpose. Only reports used within the last six months will be visible. Please reach out to the Cyber Heroes if there are reports you would like to see added back for your organization.
- Improved the Cyber Hero response configurations for ThreatLocker Detect to highlight required information that is missing when attempting to save
- On the Storage Control page in the portal, swapped the icons used in the top right for Policies and Devices to properly reflect the purpose of the tab
- In response to customer demand, we have removed the Domain Name Parsing by Process configuration pages from the portal and moved back to using the Option to EnableDomainNameParsing.
- Updated all "Health Report" references in the portal to "Software Health Report"
- Improved portal usability by adding links to hostname objects in the portal that open the respective endpoint's Edit Computer side pane without leaving the current page
- Improved the error messaging on the Edit and Create Administrator side panes to better indicate which field(s) need review before allowing the window to be saved
- Improved the application definition side pane to be more clear on adding rules and also a confirmation message when pressing 'Save' on rules not added yet
- Improved the email response that is sent from Cyber Hero Management escalated approval requests to also include the requestor's email address in the body
Bug Fixes
- Resolved an issue in which the policy hyperlink was missing from the Detect Alerts sidebar
- Resolved an issue in which creating a new Application Control policy defaulted to the Entire Organization level being pre-selected
- Resolved an issue that made the options and tray settings for computer group settings not visible on Portal Version 2.4
- Resolved an issue that prevented shorthand IPv6 exclusions for Ringfencing™ policies to be added
- Resolved an issue in which the Datto PSA and Halo integration sidebars were not populating any Organization names in the dropdown until the user began typing first
- Resolved an issue in which starting a Disable ThreatLocker Detect maintenance mode was incorrectly disabling any previous maintenance modes
- Resolved an issue in which users were unable to use a parent tag on a child policy with appropriate permission
- Resolved an issue in which users in a parent organization were unable to start a Learning mode for a child computer and target an application
- Resolved an issue in which setting MFA to None resulted in the last login date on the Administrator page being blank
- Resolved an issue in which when promoting a policy from group level (on the Edit Application Sidebar), the selection defaults to Global instead of entire org
- Resolved an issue in which Computer groups were not populating when trying to copy policies
- Resolved an issue in which the API to invite admins was not checking for the correct permission
- Resolved an issue in which adding IP addresses to Login Settings was incorrectly resulting in an error
- Resolved an issue in which the Network Control main page was caching the list of policies from the previous load, regardless of the policy level selected
- Resolved an issue in which scheduling a maintenance mode was incorrectly resulting in the ThreatLocker Version appearing as though it is attempting to update
- Resolved an issue in which the home and end button on the keyboard stopped working in the Permit Application window
- Resolved an issue in which child organizations were unable to apply a policy if that exact policy was being used on the parent organization
- Resolved an issue in which creating policies back-to-back resulted in the 'Applies To' in the 2nd New Policy changing to Entire Organization regardless of what policy level was selected on the main grid
- Resolved an issue in which ThreatLocker Detect Alerts within the Response Center was incorrectly displaying the page number on the main grid when moving to different pages
- Resolved an issue where a 401 error was given when targeting a child organization machine for a maintenance mode, while managing the parent organization, and attempting to add a targeted application belonging to the child organization
- Resolved an issue in which an internet exclusion for *.sysmonitor.us was unable to be removed once added on Instance F
- Resolved an issue in which the Organizations page was taking users back to page 1 after closing a sidebar on any other page
- Resolved an issue in which Ringfencing Exclusions was automatically selecting\ the top option
- Resolved an issue that prevented administrators with roles containing super admin permissions from being added to the Cyber Hero Management, send escalation to configuration option
- Resolved an issue that caused applications to be added into a policy configuration when clicking out of the selection, caused by not effectively clicking the application name itself. A forced selection of the application is now required for it to be added to the policy
- Resolved an issue with searching for objects in the Network Control policies not working as expected
- Resolved an issue that reported incorrect computer counts for applications when policies were applied at different levels that overlapped
- Resolved an issue where System Audit logs did not show the proper username for changes done to the Mutual Action Plan
- Resolved an issue where the Ready to Secure status was given to computers that have not yet completed their baseline despite meeting all the other criteria
- Resolved an issue where a mismatch in the ThreatLocker agent version was not showing properly on the Computers page when the endpoint is not on the same version that is assigned to the Computer Group, and the version is set to inherit from the group settings
- Resolved an issue with clearing filters in the Unified Audit not properly clearing the start/end dates and times
- Resolved an issue in which certificates with invalid characters were being automatically added as rules in Approval Requests, resulting in a 417 error
Portal 2.4: 10/17/2024
New Features
- Added the ability to select a user role and open the User Role sidebar to provide visibility of the individual permission applied to that role
- Added the Approval Request API documentation to our published API documentation
- Added support for inserting a hyperlink into the custom tray branding Request Window Appearance message, which will be supported in Windows Agent Version 9.5 and above
- Added a new tab on the Computer sidebar to display all IP addresses ThreatLocker has observed the computer to be associated with
- Added the ability to click and copy all object IDs displayed in the Portal
- Added a new Incident Response framework within the Detect sidebar to help guide incident responses and to better collect data for future reporting. See the associated KB article here: ThreatLocker Detect Alert Sidebar - Response Details
- Added filters for all the columns in both Elevation Control tabs and for a new column "organization" in the first tab
- Added a new feature to set Path and/or Process conditions on Application Control Learning or Installation Maintenance Modes that will trigger the maintenance mode once those conditions have been met (i.e., Learning Mode will start for a specific process) which will be available in Windows Agent 9.5 or greater
Bug Fixes and Improvements
- Resolved an issue in which Admins were unable to assign roles to another admin with the correct permissions applied
- Resolved an issue in which the last selected Condition in an application definition was locked when the sidebar was closed without saving and then reopened
- Resolved an issue in which a character limit was not enforced when entering Cyber Hero Management instructions, resulting in performance issues
- Resolved an issue in which the Unreachable Policy popup was incorrectly being displayed when moving a policy, stating that the policy being moved would be blocked by the policy being moved
- Resolved an issue in which the Add to Application textbox was being prefilled incorrectly
- Resolved an issue in which Admins with the correct permission were unable to select Organization Options at the time of creating an Organization
- Resolved an issue in which computers in grandchild organizations were unable to have their maintenance modes changed from the Computers page main grid
- Removed Super Admin-Child and Super Admin-Parent from being able to be applied when creating a new User Role. Any existing User Roles with either of these permissions will not be impacted.
- Resolved an issue in which the banner informing users they need to configure their runbook was incorrectly being displayed even after the runbook was configured
- Resolved an issue in which inputting incorrect casing when specifying a drive letter in Storage Control policies was bypassing the warning message that indicates monitoring the specified path will cause performance issues (i.e., C:\*)
- Resolved an issue in which trying to reload PSA contracts in Datto resulted in an error
- Added paging to the Existing Policies tab on the Application sidebar to resolve an issue in which it would fail to load when there was a large number of policies
- Resolved an issue in which scheduling back-to-back maintenance modes on a computer was resulting in an incorrect display of the start and end date/time
- Resolved an issue in which the details of a previously opened application were being displayed when selecting to create a new application
- Resolved an issue in which deleted computers were being displayed incorrectly in the System Audit using the Organization ID instead of the Computer ID
- Resolved an issue in which the number of applications displayed was limited to 25 regardless of what was selected
- Resolved an issue in which the dividers in the Applies To dropdown menu were missing throughout the portal
- Resolved an issue in which an Okta integration was unable to be deleted by a Super Admin
- Resolved an issue in which Datto PSA Integration was returning Error 400 'Get PSA Contracts Error: Resource Not Found'
- Resolved an issue in which Detect policies were unable to use a mapped parent Datto integration to create a ticket as an action
- Resolved an issue in which parent-level tags were not accessible from child policies even with the correct admin permission
- Resolved an issue in which computers were incorrectly displaying Application Control Monitor Only instead of Application Control Learning Mode during the initial Learning duration
- Resolved an issue in which parent admins were unable to change maintenance modes on child organizations with the correct permission
- Resolved an issue in which Domain Name Parsing settings were defaulting to disabled from the Network Control module
- Resolved an issue in which unsupported options were being displayed on the Computer Group sidebar for Windows XP groups
- Resolved an issue in which spaces were incorrectly included in domain name parsing settings, causing the setting to not apply
- Resolved an issue in which organizations were incorrectly created with unset ThreatLocker Access permissions instead of the default settings (Cyber Heroes -Read Only and Solutions Engineers - Full Access)
- Resolved an issue in which accessing the VDI testing environment was incorrectly requiring the Manage Application Control Learning Mode permission
- Resolved an issue in which Unified Audit Saved Searches were not correctly applying if other parameters were selected on the main grid
- Resolved an issue in which an active Okta Integration was incorrectly continuing to sync permissions after the associated SAML integration was removed
- Resolved an issue in which users were incorrectly required to log in to the portal twice before a successful session could be initiated
- Resolved an issue in which IP address geolocation data was not being saved correctly unless country login restrictions were set
- Resolved an issue in which a warning banner was incorrectly being displayed for organizations that had Detect Response Settings detailed at a 'Global' level, not the 'Entire Organization' level
- Resolved an issue in which users with appropriate permission were unable to promote policies to the 'Global' level
- Resolved an issue where computers placed in Lockdown were not properly showing in the Remediation Tab in the Response Center
- Resolved an issue where options for organizations created through an API were not properly inheriting options applied on the parent organization
- Resolved an issue when applying Azure User groups to an application policy where the groups would appear as a string of zeros to now properly display the group name
10/11/2024: 2.3.5
Bug Fixes
- Changed logic for an upcoming feature "Triggered Maintenace Modes" to only be visible when the supporting Agent version is installed
10/3/2024: 2.3.4
Improvements
- Updated configuration options on macOS computer groups and deny with option to request policies for tray branding and behavior
Bug Fixes
- Resolved an issue where Chromium Extensions were not matching showing existing application matches properly
- Resolved an issue with date and time reporting NaN if an organization's time zone was missing
- Resolved an issue where applications could not be removed from a policy if more than one application is applied
9/26/2024: 2.3.3
Bug Fixes
- Internal only improvements and fixes
9/26/2024: 2.3.2
Bug Fixes
- Resolved an issue in which turning on MDR for a child organization from a parent organization was not correctly turning on MDR for the child
9/25/2024: 2.3.1
Bug Fixes
- Resolved an issue in which deleting computers was resulting in duplicate popups
09/24/2024 : 2.3.0
New Features
- Added a new button labeled 'Narrow Search' on an expanded Unified Audit entry. When selected, it will open a new tab in the Unified Audit filtered for the specific hostname and organization, with the date/time set to start 10 minutes before the file was observed and end 10 minutes after the file was observed to help with quicker investigation
- Added a new login feature for Enhanced Token Theft protection. When enabled, Threatlocker will validate both the session token and the IP address, to help prevent a token theft attack. Please note, if this is enabled, and you change IP addresses while logged in, your session will expire and you will need to reauthenticate.
- Added a hyperlink to the Computer Group sidebar from within the Computer sidebar
- Switched the buttons on the Administrators page to put Invite Administrator on the main grid and New Administrator in the hamburger menu
- Added hyperlinks to Organization names displayed throughout the portal to open the Organization sidebar. Added a button on the Organization sidebar to 'Manage' the organization
- Made the tags area in Ringfencing searchable
- Added the ability to open the Role sidebar from the Administrators sidebar for better visibility of permissions included in a role
- Added a scroll bar in the Action Log window within Detect
- Moved the Options settings in the Organization sidebar to their own tab
- Added caching of Timeout Settings on the login page so users don't need to reselect it at every login
- Added additional information when user selects group learning to inform that it can lead to duplicate policies and could impact performance
- Added better messaging to the Response Settings sidebar to make it more user-friendly
- Made improvements to the Add Application sidebar to default to the same OS selection as the main grid
- Made improvements to the Unreachable Policy popup to now hyperlink to the blocking policies and include the Applies To of the blocking policies
- Added a filter on the Check-In tab to hide heartbeat check-ins
- Added new filters on the Application Control Policies page to filter by policies with Ringfencing, policies with Elevation, and policies that just permit
- Added a new field on Help Desk tickets, under the ticket history, for Approving Manager
- Added further validation to ensure users have access to data returned in reports
Bug Fixes
- Minor UI fixes on the Community page
- Resolved an issue in which clicking View Ticket History in the Helpdesk was also loading Comment History
- Resolved an issue in which Network Control and Storage Control policies were not being updated when a computer was moved
- Resolved an issue in which exporting macOS policies was resulting in an empty spreadsheet
- Resolved an issue in which the Billing Contracts dropdown was not displaying the first admin that started the ThreatLocker trial
- Resolved an issue in which a first-time login was incorrectly causing an error
- Resolved an issue in which computers could be secured via an Approval Request without first acknowledging applicable notes
- Resolved an issue in which Existing Policies counts were not accounting for different OS types
- Resolved an issue in which the System Audit was not displaying the names of modules that were enabled or disabled
- Resolved an issue with consistency in the UI with the Lockdown button in the Remediation tab
- Resolved an issue in which applications that were matching only based on a certificate mismatch were being returned in the Approval Request 'Matching Applications' dropdown
- Resolved an issue in which duplicate results were incorrectly being returned when searching the Application page
- Resolved an issue in which a SQL error was causing User auth tokens to expire
- Resolved an issue in which the System Audit was not logging failed chat attempts
- Resolved an issue in which the Datto Integration was not displaying the full list of sites in Datto
- Resolved an issue in which the Enable Domain Name Parsing sidebar, when reached via the Network Control module required a process path to be entered before being able to enable it
- Resolved an issue in which a message that "All Applications is not a recommended setting" was being displayed on Default Deny policies
- Resolved an issue in which macOS applications were not displaying any Access icons
- Resolved an issue in which macOS Chrome extensions were not showing a link to View in the Chrome Store
- Resolved an issue in which the 'Details' section was not being displayed when first opening Endpoint Response settings
- Resolved an issue in which a computer couldn't be screen-locked more than one time without displaying an error
- Resolved an issue in which ticket emails were incorrectly pointing to the beta portal
- Resolved an issue in which Unused Policies were not able to be deleted from within the Health Center
- Resolved an issue in which the Super Admin role was not in parity with the Super Admin permission
- Resolved an issue in which Detect alerts were able to be cleared without acknowledging applicable custom notes
- Resolved an issue in which the System Audit did not permit searching a start date before the current EST time
- Resolved an issue in which moving from page to page within the Unified Audit was opening subsequent pages to the same scroll area as the previous page (i.e., the bottom of the screen if the previous screen had been scrolled to the bottom)
- Resolved an issue in which Manage Detect Threats permission was not permitting access to the Response Center Alerts tab, or the ability to place computers in to Isolate or Lockdown
- Resolved an issue in which the Ready to Secure filter was not correctly filtering the Computers page
- Resolved an issue in which the System Audit was not displaying what user roles or permissions were being added or removed from administrators
- Resolved an issue in which changing a storage policy from Permit to Deny was incorrectly displaying a change in the policy condition
- Resolved an issue in which Manage Detect Threats permission was not permitting access to the Response Center Alerts tab, or the ability to place computers in to Isolate or Lockdown
- Resolved an issue in which Creating or Editing an Application Policy was incorrectly displaying errors despite having adequate user permission
- Resolved an issue in which time was incorrectly displayed when set to UTC+9:30 Adelaide
- Resolved an issue in which policies for hidden applications were unable to be copied or promoted
- Resolved an issue in which Tamper Protection Disabled was selected by default when enabling bulk maintenance
- Resolved an issue in which non-US based phone numbers were not being supported in the Email/SMS Admin on Request textbox on Deny policies
- Resolved an issue in which users were forced to log in twice
- Resolved an issue in which the TL Version hitbox had too small an area to be useable on the Computers page
- Resolved an issue in which Scheduling policies were incorrectly defaulting to Monday instead of the current day
- Resolved an issue in which setting a deny storage control policy with the option to request was not saving unless something was inserted in the email and message input boxes
- Resolved an issue in which the Update Channel was incorrectly displayed in the portal on the Computers page. Update Channels are only configurable for Computer Groups, not individual computers
- Resolved an issue in which scheduling maintenance modes were not resetting to default when scheduling 2 maintenance modes back to back
09/19/2024: 2.2.4
Bug Fixes
- Resolved an issue in which files that matched by SHA256 were not showing as matching in the Approval Request dropdown
- Resolved an issue in which parent applications were able to be learned into from a child or grandchild organization
- Resolved an issue in which Detect policies could be created without having an 'Applies To' selected
09/18/2024: 2.2.3
Bug Fixes
- Resolved an issue in which the Remediator was not starting once MFA was completed successfully
- Resolved an issue in which the Allow Remediator permission was unable to be applied by a Super Admin
09/12/2024: 2.2.1
Bug Fixes
- Resolved an issue where a helpdesk ticket from one organization was mistakenly saved under another organization's helpdesk when helpdesk staff closed the ticket from the first organization and then quickly opened a ticket for the second organization before the closing popup window was fully closed.
- Resolved an issue in which users with Super Admin - Parent Only were able to assign themselves Super Admin or Super Admin - Child
- Added additional permission validation to the UserUpdateAdministrator API
- Resolved an issue in which Elevation Approval Requests were failing to get application matches due to a process path not being present in the action log
- Resolved an issue in which MDR Alerts were not being populated in chronological order
- Resolved an issue in which simplified IPv6 addresses were not being accepted into Ringfencing exclusions
09/10/2024: 2.2.0
New Features
- Added the ability to search in the Assignment Group, Business Service, and Tags dropdowns on the ServiceNow integration Ticket Settings tab
- Added better validation when entering new tag items
- Added the ability to schedule and expire Cloud Detect policies
- Added the ability to copy existing policies to child groups and child computers from the 'Copy Existing Policies' button, for all supported OS types
- Added a %Policy Name% variable to be used in Detect emails to display the name of the policy that triggered the email
- Added a button to create an Application Control Policy from the Application sidebar
- Added a warning to the Deliver Optimization Service Configuration Manager policy that it may block updates from Windows
- Added the ability to open Domain Name Parsing Settings from the Application Control module
- Added display of the Organization name to the Computer sidebar
- Added the ability to Clear Detect Alerts on a machine that is in Disable ThreatLocker Detect mode
- Added the option to Include Child Organizations on the Detect page
- Added display of Organization names on each alert on the ThreatLocker Detect Alert Center
- Added the ability to search, filter and sort alerts in the ThreatLocker Detect Alerts sidebar
- Added visibility of both Policy Action and Effective Action in Detect Alerts
Improvements
- Made minor UI improvements on the Computers page
- Made improvements to the formatting of the warning displayed when a profile picture was the incorrect size
- Made improvements to the way ThreatLocker Version is displayed in the portal
- Made UI improvements to the Check-In tab
Bug Fixes
- Resolved an issue in which the Applies To was being set to unselected in the Application Control Policies sidebar
- Resolved an issue in which connecting to the portal via a VPN was incorrectly forcing a logout even when the VPN's IP address is from a permitted location
- Resolved an issue in which deleting Windows XP applications with policies was deleting the application and leaving the policy behind
- Resolved an issue in which expanding a tile in the Health Center and attempting to press on any of the policies was resulting in an Undefined Error
- Resolved an issue in which a ticket that was marked as "Confirmed Resolved by Customer" got automatically unassigned from the support agent and ownership has to be retaken
- Resolved an issue in which the Manage Local Admin Settings permission was failing to provide users with access to the Elevation Control module
- Resolved an issue in which a user was incorrectly logged out of the portal immediately after successfully logging in
- Resolved an issue in which using the Search Function at same time of Sort Action on the Computers page was causing a 500 Error instead of "No Computer Found"
- Resolved an issue in which filenames with whitespaces were not being accurately displayed in the Unified Audit
- Resolved an issue in which ConnectWise RMM was not being displayed as a deployment method
- Resolved an issue in which HelpDesk ticket information was failing to save if the text formatting was changed
- Resolved an issue in which the Manager dropdown on the Administrator page was displaying API users
- Resolved an issue in which Network Control Policies were displaying the Organization ID instead of the Organization name when viewing an existing policy
- Resolved an issue in which using quotation marks in the search bar for keywords in the Unified Audit was not returning matching results
- Resolved an issue in which creating a new Application Policy was not returning the correct OS type applications
- Resolved an issue in which Network Control policies were displaying the Applies to Entire Org in the sidebar even when the policy did not apply to the Entire Org
- Resolved an issue in which deleting an Okta integration was displaying an error referencing Datto
- Resolved an issue in which matching parent-level applications were not available to child organizations unless the admin had super admin permissions
- Resolved an issue in which organizations with an active DUO integration were unable to invite an administrator without MFA restrictions
- Resolved an issue in which defaulted values in the dropdowns on the System Audit could not be cleared
- Resolved an issue in which a user with Super Admin permissions was unable to approve applications for child organizations
- Resolved an issue in which scheduling a Disable ThreatLocker Detect maintenance mode caused a blank maintenance mode to be displayed on the maintenance mode dropdown
- Resolved an issue in which the Detect Runbook appeared empty initially when first loading from Beta
- Resolved an issue in which Configuration Manager policies that were left using the default Applies To were incorrectly saving with a blank Applies To
- Resolved an issue in which the option to apply policies to Users and Groups was incorrectly displaying for macOS policies
- Resolved an issue in which the banner stating machines are not above 8.7.1 is present even when all machines are above 9.0
- Resolved an issue in which Approval Requests being escalated back to the customer were failing when Use Parent Settings was selected in the Cyber Hero Instructions
- Resolved an issue in which the Billing tab was incorrectly displayed to organizations that are not responsible for billing
- Resolved an issue in which merging a ticket with an ampersand was changing the ampersand to "&"
- Resolved an issue in which users with the Super Admin-Parent Only permission were incorrectly able to use the Include Child Organization Computer Groups checkbox
09/04/2024: 2.0.3.242
Bugs and Fixes
- Resolved an issue where deleted applications would display as a matching application
8/30/2024: 2.0.2
Improvements
- Made improvements to the loading of Matching Applications in Approval Requests
Bugs and Fixes
- Resolved an issue in which the 'Edit Computer' permission was required in addition to an Approval permission
- Resolved an issue in which Maintenance Mode permissions were not automatically including the corresponding Approval permission
- Resolved an issue in which an 'undefined warning' was incorrectly received when attempting to permit an application via the Unified Audit
- Resolved an issue in which Cloud Detect logs were not correctly being imported in a multitenant environment
08/23/2024: 2.0.1.234
New Features
-
Introducing the ThreatLocker Mutual Action Plan
- A new Project Management tool for Clients and their ThreatLocker teams to increase cross-team collaboration and communication, and improve productivity and resource management. The Mutual Action Plan page will only be visible once a plan has been created for you by your ThreatLocker Team.
- Read our KB here: Mutual Action Plan | ThreatLocker Help Center (kb.help)
-
Introducing an enhancement for Storage Control: The SharePoint Connector
- With this new connector, ingest your SharePoint and OneDrive logs and get visibility of your end user's behaviors in the Unified Audit.
- Read our KB here: SharePoint Connector for Storage Control | ThreatLocker Help Center (kb.help)
-
Introducing Self-Approvals
- A new option is available on any Deny Application Policy to allow end-users to self-approve their own blocked software.
- To read about how this new feature empowers select end-users while keeping their environments safe, read our KB here: Allowing End User to Self-Approve Applications | ThreatLocker Help Center (kb.help)
- Added logging in the Unified Audit from Self-Approved applications.
- Added the ability to view and edit the temporary application created when using the Self-Approval feature.
-
Introducing API Users
- Now, starting with the Administrators page, administrators can create a unique API administrator in the portal and assign specific roles to that API administrator.
- A unique API key will be generated which will allow the API User to interact with our portal.
- Swagger documentation is available for our published APIs and will allow external interactions with our portal.
- Read our KB here: API Users | ThreatLocker Help Center (kb.help)
- Multiple new permissions are available related to segmenting different Learning Modes into different modules, like Application Control Learning Mode. Also added multiple new permissions related to segmenting different Learning Modes for single computers, like Approve for Single Computer (Application Only)
- For more information on ThreatLocker User Permissions, check out our KB here: User Permissions
- Detect Exclusions now include an 'Applies To' dropdown, allowing clients to create exclusions for single endpoints, groups, or entire organizations
- Approval Requests will now include information from our extensive product research. Information may be Risk & Business Ratings, Countries Where Code is Compiled, Known Levels of Access, Mitigation Strategies, and more. This information is provided to enhance an administrator's ability to research applications quickly and efficiently.
- Added portal-side support to permit approval request emails to route to the ThreatLocker Mobile app when opened on a mobile device with the app installed
- When using the ThreatLocker Remediator, MFA is now required and actioned via the ThreatLocker Mobile App.
- Learn more about the ThreatLocker Remediator here: The Remediator
- Windows machines will have an Upload option on the Unified Audit sidebar for executable file logs. This will allow administrators to investigate files that the end user did not include on an approval request.
Improvements
- Improved portal performance causing excessive memory usage in all instances where the 'Applies To' dropdown is used
- Improvements to the HaloPSA Integration to now include Company Mapping and Ticket Settings
- Made a logic change so that only the computer or computers with custom notes have their quick action dropdown menus on the Computers page disabled
- Improved the Health Report to include browser extensions in the Areas Recommended for Review section
- Added support for multitenancy in the Azure Integration
- Added a checkbox on Tray Branding to make it easier for clients to mark fields as mandatory
- In Approval Requests, if the policy that matches is at the parent level, administrators will get the message "A policy already exists for this application. There is no need to create a new one"
- Made improvements to the Custom Notes feature to show on sidebars
- Added a new Type to the ServiceNow Integration called "Service Request" that will map to the Service Request table in ServiceNow
- The Logout timer on the Login screen now has a 15 minute option
- Improved the Datto Integration by integrating with Datto Autotask PSA
- Improved the System Audit to include the names of Modules that are being enabled or disabled by an administrator
- Improved the notes section in applications for individual files to include the updated names of maintenance modes
- Added a warning message to the 'Move Computer' popup to inform users that custom apps not permitted at the new level will not be moved with the computer, and that Lockdown or Isolation mode will be removed, and all Detect alerts will be cleared
- Improved the dialog presented in the warning message in the 'Move Computer' popup box that informs administrators of security impacts to consider when the computer is moved to a new group or organization
- A new field is available on Help Desk tickets, under the ticket history, for Approving Manager
- Improved portal performance causing excessive memory usage in all instances of when the 'Applies To' dropdown is used
- Improved portal performance of the Unified Audit when using the Permit Application page from an audit log
- Improved logging in the Unified Audit from Self-Approved applications
- Added the ability to view and edit the temporary application created when using the Self-Approval feature
Bugs and Fixes
- Resolved an issue with ThreatLocker Detect, where a default expiration time is added, even when clearing the expiration manually
- Resolved an issue with the ServiceNow Integration where escalation notes from Cyber Heros were not included in the ServiceNow ticket
- Resolved an issue in which Detect Alerts could be hidden by the pagination bar if the window was not fully expanded
- Resolved an issue where line breaks in the customer guidelines for Cyber Hero Management settings were not displaying correctly on the approval request
- Resolved an issue in which the System Audit was not logging failed chat attempts
- Resolved an issue in which searching the Community for any policy and selecting an Item Type resulted in an error
- Resolved an issue in which the Unified Audit > Permit Application > Copy Link button was failing to generate a working link
- Resolved an issue in which closing an Application Control Policy sidebar from the secondary tab was resulting in UI issues the next time the sidebar was opened
- Resolved an issue in which a maintenance mode could be changed without acknowledging an associated note
- Resolved a UI glitch on the Computers page in which the OS and Computer Group were disappearing from the display after setting a maintenance mode from the quick dropdown menu
- Resolved an issue in which <Automatic> was incorrectly being displayed as an option for Installation Mode on approval requests
- Resolved an issue in which a Certificate:[Object Set] rule was able to be saved from the Permit Application page
- Resolved an issue in which the “Make Including a Message Mandatory” checkbox in the Tray Notification settings did not save if the user did not input text in the “Message” Box
- Resolved an issue in which the 'Suggested Ringfencing' option was displaying incorrectly on macOS Approval Requests for policies that do not include 'Suggested Ringfencing'
- Resolved an issue in which the portal was showing the ability to customize the Tray from the default-deny policy on macOS workstations although it is not yet supported by the macOS agent
- Resolved an issue with Tray settings for Mac computers where they would not update on 'Save'
- Resolved an issue in which removing conditions in a Detect policy also removed Occurrences
- Resolved an issue in which Administrator names were incorrectly displaying with ??? instead of Arabic characters
- Resolved an issue in which IPv6 addresses were not correctly importing into Tags from the Unified Audit "Add to Tag" feature
- Resolved an issue in which Approvals that were escalated from the Cyber Heroes, and then actioned by selecting 'Authorize Cyber Heroes to Permit' link, were resulting in a 500 error if there was no text in the Additional Details field
- Resolved an issue in which the progress checkpoints box on the Computers page was failing to populate if a second computer was selected without closing the first progress checkpoint box
- Resolved an issue in which Detect exclusion options that were over the supported character limit were still displaying as options in the exclusions dropdown, and erroring when attempting to add them
- Resolved an issue with saving companies mapped in the Halo PSA integration
- Resolved an issue in which 'promoting policy' from one group to another group resulted in the policy being duplicated and the original policy remaining, and when promoting the policy from a group to the entire org level, all policies were compiled into the entire org policy
- Resolved an issue in which policies were unable to be promoted from Entire Org to Global
- Resolved an issue in which promoting policies from machine level macOS to group macOS level was creating a duplicate application instead of moving the policy
- Resolved an issue in which Local Admins that were deleted from the local computer were reappearing in the Elevation Control > Remove Selected page because the computer they were deleted from is offline
- Resolved an issue in which exporting from the Computers page was only returning a single page of data and not all pages
- Resolved an issue in which using the New Administrator Button caused a bad admin/user error when the contact already exists
- Resolved an issue in which Organization settings were incorrectly displaying "Prevent users of this organization receiving emails from ThreatLocker" on parent level organizations
- Resolved an issue that would not force a full check-in on the endpoint for when a notification was sent through MDR
- Resolved an issue in which the Co-Managed Direct Support product was incorrectly required to permit users to contact the Cyber Heroes for non MSP customers
- Resolved an issue in which the Inherit from Group option was being duplicated in the Computers page > Update Version popup window
- Resolved an issue in which users were unable to view child Storage/Network Policies from the Unified Audit when viewing a child log from the parent org
- Resolved an issue in which clicking between the Lockdown and Isolate buttons from the ThreatLocker Detect tab of the Computer sidebar was not displaying the notes window
- Resolved an issue in which the Full Path was not correctly displaying in Approval Requests when that path included square brackets
- Resolved an issue in which the Application Control Search by Filter was not returning Open Source applications
- Resolved an issue with the Network Tab on Endpoint Detect where more than 100 results would populate on the initial display of logs
- Resolved an issue in which the banner informing users that MDR requires version 9.0 when all of the organization's computers were already updated to the supported version
- Resolved an issue in which the Configuration Manager policy "Audit incoming NTLM traffic (Restrict NTLM)" was not saving
- Resolved an issue with the Cyber Hero Managed Detection and Response banner which stayed even after administrators had configured their playbook
- Resolved an issue with the 'Applies to' count when approving an application at the Global level
- Resolved an issue with pagination on the Unified Audit which showed inconsistent results
- Resolved an issue where some System Audit logs did not show the options added/removed to Org/Group/Computer
- Resolved an issue where computers with Tamper Protection Disabled and also in Learning Mode would not populate in the portal based on certain filter combinations
- Resolved an issue with Tags where improperly formatted IPV6 tags could be entered and saved
- Resolved an issue that caused an error message for organizations that have over 2100 computers and were using the filter for Computers Installed over 4 or 7 Days
- Resolved an issue where time was displayed inconsistently based on browser settings or the Organization's timezone settings
- Resolved an issue with how the Schedule Policy option displayed scheduled times for policies to run in the future
- Resolved an issue with consistency in the UI with the Lockdown button in the Remediation tab
- Resolved an issue with ticket creation and the ConnectWise integration that involved being on the correct CodeBase version
- Resolved an issue where a scheduled report would not populate as expected
- Resolved an issue that allowed administrators to copy Storage Control policies into a Global computer group
- Resolved an issue with deleting an application without an existing application control policy will show a warning message as if a policy still exists
- Resolved the sorting filters on the Elevation Control page not working as expected
- Resolved an issue with existing Configuration Manager policies not being able to change the Applies To configuration
- Resolved an issue where, when an application was denied by hash, the hash would not be visible in the Permit Application function
- Resolved an issue with missing whitespace in filenames within the portal, causing file exceptions to not match as intended
- Resolved an issue in which we were incorrectly checking for cyber hero management instructions when opening the organization sidebar for organizations without cyber hero management
- Resolved an issue in which the Mutual Action Plan page was unable to support non US-based phone numbers
- Resolved an issue in which users with Super Admin Child permission were unable to set maintenance modes or chat with support
- Resolved an issue in which users were unable to clear multiple Cloud Detect alerts
- Resolved an issue in which the ThreatLocker Team section of the Mutual Action Plan was not loading
- Resolved an issue in which the Applies To section of an Approval Request was incorrectly defaulting to "Entire Organization"
- Resolved an issue in which Organizations with Read-Only Access was showing an error when attempting to expand a Unified Audit entry
- Resolved an issue in which uploading a profile picture was incorrectly requiring the Edit Admin permission
- Improved the Domain Name Parsing Settings to include processes monitored by default. These will not be editable.
- Resolved an issue in which users were unable to use the 'Select All' button in the Suggested Policies window
- Resolved an issue where the 'Applies To' configuration of Storage related approval requests was not properly defaulting to 'This Computer'
- Resolved an issue that prevented administrators of a parent organization from opening a Cyber Hero chat while managing a child organization
- Resolved an issue where copying policies using inactive or hidden applications would not copy the application properly to the newly created policy
07/16/2024: 2.0.0
New Feature: Cloud Detect
ThreatLocker Cloud Detect will identify unexpected and unwanted behavior in your Microsoft 365 cloud environment, which could indicate a potential cyber incident.
ThreatLocker Cloud Detect policies will use Microsoft 365 Logs and Detect policies to communicate with ThreatLocker administrators about any potential indicators of compromise discovered. Policies can be customized using any fields from the Microsoft 365 API (requires a Microsoft Entra P2 license) or Microsoft Graph API (included with a Microsoft Entra P1 license) logs to meet your specific requirements. Using a Microsoft Entra P2 license with Cloud Detect, policies can be created to alert and respond to:
- Users with leaked credentials
- Sign-ins from anonymous IP addresses
- Impossible Travel to atypical locations
- Sign-ins from infected devices
The Cloud Detect module is automatically included with ThreatLocker Detect but requires an active Office 365 Connector.
Quickly adopt and share ThreatLocker Cloud Detect policies via the ThreatLocker Community.
Add temporary or permanent policy exclusions to Cloud Detect policies per user account or for the entire organization.
Lock out user accounts in response to activities observed in that account, and unlock the account again in the Remediation tab of the Response Center once the activities have been verified.
Cloud Detect Policies are included in Cyber Hero MDR. Cloud Detect requires a separate playbook. For more information on configuring a Cloud Detect playbook, please see the associated article: Cyber Hero Managed Detection and Response or reach out to a member of the Cyber Hero Team.
Improvements
- Improved the Health Report to include research data found for Mac OS based applications
- Improved the Health Report to include browser extensions that have research data.
Bug Fixes
- Resolved an issue with the Health Report formatting incorrectly on preview by only including an export option in the portal
07/08/2024: 1.8.6
New Features
- Added the ability for administrators to deploy policies for a single endpoint, rather than for the whole organization. This can be done from the Computers Page> Edit Computer side pane.
- Added a Monitor Only mode for Storage Control
- Added a Monitor Only mode for Network Control
- Added ThreatLocker Unified as an item in the modules dropdown on the Organizations page.
Improvements
- Improved the Configuration Manager policy for Scheduling Secure Free Space Delete to allow users to select the day of the week (on weekly) or day of the month (on monthly) on frequency settings, and added a Task Run Time setting.
- Minor UI improvements in the Partner Resources page.
- Minor UI improvements to Configuration Manager Set Administrator Account Password policy.
Bugs and Fixes
- Resolved an issue where the character '&' would cause HelpDesk tickets to change to saying '&' instead.
- Resolved an issue that would cause duplicate HelpDesk tickets to be created if the 'Chat Now' button was pressed more than once before the chat starts.
- Resolved an issue preventing administrators from managing tags due to permissions.
- Resolved an issue that would prevent child organizations from adding administrators due to a trial-based error, despite not being on a trial.
- Resolved an issue where a 500 error was presented on using the Upload and Delete File feature for files not containing a certificate.
- Resolved an issue in which parent applications were not selectable when adding to an application from the Unified Audit of a child organization with the appropriate user permissions to access parent applications.
- Resolved an issue that would allow administrators to add Elevation to an Application Control policy and save it despite Elevation not being enabled for the organization. Also improved the display of policies using Elevation when Elevation is not enabled, presenting a 'gray' icon in the policies action column.
- Resolved an issue in which users were able to create 'ANY' conditions using Does Not Contain or Does Not Match which resulted in excessive policy matching and alerting.
- Resolved an issue where suggested custom rules for adding to an application on the Permit Application page were showing path only rules.
- Resolved an issue in which the Windows Defender Virus and Protection Settings policy became inaccessible after the character limit for exclusions was exceeded.
- Resolved an issue in which Super Admin parent users were unable to use parent organization applications with child policies.
- Resolved an issue in which copying Network Control policies was failing and returning a 401 error.
- Resolved an issue in which large Health Reports were not displaying correctly.
- Resolved an issue when adding multiple items in the Unified Audit to a tag would add the IPv4 but not add domains as a text entry.
- Resolved an issue with the Remove Unused Applications feature where applications that had a recently deleted policy would not be removed.
- Resolved an issue with viewing TLAPS passwords on the Computers Page not working when viewing more than one TLAPS password without refreshing.
- Resolved an issue in which logs that included square bracketed parameters were not showing as matching an application.
- Resolved an issue in which tickets were not being correctly assigned to the technician participating in the live chat session.
- Resolved an issue in which user permissions were not being synchronized correctly.
- Resolved an issue in which not all groups were being displayed in the OKTA integrations group dropdown.
- Resolved an issue in which browser extensions were having incorrect research information applied to them.
- Resolved an issue in which duplicate applications were being displayed in the Health Report.
- Resolved an issue in which parent organizations were unable to view child organization Windows computer groups using the Windows filter.
- Resolved an issue when adding a network exclusion to a Ringfenced policy from the Unified Audit would not auto populate the correct value type with the correct data. Also resolved for adding to a tag.
- Resolved an issue in which the Request Monitor Button was not visible on some Child Organizations' Detect Policies.
- Resolved an issue when new organizations are created, and those organizations are not inheriting template policies, settings, and options from the template organization.
- Resolved an issue with HelpDesk tickets that caused push notifications through the mobile device when commenting on the author's own ticket as an update.
- Resolved an issue in which parent level user roles were incorrectly being inherited by child organizations.
- Resolved an issue in which the Super Admin Logged-in Only permission was permitting the user to edit child organization computers.
- Resolved an issue in which the portal login time limit could be manipulated using DevTools.
07/2/2024: 1.8.5.192
Improvements
- Improvements to the Mac Baseline and Learning Processes related to linking learned items to individual endpoints
- Improved the process to how Detect Alerts populate on the ThreatLocker screen when MDR is enabled
- Added a new Save button in Application > Application Files sidebar to let users choose when to commit changes to rules
- Added a calendar to the Schedule Secure Free Space Delete policy in Configuration Manager to set the task run time
- Added a scrollbar on the Heatlh Center page
- Added a character limit to the custom notes input box
- Added additional logging in the System Audit from the Billing page
- Made improvements to the Elevation Control > Remove All Except Excluded Local Administrators Enable/Disable button to make it easier to tell if the product is enabled or disabled
- Added display of the OS type icon in all "Applies To" dropdowns so users can better distinguish between different OS types, making it easier to be sure the correct selection is being made
- Added additional validation in the Response Center to prevent the use of special characters \ % _ [ ] when making custom rules with the certificate parameter
- Improved the error message that results from attempting to merge applications with the same name
- Added validation to ensure emails sent from the CRM are send by the logged in user to prevent email spoofing
- Added validation to prevent the ability to save empty exclusions for Microsoft Defender in the Configuration Manager policy, "Defender Virus & Threat Protection Management Configuration"
- Added the ability to edit/update Linux policies - Alpha Only
- Integrations - add ability to edit credentials
- Added the ability for grandchild orgs to use the Parent Level Settings sidebar
- Added Global and Global groups to the Applies To level in Configuration Manager
- Policy statuses have been added to Mac applications
- Added a checkbox on the Request Window Appearance sidebar to easily mark fields as mandatory for end users to include when sending an Approval Request
- Made improvements to Detect policies 'Occurrence Frequency' to be more logical and user friendly
- Made improvments to the Applications page and Health Report. Now, flags will be from where code is compiled for these applications
- Added support for Text in Network Control Destinations so users can specify domain names
- Added a feature to turn the Deploy Policies button red if changes are made on the Elevation Control > Remove Selected or Remove All Except tabs
- Improved the logic for the Learning Mode Progress bar on the computers page to also consider machines with an indefinite learning mode maintenance period and display properly
- Improved the logic that shows a machine as being in 'indefinite' learning mode duration to only check the current date and time against the end date and time of the mode to determine if it is 'indefinite'
- Improved branding options in the portal that allows Tray Branding messages or email address fields to be made mandatory with the use of a checkbox
- Added API support for Mac OS with the use of global groups
Bugs and Fixes
- Resolved an issue where a scheduled report would not populate as expected
- Resolved an issue in which users were unable to start a chat session if not logged in
- Resolved an issue in which an admin account that was created automatically when a trial was started was unable to receive a password reset
- Resolved an issue in which the Configuration Manager policy Audit Incoming NTLM Traffic was not saving
- Resolved an issue with the Halo Integration where Organizations were not showing in Customer Mapping
- Resolved an issue in which Lockdown and Isolate were not starting/stopping as scheduled due to end user computer time setting changes
- Resolved an issue in which icons were failing to load in the Upgrade ThreatLocker version dropdown
- Resolved an issue in which attempting to search the Unified Audit using both the main search grid and the Advanced Search was incorrectly permitting the selection of multiple "Actions" which resulted in unexpected search results
- Resolved an issue some clients experienced in which attempting to sign in with SSO was unnecessarily including the response URL being passed in the request, which resulted in a query string longer than could be handled by Microsoft 365
- Resolved an issue in which admins were unable to add to application when the Edit Application Control Applications permission was applied
- Resolved an issue in which System Applications were incorrectly being shown as temporary when they were not
- Resolved an issue in which 'Show All Policies' checkbox was not displaying Global policies
- Resolved an issue in which Instance A was being called upon every time users logged in
- Resolved an issue in which users were unable to select OS types other than Windows when creating new Application Control policies
- Resolved alignment issues with headers in the CSV export of the Unified Audit
- Resolved an issue in which the number of affected groups and computers was displaying incorrectly on Approval Requests
- Resolved an issue in which users with Co-Managed Direct Support were unable to access the Help Desk
- Resolved System Audit logs showing the incorrect hour for policy expiration times
- Resolved an issue in which the 'Edit Application' button on any report was incorrectly directing the user to a legacy window
- Resolved an issue in which the Products dropdown was extending below the bottom of the page
- Resolved an issue in which MacOS applications were not being displayed as Ringfenced in the Existing Policies tab
- Resolved an issue where temple User Roles were not being created on new parent organizations properly
05/29/2024: 1.8.4.165
New Features
- Added a new permission "View Computers" that will provide view-only access to the Computers page
- Added a new permission "Install Computers" that will provide access to the Install Computers button and view-only access to the Computers page
Improvements
- Minor UI improvements to make 'Disabled' buttons more apparent
Bugs and Fixes
- Resolved an issue where LiveChat would not start if the user was not logged in to the portal
- Resolved an issue in which DUO MFA was being bypassed, permitting users to log into the portal without MFA
- Resolved an issue in which the CSV export from the System Audit page was displaying information under incorrect column headers
- Resolved an issue in which the view password icon was covering part of the password field in the Administrator sidebar
- Resolved an issue in which a Trial Banner was appearing for customers who were not on trial
- Resolved an issue in which changing the status in the helpdesk dropdown did not refresh the page
- Resolved an issue in which a CSV export of Detect results was incorrectly formatted if a certificate was present
- Resolved an issue in which copying policies from one location to another was incorrectly displaying a warning message
05/28/2024: 1.8.3
New Features
- Added a button to enable/disable Elevation Control > Remove All Except product
- Added the ability to view/edit Domain Name Parsing Settings in the hamburger menu on the Network Control page
- Added the ability to view baseline logs from the Detect sidebar 'Anytime' instead of capping the time limit
- Added a 'Beta' label to the portal version number if it is a Beta version
Improvements
- Changed the display name of the ThreatLocker Ops permissions to say ThreatLocker Detect Permissions
- Added more validation to the Domain Name Parsing Settings sidebar to prevent entering duplicate entries
- Added clearing of active alerts when a computer is put into Disable Detect Alerts maintenance mode
Bug and Fixes
- Resolved an issue in which newly created Application Control policies were not being assigned the correct order number
- Resolved an issue in which the Domain Name Parsing scroll list was running into the header
- Resolved an issue in which users were incorrectly receiving an error when attempting to remove a Local Admin
- Resolved an issue in which network Ringfencing exclusions were being copied incorrectly as 'text' when being added from the Unified Audit
- Resolved an issue in which exporting results from the Computers page was not displaying the correct information
- Resolved an issue in which applications with the incorrect OS type were being displayed when enabling maintenance mode
- Resolved an issue in which a Logon message set within Configuration Manager was incorrectly displaying the body of the message in the title field
- Resolved an issue in which the Configuration Manager policy for Set Administrator Account Password was not correctly displaying missing complexity requirements when editing an existing policy
- Resolved an issue in which scheduling maintenance appeared to not be applying when performed through the sidebar instead of the quick dropdown
- Resolved an issue in which SMS MFA was not being honored
- Resolved an issue in which Configuration Manager policies were able to be saved with null attributes instead of resulting in an error
- Resolved an issue in which the pagination footer was being cut off on the Reports page
- Resolved an issue in which the Health Center Remove Management widget was loading very slowly
- Added support for Unicode and non-Unicode characters in the Hostname field on the Computers page and the Unified Audit page
- Resolved an issue in which OTC could not be turned off by an administrator
- Resolved an issue in which sortingcomputers by last check-in was resulting in a timeout
05/21/2024: 1.8.2.159
New Features
- We have added the ability to set custom messages per Organization, Computer, or Computer Group that will be displayed according to the settings applied to the custom message
- We have added a toggle on the Elevation Control > Remove All Except Excluded Local Administrators tab to enable/disable the product. Please note that once a user selects the Disabled button, it will become an Enabled button, and a configuration will be set at the Organization level with no Exclusions. If left unedited, once Deploy Policies is selected, all users will be removed from the Local Administrators groups in the entire organization, except for the default Administrator accounts. If Exclusions are desired, please set all Exclusions before clicking the Deploy Policies button
- We have added the ability to specify a Manager for Administrators on the Administrators page
- We have added the ability for customers to save Remediation scripts in their private Community page as "Remediation Policies." Remediation Policies can be run directly from the Community page by selecting the target endpoint. Please Note: This requires ThreatLocker Detect to be enabled and the Remediation Service to be installed on the target endpoint
Improvements
- Added policy support for the upcoming release of Windows XP agent
- Added a hyperlink to application names displayed in the Unified Audit sidebar as long as they are not a built-in
- Added messaging to inform users that rescan baseline does not create new application definitions or policies
- Updated warning banner on new Configuration Manager policies to reflect the proper ThreatLocker version 9.0
- Added a message to indicate when Cyber Hero Management has not been configured
- Creating child organizations will now inherit options enabled by the parent organization
- Made improvements to the display of the Health Report
- Improved the copy policies function to properly reflect OS types associated with the destination
- Added messaging to show users if they are creating a policy that would be irrelevant due to higher-ranked policies taking precedence
- Added Group name to the text displayed when creating custom rules to inform the user which computers/groups will be impacted by changes
- Added the ability for users to enter/update their own billing and mailing addresses in the Billing Page
- Moved Health Report processing to occur overnight so daily there will be a fresh Health Report ready to download at the click of a button instead of requiring the user to wait while the report processes
- Added a Condition in ThreatLocker Detect for Policy Name
- In the Application Approvals sidebar, we have added more information around "How many computers will this affect" to now include the computer group name the computer is associated with
Bugs and Fixes
- Resolved an issue with CHMDR playbook instructions set on a global level not showing in alerts for child organization alerts
- Resolved an issue in which applications were failing to fully delete, causing them to reappear
- Resolved a minor UI issue on the Organizations page in which border lines were appearing out of alignment
- Resolved an issue in which the Password Protected Screen Saver policy in Configuration Manager was applying time in seconds instead of minutes
- Resolved an issue in which the ITAR tag was not properly displayed on the Organizations page
- Resolved an issue in which Network Control policy settings were not being copied when using the Copy Policy function
- Resolved an issue in which users were unable to action an approval request without enabling a maintenance mode unless they had edit computer permission
- Resolved an issue in which approval requests were incorrectly removed when a computer was moved from one organization to another
- Resolved an issue in which organizations with Co-managed direct support enabled were being displayed as not enabled
- Resolved an issue in which password reset emails were resulting in an error
- Resolved an issue in which users with sufficient permissions were unable to approve storage requests
- Resolved an issue in which enabling and disabling products was causing incorrect message banners to be displayed
- Resolved an issue in which adding or editing conditions on a Detect policy was incorrectly redirecting the user to the top of the page
- Resolved an issue in which Application export to CSV was not including 'Notes'
- Resolved an issue in which Super Admin users were incorrectly unable to delete another administrator
- Resolved an issue in which attempting to search for integrations after a previous search attempt returned no results would also return no results, even with the integration present
- Resolved a display issue in which part of the billing page was being cut off on a mobile-sized screen
- Resolved an issue in which the pagination bar was not lining up correctly with the main grid and the bottom of the screen on multiple pages
- Resolved an issue in which Super Admin Child user were able to view and use applications at the parent organization level
- Resolved an issue in which the Unused Polices tile on the Health Center was showing incorrect results
- Resolved an issue in which mobile app pushes were not being sent to users using the beta app
- Resolved an issue in which users were unable to switch between Update Existing and New Install when actioning an approval request
- Resolved an issue in which parent organizations were not available as Source Objects in child Network Control policies
- Resolved an issue in which the Health Report was failing to export for large organizations
- Resolved an issue in which emojis were not visible in Help Desk ticket chat histories
- Resolved an issue in which tickets were not being correctly assigned to the technician participating in the live chat session
- Resolved an issue with computers not showing the proper deny count on the Computers Page
- Resolved an issue where, after a new Portal Release, users would need to hard reload to access the new version
05/06/2024: 1.8.1.151
Updated 05/15/2024
New Features
- Added Linux OS visibility to the portal in preparation for the new supported OS
- ThreatLocker Detect will allow users to delete a file directly from an endpoint. ThreatLocker will also upload a copy of the file as a precaution or for inspection
- Organizations with overdue invoices will now be locked out of their accounts. Based on permissions, administrators will be directed to either the billing page or to remove protection from all endpoints.
Improvements
- Improvements to the Computers page loading times
- Improvements to the display of the Health Report
- Made improvements to Detect policies to ensure a Full Path or Process Path condition is set before using the CMD Line Parameter as a condition
- Added column sorting to the Threats page
- Improved the logic on Computers Applied for application policies when there are duplicate policies in place
- To reduce the occurrence rate of false positive results, vendors with a high false positive rate have been omitted from the logs in the ThreatLocker Detect Alerts sidebar
- Within ThreatLocker Detect, we will now exclude Jiangmin's results from malicious results checks
- Added the ability to promote policies from the Existing policies tab on the Application sidebar
- Improved Help Desk flow by making a comment mandatory on tickets set to Not Resolved
- Improved the System Audit to include a warning when an incorrect format was used in the search filters
- Added visibility of the PsScriptPolicyTest policy denies into the Unified Audit, with the ability to filter them out by Removing White Noise
Bugs and Fixes
- Resolved an issue where the Health Center showed the error: 'Specified Credentials are invalid.'
- Resolved an issue preventing Mac computers from being removed from a Windows group
- Resolved an issue with errors during the password reset process with accounts linked to SSOs
- Resolved an issue with the password reset process intermittently timing out
- Resolved alignment issues with headers in the CSV export of the Unified Audit
- Resolved an issue with parent tags being removed from a child organization Network Control policy as a source when saved
- Resolved an issue where line breaks entered into the Request Window Appearance would not be displayed properly. We no longer accept the line break in the configuration
- Resolved an issue in which the Ready to Secure label on the Computers page was incorrectly displaying when sorting by Denied Count
- Resolved an issue in which the System Audit was showing false Denied actions when modifying the end date on a learning mode schedule
- Resolved an issue in which message banners were not visible when using light mode
- Resolved an issue in which admins were unable to edit ThreatLocker Detect policies without Community permissions
- Resolved an issue in which clearing a large amount of Detect Alerts was causing a timeout
- Resolved an issue in which the Issuer and Assertion were not visible until after a SAML integration was saved
- Resolved an issue in which the RedirectURL was not being removed when users attempted to remove it
- Resolved a minor formatting issue in which the word 'Tag' was cut off in Detect policies using Source or Destination IP address as the condition
- Resolved an issue in which the Ready to Secure progress bar was not displayed on Learning Mode durations of less than 5 days
- Resolved an issue in which choosing to Log in as Admin when requesting access to a Storage Control deny was redirecting to the Legacy Portal
- Resolved an issue in which Domains were not being correctly validated before saving.
- Resolved an issue in which password reset links were not working as expected
- Resolved an issue in which some customers were receiving an error when attempting to delete Application Control policies
- Resolved an issue in which users could not switch from Update Existing to New Install after inserting data into the text field
- Resolved an issue in which access icons were incorrectly displaying in duplicate for some applications
- Resolved an issue in which the Request Monitor Button was not visible on some Child Organizations' Detect Policies
- Removed the ability to add Windows applications to a MAC policy through existing policies on the Applications page
- Resolved an issue when using the Login as Admin function from the request access popup, SAML linked administrators will now be redirected to the application request properly.
- Resolved System Audit logs showing the incorrect hour for policy expiration times
- Resolved an issue with simulated denies and any combination of other filters not showing correct results
- Resolved an issue that would show admins the option <Automatic> for Installation maintenance modes in the application dropdown
- Resolved cases where an error message would generate upon administrator login
- Resolved an issue with the permission "Super Admin Child" for administrators on the parent level that would allow them to create policies on the parent level
- Resolved an issue on the Computers page when using the Restart Service for all devices function on the parent level would also restart services on the child organizations. This now only happens if you select the "Include Child Organizations" option on the Computers page
- Resolved an issue where MFA restrictions were not being applied properly to newly invited administrators and now requires proper setup of the allowed MFA methods
- Resolved an issue in which customers in Australia were not receiving emails from the Cyber Heroes in response to Approval Requests
- Resolved an issue where Customer Guidelines were not displaying on old approval requests when Cyber Hero Management was enabled for the first time
- Resolved an issue in which macOS storage requests were defaulting to the USB interface being selected
- Resolved an issue where the OS version for computers on the Computers page was not showing
- Resolved an issue where approval requests for a computer were removed when the computer was moved to a new computer group. These will remain as long as the machine remains in the same organization
- Resolved an issue with end-users without Co-Managed Direct Support being able to open Helpdesk tickets
- Resolved an issue where sending a password reset from the Administrators page would cause a timeout issue
- Resolved an issue on the Administrators page where resetting a password with a previously linked SSO account would cause a 417 error
- Resolved an issue with the Approval Process where adding RingFencing for PowerShell to an approved application would not include the "Windows PowerShell (Built-In)" application and policy
- Resolved an issue when creating a Helpdesk ticket for another organization from a child organization would cause a 400 error
- Resolved cases where creating an elevation with an expiration application policy would create a duplicate permit policy despite a policy already existing
- The System Audit will now display when an administrator views the Helpdesk page
- Resolved an issue where moving computers between locations (groups, organizations, etc.) could change the policy history to the incorrect version
- Resolved an issue in the Health Center where the IP address of logins was incorrectly showing as (0,0)
- Resolved an issue where administrators were not receiving request access emails from Storage Control policies
- Resolved an issue that would prevent former DUO MFA enforcement from being removed if the DUO integration was no longer being used
- Resolved an issue where password resets would not require MFA upon the next login
- Resolved an issue that allowed all zero hashes to be entered as a rule in applications
- Resolved an issue where IDs for portal objects were not displaying
04/22/2024: 1.8.0.127
New Features
- We have added local administrator management options. For organizations with Elevation enabled, this feature will provide a way to remove users from local Administrator groups. This is accomplished by either selecting the users to remove or creating a list of exceptions that will remain in the local Administrators group and automatically removing the rest. For information on this exciting new security tool, view the newest KB article: https://threatlocker.kb.help/elevation-control-module/
- The ServiceNow integration is now available. All ServiceNow integrations may require a Business Analyst Scoping call to expand the functionality of the default options. The Calendly link to schedule a call is available on the ServiceNow KB. https://threatlocker.kb.help/servicenow-integration/
Improvements
- Made improvements to notification banners to display information to customers without blocking any portal functionality
- Removed email on policy match for MAC applications as this feature does not function for MAC
- Added an issue in which the calendar was closing automatically after selecting an end date when attempting to schedule a maintenance mode, even if a start date was not selected
- Made improvements to the Computers page to help improve loading screen times
- Added the ability to promote policies from the Existing policies tab on the Application sidebar
- Computers Page - Add Learning Progress Bar to computers set to Indefinite Learning
- The Integrations dropdown will only show available options once users begin typing
- The Unified Audit now has a Deny Application option on the sidebar
Bugs and Fixes
- Removed Global Groups from the Applies to dropdown in Network Control, as Network Control does not yet support global groups
- Resolved an issue where the Message section of the Tray Notification Customizations would allow more characters than supported. The current maximum for this field is 80 characters.
- Resolved an issue with Helpdesk unassigned tickets not populating correctly
- Resolved an issue on the Organizations page where the main grid was showing the incorrect number of secured machines
- Resolved an issue in which the Ignore button was not functional until the page was refreshed
- Resolved an issue where Super Admin Child accounts would get a 401 error on several pages
- Resolved an issue with Detect where blank conditions or actions could be saved
- Resolved an issue in which Tax Certificates were unable to be submitted using South Dakota as the selected state
- Resolved an issue in which attempting to add to policy for Network Control from a Unified Audit entry was incorrectly adding the address as text in the textbox
- Resolved an issue where Detect Exclusion options were fully visible
- Resolved an issue where the history from a chat with a Cyber Hero would not save to the Help Desk ticket
- Resolved an issue with ThreatLocker Detect exclusions being sent down to the endpoints when the Deploy Policies button is pressed
- Resolved an issue in which computers using Installation mode were being incorrectly counted as "Secured" on the Computers Page
- Resolved an issue in which part of the Reports page was being cut off on smaller computer screens
- Resolved an issue in which LiveChat was incorrectly causing an error on close
- Resolved an issue in which email addresses were not able to be added to the Organization settings page for Escalation settings
- Resolved an issue in which the bottom policy on the ThreatLocker Detect page was not viewable on a vertical monitor
- Resolved an issue in which wildcards were incorrectly able to be saved in Canary File Paths in Detect Conditions even though they would not work
- Resolved an issue in which adding IP addresses to tags from the Unified Audit was incorrectly inserting text along with the IP address
- Resolved an issue in which the memory usage was being incorrectly reported in the Computers sidebar
- Resolved an issue in which Storage approvals were incorrectly including backslashes for macOS
- Resolved an issue in which special characters were causing an error when creating passwords
- Resolved an issue in which a 400 error was being received when using the Remove Unused Applications button, although it was successfully removing the applications
- Resolved an issue in which customers in Australia were not receiving emails from the Cyber Heroes in response to Approval Requests
- Resolved an issue with ThreatLocker Detect that prevented a logged-in administrator from accessing their integrations for actions for child-level Detect policies
- Resolved an issue with ThreatLocker Detect where the Delete and Upload File button would remain after a file was deleted
- Resolved an issue that triggered an error when trying to delete a child application from within a parent organization
- Resolved an issue with enabling/disabling Cyber Hero Management and the corresponding Cyber Hero Access settings
- Resolved an issue with Storage Control preventing administrators from adding a device to a storage policy
- Resolved an issue with SAML on mobile
- Resolved an issue in which a type in the Permitted tag was causing the permit to be displayed in red in the System Audit
04/10/2024: 1.7.9.114
Improvements
- The Legacy Portal is now depreciated. Contact a Cyber Hero if you are experiencing any difficulties with this change.
- Improved the Datto Integration to now require HTTPS as a requirement for the PSA Zone URL
- The Configuration Manager banner is updated to reflect 8.8 as the required Windows Agent for the upcoming changes
- Text options for Outbound Network Control destinations, for example domains, are coming soon
- The ability to request monitoring of personal Detect policies is now available in ThreatLocker Detect. Once requested, the policy will be locked while the Detect team reviews the policy. If they approve, the policy will show as Monitored, and if they deny the request, the policy will unlock. Communication about this process will be available via the HelpDesk ticket created during the request
- A Portal banner has been added for any clients that have enabled Cyber Hero Detection and Response but have computers running a version lower than 8.7.1. This service will not protect as intended on machines running less than 8.7.1 and should be updated immediately
- ThreatLocker Detect Alerts Center now shows Snoozed alerts as a filter option
- When Cyber Hero Managed Detection and Response is enabled, all active alerts for the Organization will be cleared
- Added a CSV export option on the Computers page to simplify data collection
- Clarified the Detect total threat levels. Now, the Computer’s total threat level is displayed on the main grid, and the policy’s impact on the alert is displayed in the slideout
Bugs and Fixes
- Resolved an issue with Network Tags not showing for ThreatLocker employees
- Resolved an issue where Detect Exclusion options were fully visible
- Improved the Network Control Object Challenge timeout to a maximum of 1000ms. The default time is now set to 300 ms
- Resolved an issue with the use of Tab within the description of a new Help Desk ticket
- Resolved an issue with Mac computers receiving an error when Learning or Installation Mode fails
- Resolved an issue where moving a computer to a new group would display incorrect learning settings after the move
- Resolved an issue with Configuration Manager where the Policy Expiration field on new policies was prefilled with the current date/time
- Resolved an issue in ThreatLocker Detect where alerts became unactionable after authenticating using the QR code feature
- Resolved an issue with the Learning Monitor Mode Duration of 45 Days
- Resolved an issue where the Copy Existing Policies option would copy policies out of order
- Resolved an issue where the System Audit logs for Elevation Policy creation were incomplete
- Resolved an issue with the Copy Existing Policies, where changing the source Organization would remove the destination Organization
- Resolved an issue with Copy Existing Policies where a success message would show even if improperly configured
- Resolved an issue where emojis were not showing correctly in HelpDesk ticket comments
- Resolved an issue with unclear password requirements
- Network Control Policies can now be copied between organizations or child organizations
- Resolved an issue where the ThreatLocker Testing Environment would not open as expected for all approved file types
- Resolved an issue where moving computers within the same organization was removing computer-level policies
- Resolved an issue where administrators were unable to specify the global group when using installation mode for a new application
- Resolved an issue with quotes where the address field would not support longer addresses
04/04/2024: 1.7.8.105
Improvements
- Added display of the exact date/time to entries in the Response Center
- Made improvements to Outbound Network Control policies to add Text in dropdown for Destinations to make setting destinations more user-friendly
- Made improvements to the Application Control Policies sidebars to automatically scroll down after selecting 'Assist with programs that require local administrator privileges"
Bugs and Fixes
- Resolved an issue in which password reset labels were being displayed incorrectly
- Resolved an issue in which pressing the Enter button after typing a title for a storage policy was incorrectly triggering the 'Publish to Community' button
- Resolved an issue where deleting a policy from the Application Control Policies page would not log the name of that application in the System Audit
- Resolved an issue where deleting a Child Organization would not delete the associated Administrators
- Resolved an issue with Product Research where the incorrect research would populate intermittently on the Application Control page
- Resolved an issue with ThreatLocker Detect where the Canary File Path condition would allow the path to end in unsupported characters
- Resolved an issue with simulated denies and any combination of other filters not showing correct results
- Resolved an issue where deleting an application would redirect to the first page of the main grid on the Applications page
- Resolved an issue where domains were still attached to a specific organization after the organization had been deleted
- In the Application Approvals sidebar, we have added more information around "How many computers will this affect" to now include the computer group name the computer is associated with
03/29/2024: 1.7.7.103
Improvements
- Added the ability to delete local admins from a computer and to specify exceptions from within the ThreatLocker portal
- Made improvements to the pagination count on the Unified Audit
- The Unified Audit will no longer show total issue counts based on search results. A checkbox option will now allow administrators to show that information
- Made improvements to the All/Any conditions in ThreatLocker Ops
- On the Storage Control Edit/Create policies sidebar, the policy expiration slider has been updated to a date/time picker
- Made improvements to loading the history and comments in Help Desk tickets
Bugs and Fixes
- Resolved an issue with CHMDR instructions where instructions for Cyber Heros were being cut off
- Resolved an issue with invoices showing a balance even though the total due had been submitted
- Resolved an issue in which some computers' ThreatLocker Version did not update according to the Update Channel set for their group
- Resolved an issue in which the System Audit wasn't capturing policy status changes made from the Edit Policy sidebar
3/27/2024: 1.7.6.95
Improvements
- Made performance improvements when executing Unified Audit searches using a wildcard in the full path input box
- Added a label on Outbound Network Control policies to show that it requires TL Version 8.6.1 or greater
- Added a warning to inform users that combining All/Any conditions in ThreatLocker Ops/Detect policies requires TL Version 8.7 or greater to work as intended
- Made improvements to the Applications page to display a yellow warning label instead of a red one
- Minor UI improvement on the Computer Groups page to display the update channel with chip styling
- Added a message banner to inform users that once Cyber Hero Managed Detection and Response is enabled, they must reach out to their Solutions Engineer to configure their runbook
- Made improvements to the messaging displayed when attempting to view a locked module
- Minor UI improvements to the Tags sidebar
Bugs and Fixes
- Resolved an issue in which attempting to view the TAPS password on the Computers page was resulting in an error
- Resolved an issue in which admins were able to see and select parent level applications when selecting to add to Matching Application from the Unified Audit and Approval Requests
- Resolved an issue in which a Captcha loop was created when retrieving results from Virus Total using ThreatLocker Hash instead of SHA
- Resolved a minor grammatical errors on the Computer Groups sidebar
03/21/2024: 1.7.5.93
New Features & Important Updates
- ThreatLocker Ops has been renamed ThreatLocker Detect
- The Health Report is now available for all clients and can be run from the Health Center
- Starting in version 8.7, Configuration Manager will support the option to Revert back to the original Windows configuration. This change means that all Configuration Manager policies created prior to 8.7 will no longer be editable and will need to be recreated in the new format. Older Configurations will continue to work until a new Configuration is put in place to change the setting. Any computer installed after the release of 8.7 will not be covered by the legacy policies. Please reach out to your Solutions Engineer or a Cyber Hero for more information about this change
- ThreatLocker Ops/Detect Any & All Conditions has been seperated to allow for both to be used within a policy. Moving forward, the logic is that All of X conditions and Any of Y conditions must be met for the policy to be matched
Improvements
- The OKTA Integration now supports Workforce Configurations where previously only OAuth0 was supported. Workforce configurations will use OKTA groups instead of roles
- The Learning Period options now include 45 days as an option
- On the Computers Page sidebar Network Tab, Outbound traffic will parse the Destination, Inbound will parse the Source
- On the Computers Page sidebar, on the Network Control tab, private IP addresses will not be scanned for maliciousness
- Resolved an issue with the Computers Page sidebar on the Network Control Tab where Inbound traffic was reported as Outbound, and vice versa
- Windows machines can now use the Baseline All Paths Except option found in the Computer Group Settings sidebar
- The Legacy Logon page now reflects the message "The ThreatLocker legacy portal has been deprecated. Please log into the live portal at https://portal.threatlocker.com."
- Improved the Import Policies process to ensure users select a destination prior to actioning the change
- Added Organization, Hostname, Hash, Certs, etc. to the CyberHero Escalation email sent to administrators
Bugs and Fixes
- Resolved an issue with SAML requests where the incorrect Issuer ID was being sent out
- Resolved an issue with an expired API key for the Map on the Health Center page
- Resolved an issue with the ThreatLocker Ops/Detect CSV export feature that was unresponsiveResolved an issue with editing Certificates if there was more than one certificate suggested
- Resolved an issue with LiveChat where a chat started from inside an existing ticket would show the ticket owner as the person who started the chat
- Resolved an issue where Tag names were not updating inside policies when they were changed
- Resolved an issue where deleting an application would cause a 400 error even though the application was deleted successfully
- Resolved an issue on the Computers Page Network Control Sidebar, where the Transport Layer was incorrectly labeled as Serial Number
- Resolved an issue on the Unified Audit that provided different search results based on Policy Name or Policy ID
- Resolved an issue with Storage Control where deleting a machine and then deleting a storage device associated with that machine would cause an error
- Resolved an issue with a client-specific error when approving a global policy with an expiration
- Resolved an issue with the Okta Integration sidebar that didn't allow scrolling through groups
- Resolved an issue with inconsistent date pickers between the Schedule Maintenance options
- Resolved an issue where formatting on the Computers page was malfuctioning at very large or very small screen resolutions
- Resolved an issue with the Password Manager Keeper, where it would not fill in the OTC code
- Resolved an issue with the Pagination on the Approvals Page
03/19/2024: 1.7.4.89
Improvements
- OKTA Integration now supports Workforce configurations where previously only OAuth0 was supported. Workforce configuration will use OKTA groups instead of roles
- New banner will alert administrators if there is an overdue invoice
- Added a warning message when setting Enforce User Access Control Setting Configurations in Configuration Manager that it is not compatable with Elevation Control
- Added the Take Ownership option for the ThreatLocker Ops Threats page
- Added the ability to press the enter key when inputting ticket details in Approval requests and be taken to the next line
- The Applications Policies page now includes a 'Show All Policies' checkbox which will show all policies in hierarchal order from Global down to Computer Group
Bugs and Fixes
- Resolved an issue in which a banner across the top of the screen was displaying incorrectly on smaller screens
- Resolved an issue in which child organizations were able to view global as an option when promoting policies
- Resolved an issue in which ThreatLocker Ops policies viewed in the Community were not populating all values when opened for the first time
- Resolved an issue in which the incorrect warning message was being displayed when attempting to set a maintenance mode without completing all necessary components
- Resolved an issue in which the process ID was being incorrectly included when clicking Add to Application from the Unified Audit
- Resolved an issue with the 'Remove Unused' Button which was not removing applications
- Resolved an issue with the Remediation Tab in the Response Center where errors were populating related to permissions
- Resolved an issue with the Unified Audit filter for 'Computers Installed Over 7 Days Ago' which was not showing the correct data set
03/08/2024: 1.7.3.80
Improvements
- The remdiator will not be accessible by admin users and the permission "Allow Remediation" will no longer inherit to any super admins
- On the Computers Page, 500 is now an option for pagination
- Improved page loading speeds on the Unified Audit
- In ThreatLocker Ops, the Delete File function will require Version 8.7 or above, and a success message was added when a file is deleted
- Added a warning message if an Administrator attempts to navigate away from a page with an unsaved Manintenance Mode
- When chatting with a Cyber Hero, the logged in administrator's name will show, rather than the primary contact of that organization
- In the System Audit, the Entity ID field will now return Storage and Network Creates, Updates, and Deletes
- In the Administrators sidebar, a Reset OTC option is now available
- Added a message on the Install Computers page that informs the user that renaming the Stub Installer could cause the installation to fail
Bugs and Fixes
- Resolved an issue with scaling and the Reports Page, where zooming in over 125% with a monitor resolution of 1920 x 1080 caued infomation to get cut off the screen
- Resolved an issue with slow loading times on the Maintenance Type dropdown on the Computers Page slideout
- Resolved an issue where a user role could not be applied to multiple organizations unless that role had already been applied to one
- Resolved an issue where the Application Control page was displaying too many countries
- Resolved a formatting issue in which the Unified Audit summary on the Health Center Page was extending out of its box when extended across multiple screens
- Resolved an issue in which opening File History in an approval was generating an excessive amount of logs in the System Audit
- Resolved an issue in which adding file exclusions for Ringfenced Command Prompt policies was incorrectly auto populating the command arguments
- Resolved an issue in which the Ready to Secure filter on the Computers page was incorrectly displaying computers that still Need Review
- Resolved an issue in which some customers on a single instance were unable to log in using the SAML integration
- Resolved an issue in which some customers were receiving errors when trying to permit applications from the Unified Audit using a custom rule
- Resolved an issue in which Ringfencing icons were being incorrectly displayed for browser extensions
- Resolved an issue in which child organizations were able to view and action parent level approvals
- Resolved an issue in which the Needs Review progress bar on the Computers page was opening a Unified Audit search starting the date of installation instead of four days from the current date
- Resolved an issue in which a link to Release Notes on the login page news feed was requiring the user to navigate to Facebook before being taken to the KnowledgeBase
03/05/2024: 1.7.2.77
New Features
- When searching with the hostname filter (not advanced filter) it will now be an exact search unless the wildcard * is used
- The Remediator MSI is available with options in x64 and x86
Improvements
- The Refresh Policies interval on the Computer Groups slideout label now reflects Heartbeat Interval Seconds and has an upper limit of 300 seconds
- When creating a new parent organization, the "Threatlocker Override Codes" application will no longer be created. The method of obtaining these codes is no longer used on agent version 7.6 and above. Codes are available from the report on all updated agent versions
- The Threatlocker Ops sidebar section for Applies To is now type-searchable
- Network Control policies will now update the Group Names when the group name is changed and when that group was used as an Object in the policy
Bugs and Fixes
- Resolved an issue with Approval Requests where an error message displayed "Violation of Unique Key constraint"
- Resolved an issue in which resetting an administrator password incorrectly redirected users to an "Are you lost?" page
02/29/2024: 1.7.1.71
Improvements
- When an endpoint is in Disable Ops Alerts Maintenace Mode, the options to Lockdown and Isolate will be disabled
Bugs and Fixes
- Resolved an issue where IPv4 Tags were adding as text
- Resolved in issue with the Unified Audit File History where all results were not being populated as expected
- Resolved an issue with ITGlue Password Manager not interacting with our Login page as expected
- Resolved an issue with Safari Password Autocomplete function not working with our Login Page as expected
- Resolved an issue with the Subscriptions page in Community where subscription data was not being stored as intended
- Resolved an issue with the Computers Page Baseline option where Baseline All Paths Except Selected option was not saving as intended
- Resolved an issue with Bitwarden inserting saved passwords on our Login page
- Resolved an issue that allowed Adminstrators to schedule multiple of the same Maintenace Modes at the same time
02/27/2024: 1.7.0.70
Bugs and Fixes
- Resolved an issue where if an endpoint had multiple maintenance modes, an error would trigger when trying to secure
- Resolved an issue where the Remediator would not auto-scroll down through the last run commands
- Resolved an issue with the disconnect for the Remediator by adding redundancy to the stop / exit action
- Resolved an issue that triggered an error when trying to delete a child applicaiton from within a parent organization
02/27/2024: 1.6.9.63
New Features
- ThreatLocker Managed Detection and Response is available to clients who have purchased ThreatLocker Ops. Cyber Heros will manage and respond to all Ops alerts and respond according to client's directions, up to and including locking down or isolating an endpoint, contacting a designated client with information about an alert, and adding or managing policies within Ops
- The ThreatLocker Tray will now alert end-users of our research on their software requests, including software name and company name, countries of operation, levels of access to their systems, and software categories. This will allow end-users insight into the software they are requesting and help guide their decision-making process prior to requesting the approval
- Introducing the Remediator. ThreatLocker Ops clients will now have the ability to download and enable a tab in the ThreatLocker Ops sidebar which will interact with the PowerShell of an endpoint, all from within the ThreatLocker portal
- Introducing our integration with Halo PSA! Once integrated, tickets in the Approval Center will show in the Halo portal, and when actioned or closed, reflect that status change in Halo as well
Improvements
- Okta users who have also integrated with SAML are now able to control ThreatLocker Administrator settings from Okta, including:
- Creating, removing, deleting, updating users,
- Adding new groups to users
- Adding and removing established groups to users
- Three new conditions will be available in ThreatLocker Ops; Countries, Categories, and from Risks. Policies can be created to monitor for software running from certain countries, from certain software categories, and for known risks
- When the new Disable Ops Alerts maintenance mode is enabled, the ability to lock down or isolate an endpoint will be disabled
- ThreatLocker Ops now includes a 10 minute Snooze option. This option will temporarily hide all current alerts and allow Administrators to review any new incoming alerts to determine threat level of that endpoint
- On Mac application policies, the policy status is now available to be changed from a dropdown on the Policy page, including options to Inherit, Secured, and Monitor
Bugs and Fixes
- Resolved an issue where users were logged out unexpectedly due to valid authorization tokens being marked incorrectly
- Resolved an error where applying the same role to multiple child organizations on the same Administrator caused an error
- Resolved an issue where formatting on the Computers page was malfunctioning at very large or very small screen resolutions
- Resolved an issue that prevented Administrators from creating 8 character passwords
- Resolved an issue with the ThreatLocker Ops sidebar in the Baseline tab which was displaying incorrect data
- Resolved an issue with placing a child endpoint into Learning or Installation mode and the visibility of applications of both child and parent applications
- Resolved an issue where opening a Storage Control request for a child account in the Response Center would trigger a 400 error
- Resolved an issue where Tags in the Destination section of a new Network Control policy were unavailable
- Resolved an issue within the Unified Audit with the wording of a policy set to Monitor status. The sidebar will now say "Monitoring Policy"
- Resolved an issue with the left side navigation bar and how it resizes as screens are resized
- Resolved an issue where deleting a child organization would not delete the domain, preventing clients from registering a new account with that domain
- The Help Desk Ticket window now allows for more room in the Summary section when creating an offline ticket
02/16/2024: 1.6.8.55
Improvements
- In ThreatLocker Ops, policies can now be applied to the Global level
- In the Options section on the Computers Page, Computer Groups Page, and Organization Page has been updated so clients can view Master Only-enabled options and remove them if necessary
- Added a Snooze button on ThreatLocker Ops Alerts to temporarily hide current alerts for a set period of time
- Throughout the portal, we have added a 'Copy Link' options to share URLs for certain pages with other ThreatLocker Administrators
- Government Azure Tenants are now supported using Office 365 SSO using either Microsoft Global Services or Microsoft US Government
Bugs and Fixes
- Resolved an issue where scheduling a maintenance period through the advanced Wrench Icon was not setting the end time ahead by an hour
02/14/2024: 1.6.7.50
Updated 02/16/2024
Improvements
- A new status of Not Learned is now available in the Approval Center. During automatic learning, if ThreatLocker can’t name a file (for example, from the downloads or documents folder), we don’t learn the file. This status will now be visible in the Approval Center with a blue background to help understand how these files were first identified by ThreatLocker.
- The End User License Agreement (EULA) popup will now populate when users install on a new endpoint and redirect to the Computer Group page after accepting
- On the Organization Page, the License Count column has been updated to the License Method
- In the ThreatLocker Community, Configuration Manager Policy has been removed as an option from Item Type
- On the Computers Page, the Denied Counts for each endpoint have been added for each endpoint for the last 1/3/7 days
- On the Install Computer Groups page, under Actions, the Download Installer popup now includes a sharable URL link once a group is selected, which can be entered on an endpoint to install that endpoint into the selected group. Users will choose Stub or MSI, and x64, or x86 versions
Bugs and Fixes
- Resolved an issue with the Trial feature and Incident Responce companies which caused the trial to not start as intended
- Resolved an issue on the Application Control page showed too many country flags for Countries of Opperation
02/13/2024: 1.6.6.45
Improvements
- Updated several Legacy portal reports to pull data from the new portal
Bugs and Fixes
- Resolved an issue with multiple bad attempts at adding MFA 6 DIGIT CODE
- Resolved an issue with the billing for Configuration Manager and ThreatLocker Ops
- Resolved an issue with editing login settings for child organizations and MFA settings
- Resolved an issue with Product Research related to how Business Rating and Concern Rating were displayed based on value
- Resolved an issue when searching and including empty spaces before or after an Application name
- Resolved an issue with the visibility of certain modules based on selection in the Organizations Modules dropdown related to combinations of Application Control, Elevation, Default Deny, and Ringfencing
- Resolved an issue from 1.5.0 where exporting Application Definitions would not include all definitions in the export
- Resolved an issue with updating an Administrator role which would log a Deny action in the System Audit
02/07/2024: 1.6.5.37
Improvements
- PERMISSIONS CHANGES: To view Ops and all incuded sidebars, users will need a combination of Ops and Unified Audit permissions, either view or manage. For visibility only, we recommend:
- Allow View Checkin History
- View Unified Audit
- View ThreatLocker Ops (Edit option available)
- View Ops Alert Threats (Manage option available)
- View Ops Alert Remediations (Manage option available)
- Edit Computers
- Improved messaging in ThreatLocker Ops if user does not have correct permissions
Bugs and Fixes
- Resolved an issue with some ACH payment methods failing to add
- Resolved an issue with the ThreatLocker Ops Sidebar and API return issues
- Resolved an issue where some users couldn't view the ThreatLocker Ops tab on the Computers slideout
- Resolved an issue with the SAML integration passing a 400 error if the description field is left blank
02/02/2024: 1.6.4.32
Updated 02/07/2024
Improvements
- Community will now publish directly after the user confirmation is complete
- Improved the location of the Read/Write setting on the Storage Control Policy sidebar to help users avoid misconfiguring policies unintentionally
- Improvements to ThreatLocker Ops Alerts sidebar to reduce false positive occurrences
- Community will now publish directly after the user confirmation is complete
- Improved messaging in ThreatLocker Ops if user does not have correct permissions
- PERMISSIONS CHANGES: To view Ops and all incuded sidebars, users will need a combination of Ops and Unified Audit permissions, either view or manage. For visibility only, we recommend:
- Allow View Checkin History
- View Unified Audit
- View ThreatLocker Ops (Edit option available)
- View Ops Alert Threats (Manage option available)
- View Ops Alert Remediations (Manage option available)
- Edit Computers
- Changed the location of the Read/Write setting on the Storage Control Policy sidebar to help users avoid misconfiguring policies unintentionally
Bugs and Fixes
- Resolved an issue with ITGlue when used as a password manager, where the login page would break on insert and not reload
- Resolved an issue with the Incactivity Log Out Timer which, when set to 24 hours, was logging users out after 24 hours regardless of activity levels
- Resolved an issue with the SAML integration passing a 400 error if the description field is left blank
- Resolved an issue with ThreatLocker Ops not accepting multiple contact emails in the Policy Actions section
- Resolved an issue where deleting an application immediately after creating a new application would result in a 400 error and the application would not be deleted
- Resolved an issue with setting new Maintenance Modes where, after adding the new mode, the end date would not reset as expected
- Resolved an issue where updating an administrator would result in a 400 error
- Resolved an issue where
02/02/2024: 1.6.3.29
Improvments
- Improved the icons for computer versions on the Computers Page
- When the machine is checking in under the targeted version and it is set to inherit the group, it will show the group icon before the version number
- When the machine is checking in under the targeted version and it is set to target a specific agent version rather than inherit from group, it will show the Computer icon to the left of the version
- When the machine is NOT checking in under the targeted version and it is set to inherit the group, it will show a mismatch, with the correct version being [group icon] [targeted group version]
- If the machine is NOT checking in under the targeted version and it is set to target a specific agent version rather than inherit from group, it should show a mismatch, with the right number being [computer icon] [targeted computer version]
- User agreements have been added to Community for any user attempting to download a policy or publish a policy for the first time
Bugs and Fixes
- Resolved an issue in which leaving a trailing space in a policy name could cause a policy rule to not match
- Resolved an issue on the Organizations Product dropdown to hide both Application Audit and Application Control when ThreatLocker Protect is enabled as they are included in that package
02/02/2024: 1.6.2.28
New Features
- Our OKTA integration is now available for public beta testing using SAML. This configuration will be based on OKTA roles.
Improvements
- Cyber Hero Management "Read Only" permission will now include Read Only access to the Computer Groups page
- Added a "Beta Testing" tag to our Okta Integration
- Improved the workflow for Mac Create Application to default to Mac Applications when actioned from a Mac Group
- Added the ability to see and use multiple certificates when creating custom application definitions from files that have more than 1 certificate
Bugs and Fixes
- Resolved an issue with Permit Application where adding a new certificate would hide visibility of all other included parameters
- Resolved an issue with our Partner Resources section connecting to the incorrect file server
- Resolved an issue where promoting a child organization to the parent level would change Built-In applications to custom applications
- Resolved an issue that prevented clients from viewing the save button on the Computer Groups Settings sidebar
- Resolved an issue some users experienced when filtering the Unified Audit by Computers in Secured Mode and Unsecured Computers
- Resolved an issue some customers experienced when attempting to access the Response Center Approvals tab with limited approval permissions
- Resolved an issue with the visibility of the last entry on the list of computers on the Computers Page
- Resolved an issue with the Remove Isolation icon in the Response Center not disappearing once isolation was removed
1/30/2024: 1.6.1.23
New Features
-
ThreatLocker has released Community, a place to share policies used within the ThreatLocker Platform. Users will have the ability to share policies they use for the benefit of the collective, copy published policies to implement in their environment, view featured or popular policies, and follow policy creators, such as ThreatLocker, to continue to see their posts.
Improvements
- Added 2 new permissions Manage Community and View Community. Manage Community permits the user to publish their own policies on the community and download shared policies from the community. View Community provides the user with view-only permission of the community
- Made improvements to the System Audit to now reflect both the Organization and the Computer Group that computers are moved to and from
- Minor UI improvements in the Ops Alerts sidebar
- Added visibility of Mac applications within the view all option on the Application Control > Applications page
- Removed the option to send email on policy match from Application Control and Storage Control policies as this is now centrally managed using ThreatLocker Ops
- Increased the character limit for ThreatLocker Ops Policy names up to 100 characters
- Improvements to the scheduling maintenance modes user flow, ensuring Maintenance Modes are properly added prior to closing the sidebar
- Made improvements to ThreatLocker Ops, simplifying the process of specifying Applications and Policies in Ops Actions and Conditions
Bugs and Fixes
- Resolved an issue on the Computer Groups page where the incorrect Windows version was displayed as the latest version
- Resolved an issue that caused comments in Help Desk tickets to load slowly
- Resolved an issue on version 1.5.0.14_C, where moving machines from a child to a parent organization would create unnecessary policies
- Resolved an issue in ThreatLocker Ops where conditions that include IP addesses were being automatically duplicated
- Resolved an issue in which rating and download count was reset when a policy was republished to the community
- Resolved an issue in which the Event Log ID was not being displayed within the ThreatLocker Ops Alerts sidebar
- Resolved an issue in which ThreatLocker Ops Conditions were not reloading when a variable was changed
- Resolved an issue in which the Does not Match operator in ThreatLocker Ops was only selectable once per the All condition
- Resolved an issue with the web browser tab displaying the incorrect ThreatLocker page title
- Resolved an issue in which the Computer Groups tab was not visible from a mobile browser
- Resolved an issue some customers experienced when attempting to access the Response Center Approvals tab with limited approval permissions
- Resolved an issue which prevented an existing contact from being invited as an administrator
- Resolved an issue with ticket loading speeds in Help Desk
1/26/2024: 1.6.0.20
Improvements
- The File History tab on the Approval Request sidebar will now show up to 30 days of history
- Througout the portal, date and time will be shown in exact amounts with an approximation available as a hoverover
- A banner has been added to beta.threatlocker.com to alert users that using Beta is not recommended, and the preferred site is portal.threatlocker.com
- Clients will now receive a warning when attempting to delete a Global group and be required to type DELETE to proceed
- On the Computers page, the flags for Inactive and Offline computers have been made more prominent
- On the Application Control page, when the "Include Child Organizations" checkbox is selected, the associated child organization names will be displayed behind the name of the application in parenthesis
- Improved Help Desk logs in the Ticket History section, including logging when a ticket is viewed but not altered
- The Customer Resource Portal is now available with a limited selection of articles, white papers, resources, and branding
Bugs and Fixes
- Resolved an issue that prevented users from opening a chat with a Cyber Hero
- Resolved an issue with the visibility of certain modules based on selection in the Organizations Modules dropdown related to combinations of Application Control, Elevation, Default Deny, and Ringfencing
- Resolved an issue with mobile browsers not showing Login Settings on the Administrators page
- Resolved an issue with scheduling a maintenance mode in the Schedule Maintenance slideout related to setting Start Date / Time
- Resolved an issue with Super Admin clients and the landing page not directing to the Health Center on Login
- Resolved an issue which prevented an existing contact from being invited as an administrator
- Resolved an issue with the ThreatLocker Ops Installs tab not displaying "Known Threats Only" properly
- Resolved an issue with the Approval Center Testing Environment that prevented users from progressing if a testing environment was unavailable
- Resolved an issue with the button sizing of multi-select options on the Network Control page
- Resolved an issue with the visibility of the last alert on the Alerts tab in the ThreatLocker Ops sidebar
- Resolved an issue on the Help Desk page where highlighting all text would cause an unexpected page shift to one side
- Resolved an issue where adding a child application to a parent application would cause an error
- Resolved an issue with the Unified Audit "Add to Tag" which would not add network exclusions as intended
- Resolved an issue with the auto-save function in the Description section of the Help Desk
- Resolved an issue with pasting long amounts of text into the Comments section of the Help Desk
- Resolved an issue with the Help Desk sections Summary of Issue and Description of Issue related to showing incorrect information when reopening a ticket
- Resolved an issue with the refresh option in the Help Desk not updating the ticket status after it had been changed
- Resolved an issue with the pagination counts on the Help Desk page
- Resolved an issue with adding files during ticket creation on the Help Desk page
- Resolved several issues with automatic emails generated throughout the ticket life cycle in the Help Desk
1/22/2024: 1.5.0.14_A, B, C
Improvements
- Moving forward, if a form has missing information, the user will be directed to the correct tab to enter the information
- The Add to Tag feature now supports adding multiple IP addresses at once from the Unified Audit, mimicking the ability to Add to Application
- Ops Exclusions will now default to the preferred rule (Path, IP Address, etc.) based on the tab the exclusion is actioned from
- Policy Order has been removed from ThreatLocker Ops
Bugs and Fixes
- Resolved the discrepancy between the number of Approvals in the Response Center and the number displayed on the upper right page tab
- Resolved an issue with special/foreign characters used in passwords which caused login fails
- Resolved an issue with missing Web Data icons on the Application Control Module
1/19/2023: 1.5.0.14
New Features
- When an adminisrator creates a new user, they will now have the option to choos roles and permissions for the newly invited user prior to finalizing the invitation
- Our Legacy Helpdesk is now depreciated and all users will be directed to our new Helpdesk to access Cyber Hero Support, including during Chat. All previously open tickets have been migrated over, as well
Improvements
- Resolved an issue where excessive clicking on create would allow users to make multiple organizations with the same information
- ThreatLocker Ops side bar options are now in a tabbed format, improving usability
Bugs and Fixes
- Resolved an issue with ThreatLocker Ops where viewing an Action Log the second time showed abreviated information
- Resolved an issue with white spaced saved during password creation in the Administrator sidebar
- Resolved an issue where Cyber Hero Management was enabled but full Cyber Hero permissions could be turned off
- Resolved an issue related to turning modules on and off in the Organziations settings which caused a delay in access
- Resolved an issue where super admin accounts managing a child account were unable to see parent applications via the maintenance mode side bar
- Resolved an issue with selecting or adding a Tag from a parent level organzation to a managed child policy
- Resolved an issue where Administrators with permission to create and assign roles or permissions could not add roles or permissions to other administrators
- Resolved an issue with logging in on Instance G related to Microsoft O365 authentication
- Resolved an issue with merging a child application into a parent application when managing the child organziation
- Resolved an issue with the Remove White Noise filter in the Unified Audit which did not include policies with Null name values
1/15/2024: The beta portal has moved to LIVE!
portal.threatlocker.com will now direct to our new portal and legacyportal.threatlocker.com will be available for a short time to allow users to learn our new system and layout.
ThreatLocker Ops is also included in this new change and is now fully available to clients!
10/13/2023: Released to beta.threatlocker.com
Updated 12/08/2023
New Features
- Instantly pay the total amount due on an invoice with a credit card or ACH using the Pay Now option
- In Organization Settings, the ability to set an automatic signout to administrators based on a time limit is now available
- Incident Recovery clients have the option to provide free 90-day trials for onboarding Incident Recovery accounts Contact your Account Manager for more information.
- For Windows users, a new "Enable Computer Proxy Server" setting is available in the Groups Settings, and will allow for Proxy Settings to be set prior to installation of new endpoints
- When a save button is disabled due to missing information in the form, a message will alert users to fill in the missing information
- Added new buttons "New Policy" and "New Tag" to the Application Control, Application Policies, and Tags screens
- The Azure integration now supports nested group mapping
- We have added the Ignore option to Storage Requests
- Added the Maintenance Settings button to all Learning Modes on the Computers Page
- The Unified Audit will now filter by operating system to make sure that adding an application will match the destination operating system
- In the Computer Groups settings, Excluded Processes options now include Network exclusions
- ThreatLocker Cyber Heros can now enable Auto Refresh in Organization settings on behalf of Administrators. This will enable the option to be checked on the Health Center and the Approval Center.
- We've added an additional message when deleting Configuration Manager policies to clarify intended behaviors
- In Organization Settings, administrators can now toggle off the option to send emails to end users from NoReply@ThreatLocker.com
- To increase security around MFA options, SMS will no longer be an option for newly created administrators
Improvements
- Improvements to data validation on ThreatLockerOps Policy fields to ensure policies are written properly
- Automatic emails will be sent when a card is declined from billing.threatlocker.com
- Added a Created By column to the exported Unified Audit report
- Added the ability to give users view-only access to the Computers page
- The Check-In History feature is now available to all clients
- Added a "Remove Unused" which will supply a calendar choice. Policies not matched before the date selected will be removed
- Policies with schedules will now be highlighted with a calendar icon in the Policy Action column on the main Policies page
- To improve clarity, Policy Status will only be displayed if the policy is a permit with Ringfencing or a deny.
- The Computer Check-In tab now has a refresh button
- Added the ability for users to select parent groups from the policy level dropdown and move policies to different organizations
- Advanced Unified Audit settings now allow for muliples of certain Field choices
- A warning has been added to the Computer Proxy Settings to alert users that disabling the setting will prevent communication with ThreatLocker
- Proxy Settings are now known as ThreatLocker Relay Server settings
- Mac computers incorrectly installed into a Windows group are now able to be moved out of that group
- Storage Policies will now include a creation data
- Storage Policy creation will now default to permanent
- Automatic emails will be sent from billing.threatlocker.com when a card is declined during the Pay Now process
- Added information to the System Audit, including who ended a Maintenance Mode if it was ended manually
- We have updated the UI for Elevation to a slider to simplify the addition of Elevation time without the need to calculate time zone differences
- Improved application visibility so that applications in grandchild organizations can be seen in parent organizations
- Added Network Control policy options for Communication Protocols that includes TCP/UDP, TCP, and UDP. Policies will default to TCP/UDP
- On the computers page, we have added a flag for any computer that needs to reboot
- Throughout the portal, in any text input field, examples and directions will be italicized, and pre-filled data will not
- Any portal activity that includes a change to the system like create, update, edit, delete, approve, etc. will now automatically refresh the page when the action is committed
- Improved the Open Testing Environment button to include a check that prevents administrators from calling a new testing environment quickly and repeatedly
- Improved the 403 error handling when a user's login token expires
- In the Application Policies sidebar, if a policy is not attached to an application, "Not Found" will be displayed instead
- Resolved an issue where, when moving a computer between organizations, the tags from the first organization would also be moved
- Improved the logging in the System Audit of changes to Roles, including reads, modifies, deletes, and creates
- Added the ability to create a policy at the same time when creating an application
- Approval Center columns are now sortable
- Improved and optimized the way table data is processed from various ThreatLocker databases
- Improvements to data validation on ThreatLocker Ops Policy fields to ensure policies are written properly
- Health Center Alerts are now displayed in a grid and are sortable
- Added Approval Center filters on each column
- Added an Operating System filter to the Application Control Page to limit views to Windows, Mac, or All
- Removed the option to use unsigned certificates within an Approval Request
- Added a new Front Page to highlight our new Beta Portal
- The timeout for the Reports Page has been increased to 10 minutes to accommodate large report generation
- Added an option to create an Application Policy as a new Application is being created
- Added information to the SAML integration page to simplify setup
- Improved the logging in the System Audit of changes to Roles, including reads, modifies, deletes, and creates
- Throughout the portal, in a text input field, examples and directions will be italicized, and pre-filled data will not
- Updated the Application Slideout option to improve clarity; "Kill Processes" is now "Kill Running Processes"
- UI improvements to the Storage Policies sidebar, the Network Control Policies Slideout, and the Applications and Application Policies Slideout
- UI Improvements to simplify the addition conditions for custom rules in the Applications Slideout and the Approval Center
- UI on save buttons has been simplified and updated,
- In the Application Policies sidebar, if a policy is not attached to an application, "Not Found" will be displayed instead of the policy
- Improved the 403 error handling when a user token expires
- Throughout the portal, the Log to Audit will be enabled by default and will not be available if the administrator selects "Deny" or "Ringfence"
- Any page activity that includes a change to the system, like create, update, edit, delete, approve, etc., will now automatically refresh the page when the action is committed to the portal
- In the Approval Request Slideout, the default will adjust to New Install if the file does not match a built-in or an existing application
- Users with access to our new Health Center will be directed there on login. Users without access to the new Health Center will be directed to the Organizations page on login.
- Throughout the portal, positive actions will be on the right (save, update, create, etc.)
- Mac computers will now have the option to ignore chosen paths during baseline
- From the Unified Audit, links to the associated policy will be included in the information sidebar
- Sidebars are no longer dismissible when clicking outside the sidebar, stopping users from losing data without committing the changes
- When Elevation and Ringfencing are not selected in the Modules option on the Organization page, the features related to these will be deactivated
- Updated the UI for Elevation to a slider to simplify the addition of Elevation time without the need to calculate time zone differences
- SMS will now include an agreement to receive messaging from ThreatLocker
- Improved application visibility so that applications in grandchild orgs can be seen in parent organizations
- Help Desk Emails have been reduced and will now only send when a ticket is opened, changed to In Progress, changed to Customer Input Required, when a comment is logged, or when it is marked resolved
Bugs and Fixes
- Resolved an issue that stopped file history from loading properly on both the portal and beta portal
- Resolved an issue where the Policy ID was not visible in Storage Control policies
- Resolved an issue that prevented administrators from creating a Storage Control policy
- Resolved an issue where ThreatLocker Suggested Policies were showing Windows options for Mac machines
- Resolved an issue with the Add to Application function from the Unified Audit
- Resolved an issue with automated emails related to the password reset process
- Resolved an issue with the pagination on Ringfencing entries
- Resolved an issue where Automatic was included in options for Application Maintenance Modes
- Resolved an issue where adding a Ringfencing exception would require an edit to the exception prior to saving
- Resolved an issue where exporting application definitions would include incorrect hash values due to CSV formatting
- Resolved an issue where Mac and Windows policies were applied to policies incorrectly based on OS
- Resolved an issue where Duo Integration settings were available without the integration enabled
- Resolved an issue where the Maintenance Mode ID was hidden
- Resolved an issue with the Record in Splunk setting in Application Policies
- Resolved issues with the Ready to Secure and Needs Review filters
- Resolved an issue where the Organization name displayed incorrectly based on the Managing Organization
- Resolved an issue with the way certificates show on the Application Control page
- Resolved an issue where the Promote option for a policy from the Application Control interface did not include a Global Group opiton
- Resolved an issue where Computer Level policies in the Unified Audit did not show machine name
- Resolved an issue where IPV4 and IPV6 values could be added to the wrong fields in Tags
- Resolved an issue where Mac policies could not be copied into a Mac group
- Resolved an issue where creating a group might not have default settings included
- Resolved an issue with non-existent organizations showing in the Move Computers drop-down
- Resolved an issue where the "Include Child Organizations" checkbox would not show as expected
- Resolved an issue on the Computer Page where the Isolate/Lockout required 8.1. The required version is 8.2
- Resolved an issue with the TheatLocker Service Restart message to improve clarity
- Resolved an issue where Super Administrators could update from the "Update ThreatLocker Version (ALL)" option
- Resolved an issue where an endpoint could go into Learning or Installation mode without selecting an application or hierarchy level, causing it to not learn as intended
- Resolved an issue where adding a long text exclusion to a Ringfenced policy would parse the exclusion into different unique exclusions
- Resolved an issue with Application Control where editing a policy would cause a 500 error
- Resolved an issue with a redirect for users with expired trials
- Resolved an issue with trailing spaces at the beginning and end of Ringfencing exclusions
- Resolved an issue where the default deny policy would not update on save as expected
- Resolved an issue with the Unified Audit when searching for simulated denies
- Resolved an issue where https logs included a non-encrypted flag incorrectly
- Resolved an issue with Ringfencing Powershell which would auto-populate more data than required
- Resolved an issue with Silent Elevation missing from options in the Approvals page
- Resolved an issue that allowed edit and move computer options at the Global level
- Resolved an issue with Storage Control and auto-populating the same file multiple time
- Resolved an error that occurred when changing policy level on existing policies
- Resolved an issue some customers experienced when creating MAC Application Policies where built-ins would fail to load
- Resolved an issue where deleting application definitions was not working as intended
- Resolved an issue that prevented administrators from creating a Storage Control policy
- Resolved an issue where the Policy ID was not visible in Storage Control policies
- Resolved a 400 error with Add to Application
- Resolved an issue preventing Mac Policies from being disabled
- Resolved a 400 error when moving certain computers into Learning Mode
- Resolved an issue with the Operating System filter, which failed to include all endpoints
- Resolved an issue with a missing hardcoded character when setting up ThreatLocker Relay settings
- Resolved an issue with lowercase serial numbers in Storage Control policies
- Resolved a filter issue between "Computers in Monitor Only" and "Mode and Computers in Secured Mode" on the Unified Audit
- Resolved an issue with Elevation that prevented the addition of Elevation during policy creation
- Resolved an issue where the Ignore Request button was showing in Unified Audit sidebars
- Resolved a 400 error when creating a new ThreatLocker Ops policy
- Resolved an issue related to Cyber Heros having access to approve requests without 'Full Control' set on ThreatLocker Access
- Resolved an issue with Mac Applications where "No Existing Policies" would display incorrectly
- Resolved an issue with the Health Center that prevented the log resolving an issue in the System Audit
- Resolved an issue with the View Approval button in the Cyber Hero Management Approvals Processed report
- Resolved an issue with the Save Search feature in the Unified Audit which prevented administrators from saving a search
- Resolved an issue with missing view for FireFox extensions in the View on System Lookup in the Approval Center
- Resolved an issue with Tags where deleting all tags would give a 400 error
- Resolved an issue with a 500 error sending more information than necessary
- Resolved an issue where permanent elevation applied to a permanent policy would still create two separate policies
- Resolved an issue showing MFA options on login without those settings being enabled
- Resolved an issue with the order of filtering in the Unified Audit column and Pending status
- Resolved an issue in Administrator settings that allowed users to select multiple MFA options
- Resolved an issue where files matching by SHA would not show in the Matching Applications section of the Approvals window
- Resolved an issue with Cyber Hero Management settings which forced clients to enter instructions when adding an email address
- Resolved an issue with Global Policies notification that a policy for that application already exists
- Resolved an issue with SAML interacting with Duo as a MFA
- Resolved an issue that prevented file history from loading properly on both the portal and beta portal
- Solved an issue in the Unified Audit related to timeouts by removing the Computer Groups filter from the Advanced Search Options
- Resolved an issue with newly created administrators who were forced to use Duo Authentication when Duo was not enabled
- Resolved an issue with the Help Desk related to uploading a file or attachment to a ticket
- Resolved an issue in Computer Groups Settings where users could not select None on Create Policies on Baseline Upload
- Improved search options in the Unified Audit to include that searching by Username no longer requires Domain
- Resolved an issue with Application Control that prohibited Elevation and Ringfencing during policy creation even with those Modules enabled
- Resolved an issue with Unified Audit advanced search filters not working as intended
- Resolved an issue with Application Control where Created By would incorrectly display as <SYSTEM>
- Resolved an issue where the Trial Expiration bar was not showing as intended
- Resolved an issue in the Portal where policies for one organization would show in another organization as administrators went between organizations
- Resolved an issue on the Computers Page where Parent Level applications were not visible in the Maintenance Mode drop-down
- Resolved an issue where a small amount of Network Control Policies sometimes lost the ability to be updated
- Resolved an issue that allowed computers with different operating systems to move into the same groups
- Resolved an error in the Help Desk that caused the Ticket History to not populate as intended
- Resolved an issue with Create New Applications where the Add to Policy option would not pre-populate all expected fields
- Resolved an issue in the Help Desk where Chat Summaries were not being included in the ticket history once the chat closed
- Resolved an issue where Elevation Policies were not ordered correctly on creation, causing the Elevation policy to be ignored
- Resolved an issue with the application policy expiration setting that did not allow for permanent elevation once set at a lesser amount
- Resolved an issue with the Switch to Portal and Switch to Beta links in the Portal
- Resolved an issue with Storage Control and Authorization Hosts where Applies To level was not being applied as intended
- Resolved an issue where the network policy count would not update when a network policy was deleted
- Resolved an issue allowing administrators to select all built-in apps when creating/editing a policy
- Resolved an issue where Child Organization Applications would not show permitted policies
- Resolved an issue when trying to update ALL computer groups and we now exclude Mac groups from that update process
- Resolved an issue with newly created administrators and their roles not applying to their account immediately
- Resolved an issue when a child org level application is moved up to the parent level, the permitted policies are in place for that application were not visible
- Resolved an issue allowing child level organizations to log in to the portal when the parent level had an expired trial period
- Resolved an issue where the Deploy Policies button did not turn red when a Policy was updated
- Resolved an issue with Grandchild organizations not generating the correct Authorization Key
- Resolved an issue with the installation script which was not including the correct instance when downloaded
- Resolved an issue where group level Cyber Hero Instructions were not available
- Resolved an issue in the Help Desk where the Closed Tickets popup would populate without including the closed tickets to review
- Resolved an issue where selecting items and then changing policy level would not de-select those checked items
- Resolved an issue causing approvals in the Approval Center to appear out of order based on time
- Resolved an issue with the Health Center that prevented the log resolving an issue in the System Audit
- Resolved an issue that allowed clients add rules in process path for Microsoft Edge or Chrome
- Resolved an issue with the Group By filter in the Unified Audit
- Resolved an issue with Elevation that was creating a second policy unnecessarily
10/10/2023: Released to legacybeta.threatlocker.com
Improvements
- Invoice Statements will now include a Payment Status that reflects the current status of each invoice listed on the statement
- On the payments page, the Total Amount Due has been updated to reflect refunds
Bugs and Fixes
- Resolved an issue with invoices marked Paid even after a failed payment had been processed
- Resolved an issue where newly invited users were not added to their group or organization
10/9/2023: Released to beta.threatlocker.com
Improvements
- Moved the Action Type column in between the Details and Policy Action columns
- In the Unified Audit, wildcards (*) can be used in the Details/Paths fields. A tooltip now highlights this change
- In the Unified Audit Advanced Search options, positives will be grouped together with an "Or" and negatives will be grouped together with an "And"
- In the Unified Audit, if a non-approved ( ! | <> %” ) special character is recognized, an error message will appear
- When a policy is set to Deny, the option to "Log to Audit" will not be available to configure. All Deny actions will be logged
- When adding a new email to the Cyber Hero Management Escalation, the default instructions will apply if that field is left blank
- Added a button to allow a policy to be created when creating an application
- We've added Tags to ThreatLocker Ops
- Our Azure Integration has been updated to allow .us sign-ins. This was a critical change to support GCC High Government Azure Tenant use
- Nested groups and Sync option are now available in the Azure integration
Bugs and Fixes
- Resolved an issue with conflicting data on login tokens related to API loops
- Resolved an issue where Network Control Policy Tags were not sending correct data
- Resolved an issue where, during an Approval Request, the Hash was not automatically added to an Application Definition when approved via a Maintenance Mode
- Resolved an issue with Network Control Policies causing a 400 error
- Resolved an issue in the Health Center which was causing timeouts on the Remote Management widget
- Resolved an issue with SAML related to the SAML redirect
- Resolved an issue with pagination on the Approval Center
- Resolved an issue causing Client instructions to be hidden in the Approval Request details
- Resolved an issue causing users to be logged out if they attempted to manage an organization without permissions
- Resolved an issue in the Unified Audit Advanced Search which would fail to clear previous selections when starting a new search sequence
- Resolved an issue where the Network Control System Audit logs did not include the policy level
- Resolved an issue with the Copy Policies button related to excessive concurrent clicking
- Resolved an issue causing users to be logged out when their permissions are changed. Sessions are only expired when the password is modified
- Resolved an issue with the UI for the Help Desk and overflowing components
- Resolved an issue where ThreatLocker Ops was not displaying correct information when the policy name field is null
- Resolved an issue allowing browser extensions requests to include Elevation
- Resolved an issue with the visibility of reports that contain over 30 columns
10/9/2023: Released to legacybeta.threatlocker.com
Improvements
- Invoice Statements will now include a Payment Status that reflects the current status of each invoice listed on the statement
- On the payments page, the Total Amount Due has been updated to reflect refunds
Bugs and Fixes
- Resolved an issue with invoices marked Paid even after a failed payment had been processed
9/19/2023: Released to beta.threatlocker.com
Improvements
- ThreatLocker Ops is now available for Clients
Bugs and Fixes
- Resolved an issue with Facebook information on the beta homepage
9/15/2023: Released to beta.threatlocker.com
Improvements
- Input directions are now displayed as italicized text
- On the Application Control Page, policies can now be viewed by Built-ins, My Apps, or All
- When an Approval Request matches a ThreatLocker Built-In Application, the option to open the Testing Environment will be less prominent but still available
- UI Improvements to the Application Policy Slideouts
- UI Improvements to the Unified Audit to improve the look and flow of information
- Password Reset Emails will now come from noreply@threatlocker.com
- In the Computers and Computer Groups Slide out, we have moved Tray Branding into a separate tab along the top
- Included a "Reset Password" button on the update admin Slide out.
- In Application Policies, Custom Rules (legacy feature) within Ringfencing will now only show for partners who are currently using a custom rule. Tags are now a separate field
- When Elevation and Ringfencing are not selected in the Modules option on the Organization page, the features related to these will be deactivated
- New Application Requests are now checked against multiple variables before creating a new policy, including Ringfencing and Policy Expiration
- The Unified Audit timeout is now 5 minutes rather than 2
- Added an end-user notification when an approval request results in the file being added to an existing application
- Prospective partners will need to participate in a Demo prior to logging into the portal and beginning a trial
- The Check-In History feature is now available to all clients
- In the Unified Audit Advanced Search options, positives will be grouped together with an "Or" and negatives will be grouped together with an "And"
- From the Organization's page, clicking anywhere in the organization table will open that organization in a new tab to manage. The settings icon will now open the settings sidebar
- In the Unified Audit, the hostname will now automatically fill available hostnames based on the managed organization, including child organizations if that parameter is selected
- The Create and Edit Password buttons now include the option to use SAML
- Tooltip added to the Restart Service option with an explanation of available options
- On the Computer's page, clicking the ThreatLocker Version will now open the Version dialog
- Added the Maintenance Settings button to all Learning Modes on the Computer's Page
- All Partners will now have access to the Check-In History, viewable on the Computer's Page
Bugs and Fixes
- Resolved an issue with Facebook information on the beta homepage
- Network Control Policies will now be grouped by source and destination locations
- Resolved an issue that caused internet exclusions to not apply to policies immediately
- Resolved an issue where updating a network control policy name would cause an error
- Resolved an issue which prevented users from logging based on their instance
- Resolved an issue with the visibility of "Trial Not Started"
- Resolved an issue where the Deploy Policies button did not turn red when a Policy was updated
- Resolved an issue where updating a network control policy name would cause an error
- Resolved an issue on the Computers page where sorting by any column would reset the page size to 25
- Resolved an issue with Maintenance History that would not include all data when viewing a child account from a parent account
- Resolved an issue with the Unified Audit searching where opening an advanced search option but not including any options would cause an error
- Resolved an issue with new Network Control Policies that would not properly update
- Resolved an issue with the View Check In times
- Resolved an issue with the way expiration polices populate based on existing/non-existing permit/deny policies
- Resolved issue with Never Expire elevation policies showing incorrect elevation expiration date/time
- Resolved an issue related to exporting large quantities of Unified Audit logs
- Resolved an issue related to visibility and switching between pages in Network Control
- Resolved an API issue with OS type which caused errors on Network Control
- Resolved an issue causing users to not enter Certificate SHA values to an application in the Unified Audit
- Resolved an issue with the option to copy Application policies from one child organization to another
- Resolved an issue with the option to copy policies from one child organization to another
- Resolved an issue causing approvals in the Approval Center to appear out of order based on time
- Resolved an issue were a domain could be reused in multiple different organizations
- Resolved an issue related to updating the information of a newly added administrator
- Resolved an issue with the count of permitted policies
- Resolved an issue where the Logon Scripts buttons were not functioning as expected
- Resolved an issue with the Created By field not populating as expected
9/13/2023: Released to legacybeta.threatlocker.com
Improvements
- All unique quotes will now generate a unique invoice. Appending a quote will also generate a unique invoice to reflect the changes.
- Mac versions 2.1 or higher will not learn ThreatLocker Hash and only use SHA256
- For Mac OS, Built-In applications will be applied during automatic learning
- Organization owners will now see their managed organizations at the top of quotes and invoices
- Private IP addresses are now visible in the portal on the computer's page
- Site Mapping has been added to the ConnectWise Integration
- Custom Rules for Google Chrome have been removed from the Rules Engine and will now only include hashes
- Clients with overdue invoices will now receive an email with the information to avoid service interruptions
- Threat level and Event Occurrence functionality are now included in ThreatLocker Ops
Bugs and Fixes
- Resolved an issue with MAC baselining that allowed it to learn a file that was already denied by a standing policy
- When creating groups, we will now check for existing policies prior to creating new policies
8/29/2023: Released to beta.threatlocker.com
New Features
- Added RMM Install Scripts to the new portal
- Added more options for a default elevation time in the Organizations settings menu
- Added Excluded Processes for all operating systems
Improvements
- UI usability improvements to the Storage Policy sidebar
- Improved the Move Computer function so that the learning schedule starts a day before the current date/time when enabling learning and rescan baseline
- Changed requirements of new clients who sign up for a trial. They will now be required to attend a demonstration prior to logging in
- Updated the visibility of Built-In Deny Policies on the Applications page
- Updated several areas of the portal to be consistent across the platform
- Included an option to open a new tab with a right-click
Bugs and Fixes
- Resolved an issue where creating a storage policy with a path that ends with a wild card will add an additional “\*” to the file path
- Resolved an issue where Duo MFA users' Log In activity was not logged in the System Audit
- Resolved an issue in the Unified Audit where the Policy Last Match parameter was not populating results as expected
- Resolved some discrepancies in language throughout the portal
- Resolved an issue during a change of password that left the active token open for longer than expected
- Resolved an issue causing a multi-select to clear when clicking outside of the multi-select options
- Resolved a flickering that happened when hovering over the Refresh button on the Computers page
- Resolved an issue with the Change Password button visibility and SSO options
- Resolved an issue preventing child administrators from populating as a primary contact on a support ticket
- Resolved an issue were a domain could be reused in multiple different organizations
- Resolved an issue with the count of permitted policies
- Resolved an issue where starting a trial would send an email to clients but not start the trial
- Resolved an issue with saving Network Control policies
- Resolved an issue with Trial start dates populating in the portal
- Resolved an issue with the Copy Policy function where not all policies would copy
8/23/2023: Released to beta.threatlocker.com
New Features
- Improvements to the Approval Center including clarification of language and simplification of the UI
- Added the ability to notify the requestor of a denied request in the Approval Center
Improvments
- Added the numeric value for a time zone in front of the time zone name
- Changed font throughout the portal to improve readability
- Password will now be cleared when the cancel button is pressed
- Improved the Organizations side-bar to hide category levels if they are empty
- Added an automatic refresh on the Add to Application window
- Added a Deal Registration check prior to opening a trial for new users
Bugs and Fixes
- Resolved an issue where the extension store links were not populating when approving an extension
- Resolved timeout issues related to the Policy Count
- Resolved an issue where "Adding to Application" instead showed "Approved" in the Approval Center
- Resolved an issue where adding an exclusion to a Ringfencing policy for a child organization from the parent organization would cause a 400 error
- Resolved an issue where a File's PID was added to the Add to Applicaiton Custom Rule list incorrectly
- Resolved an issue with the count of permitted policies
- Resolved an issue where the Logon Scripts buttons were not functioning as expected
- Resolved an issue with SSO where users were not able to complete the process using Microsoft credentials
- Resolved an issue where ignored approvals would show incorrect data
- Resolved an issue where users were unable to pull Unified Audit logs when searching by "Created By"
- Resolved an issue where users were unable to move a computer from the "Removed Computers" group into a Mac group
- Resolved an issue with the HelpDesk comments section
- Resolved an issue with Mac applications not deleting policies as intended
- Resolved an issue causing the Organization Panel to not show alphabetically
- Resolved an issue using non- ISO Latin alphabet in the unified audit
- Resolved an issue that was causing an error when users were singing in with OTC and SSO
- Resolved an issue that would not allow the created email on trial sign up to be sent
- Resolved an issue that created duplicate computer groups
- Resolved an issue with the count of permitted policies
- Resolved an issue that was stopping new users from logging in after account creation
- Resolved an issue with the Permitted Computers count on the Applications page
- Resolved an issue with the page layout of Reports
- Resolved an issue where already merged applications were showing when viewing "Include Hidden"
- Resolved an issue with Organization-specific user roles when in the Mobile App
- Resolved an issue with Approval Requests and Elevation and adding RingFencing, where partners were unable to add Elevation after they added RingFencing
08/18/2023: Released to legacybeta.threatlocker.com
New Features
- Added Learning Mode (Hash Only) to the MAC
- Site Mapping has been added to the ConnectWise Integration
Improvments
- When creating groups, we will now check for existing policies prior to creating new policies
Bugs and Fixes
- Resolved an issue with MAC baselining that allowed it to learn a file that was already denied by an existing policy
8/11/2023: Released to beta.threatlocker.com
Bugs and Fixes
- Resolved an issue with Mac applications not deleting policies as intended
- Resolved an issue with Network Control and policy application
- Resolved an issue with AD Sync where policies were not applying as intended
- Resolved an issue with a slow audit loading
- Resolved an issue using non- ISO Latin alphabet in the unified audit
- Resolved an issue with logos provided by UpLead. They are no longer available
- Resolved an issue with the landing page for anyone with an expired trial
- Resolved an issue with the ITAR Compliance setting
- Resolved an issue where if you have an application attached to 2 or more policies, deleting the app would only remove one of the policies
- Resolved an issue with collecting transcripts from LiveChat
8/9/2023: Released to beta.threatlocker.com
Bugs and Fixes
- Resolved an issue with Options in the searching in the View/Edit sidebar
- Resolved an issue with logos provided by UpLead. They are no longer available
- Resolved an issue with the landing page for anyone with an expired trial
- Resolved an issue by improving portal accessibility
- Resolved an issue with Configuration Manager that would not allow a character count over 400 in the text message area
- Resolved an issue that was causing duplicate entries in the Application Request sidebar
- Resolved an issue with the permissions related to sharing policies in ThreatLocker Community
- Resolved an issue caused by a failed login attempt not clearing the mfa field
- Resolved an issue with the Threat Level in ThreatLocker Ops not resetting properly
- Resolved an issue where moving a computer to a new organization would not trigger a rebuild on the applications database
- Resolved an issue where the Unified Audit was showing in UTC and not local time
- Resolved an issue with the count of permitted policies
- Resolved an issue with geolocation data and null values
- Resolved an issue with Network Control that allowed improper data to be added to a variety of fields
- Resolved an issue that was stopping new users from logging in after account creation
- Resolved an issue with the Permitted Computers count on the Applications page
- Resolved an issue that threw a 500 error in the Permit Applications page
- Resolved an issue with the Created By field not populating as expected
- Resolved an issue with ThreatLocker Storage and Tamper Protection settings
- Resolved an issue with RingFencing Read/Write options not populating when opened from the Unified Audit
- Resolved an issue with the ITAR Compliance setting
- Resolved an issue that was causing users to be logged out if a non-assigned organization was clicked
- Resolved an issue with the deletion of User Roles at the Organization level
- Resolved an issue with the Built-In application process
- Resolved an issue with the Health Center RMM counts
Improvements
- Added Community and ThreatLocker Ops to organizations with a demo status
- Added a permission level for individual child (and grandchild) organizations
New Features
- ThreatLocker has partnered with WhatFix, a digital adoption solution, to bring you on-screen support and insight within our new portal
- Added the ability to sort by columns in the Help Desk
8/4/2023: Released to beta.threatlocker.com
Bugs and Fixes
- Resolved an issue with Options in the searching in the View/Edit sidebar
- Resolved an issue with how information in the Unified Audit displays within the bounds of the screen
- Resolved an issue with the escalation of an Approval Request that never loaded properly
- Resolved an issue with foreign characters and how they are processed by the search system
- Resolved an issue with a delay in a new Tag populating in the portal
- Resolved an issue with foreign characters and how they are processed by the search system
- Resolved issues with View on Chrome Store and View on Edge Store buttons in the Permit Application sidebar
- Resolved an issue with allowing Deny All/Permit All policies and Mac
- Resolved an issue related to the login screen and which was based on permissions level
- Resolved an issue with the number of users that populate in the User Roles page
- Resolved slow load times for the Permit Application sidebar
- Resolved an unnecessary error message that populated when removing products
- Resolved an issue that was not transferring the date into the linked fields
- Resolved an issue that hid parent groups from administrators and stopped administrators from selecting parent policies
- Resolved an issue in Storage Control that was preventing auto-population of processes
- Resolved an issue that showed Ringfencing as an option for Mac policies
- Resolved an issue with the page layout of Reports
- Resolved an issue with Community policy voting
- Resolved an issue causing a 500 error in ThreatLocker Ops policy creation
- Resolved an issue with the Exceptions in Ringfencing populating ports after IP addresses
- Resolved an issue with Parent Organizations not being able to collect data in Child Organizations
- Resolved an issue with the HelpDesk comments section
- Resolved an issue with the ThreatLocker version
- Resolved an issue with the Application Control CSV exports
- Resolved an issue with the visibility of Built-In tags
- Resolved an issue in the HelpDesk with who can be added as an administrator to a ticket, based on Organization level
- Resolved an issue causing slowness in the Unified Audit
- Resolved an issue where the portal check-in timer could be set lower than 8 seconds
- Resolved an issue with the search feature on the Organizations page
New Features
- Computer Audit Report and Event Logon Report, based on Configuration Manager policies, are now both available on the Reports Page
7/28/2023: Released to legacybeta.threatlocker.com
Bugs and Fixes
- Resolved an issue with MAC and Network Control deny all policies
- Resolved an issue with the Microsoft Office Built-In policy
Improvements
- Improvements to the allowed variable to the Isolate feature in ThreatLocker Ops
7/28/2023: Released to beta.threatlocker.com
Bugs and Fixes
- Resolved an issue with visibility of application parameters in the sidebar
- Resolved several issues with SMS including not allowing users to validate an OTC without first entering a pin number
- Resolved an issue where selecting Use Parent Settings in Cyber Hero Management would not save
- Resolved an issue where selecting Use Parent Settings in Cyber Hero Management would not save
- Resolved an issue in the Unified Audit where certain deny logs would throw a 500 error
- Resolved an issue where newly created administrators would not be able to log in
- Resolved an issue with the downloaded logs from the Unified Audit
- Resolved an issue with Network Control where updates to Destination Location and Destination Port were not functioning as expected
- Resolved and improved the warning message when updating all computer groups when MAC groups are included
- Resolved an issue with unexpected trial expirations
- Resolved an issue with the way seat counts are displayed
- Resolved an issue in the Storage Policy sidebar to allow for the removal of a policy expiration
- Resolved an issue where all green denies were also showing Monitor Mode incorrectly
- Resolved an issue with the ITAR Compliance setting
- Resolved an issue that was causing users to be logged out if a non-assigned organization was clicked
- Resolved several issues on the Computers page related to filtering
- Resolved an issue with the published invoice date
- Resolved an issue where parent applications would not be visible in child organizations
- Resolved an issue where existing users in chat were showing as Visitor
- Resolved an issue with deleting a parent application when the application is also in a child organization
Improvements
- Release version is now viewable on the login page and in the lower left corner of the screen when logged in
- Organizations and sub organizations are now presented alphabetically
- Improved the language in the popup after adding a file in the Create/Add Application sidebar
- Improved the default zoom amount on the Health Center
- In the Unified Audit, column widths can be customized by dragging the header to the desired width
- From the Unified Audit, you can now click on the hostname and open up the Computer's sidebar
New Features
- Added Ticket Status to the client view of HelpDesk tickets
- Added a pre-chat form to LiveChat to collect user information
- In Network Control, the new policy sidebar now includes a sample of pre-defined built-in ports
- Added the 'Inherited from group' information on the Computers Page
- Added a permission level for individual child (and grandchild) organizations
- Microsoft 365 SSO is now available on the Sign-In Page
7/24/2023: Released to beta.threatlocker.com
Bugs and Fixes
- Resolved an issue with MFA SMS that caused users to get logged out if they use a password instead
- Resolved and improved the warning message when updating all computer groups when MAC groups are included
- Resolved an issue where the tray notifications were not initializing on a new deny policy
- Resolved an issue with Super Admin - Child and permissions with the Organization Navigation Panel
- Resolved an issue with the Reports Page loading all results in UTC and not local time
- Resolved an issue with creating a new ThreatLocker admin account and an OTC/MFA redirect
- Resolved an issue with PKG files and nonmatching group keys in the file name
- Resolved an issue with the Stub Installer and the associated instance
- Resolved an issue that stopped newly created computer groups from adding options
- Resolved an issue that caused a user to be logged out when viewing Built-In Applications
- Resolved an issue with RingFencing Read/Write options not populating when opened from the Unified
- Resolved an issue that was causing users to be logged out if a non-assigned organization was clicked Audit
- Resolved an issue with the pre-populated start and end times in a Unified Audit search
- Resolved an issue where adding a user role would cause the role to be added to all organizations and not the individual organization selected
- Resolved an error that was caused by editing and then reediting email addresses
- Resolved an issue with excessive emails generated from Help Desk LiveChats
- Resolved an issue in the Unified Audit where a trailing space caused a search to fail
- Resolved an issue with a validation issue connected to password resets and administrator levels
Improvements
- Improved the View/Edit Computer Popup, including showing the last check-in date/time
- Improved our Help Desk LiveChat to include a longer chat history. Chat history will now be removed when closing a chat or on closing the browser
- Increased the character limit for Group Process Exclusions
- We've added Policy ID to the ThreatLocker Ops sidebar to simplify the management of policies by the ID number
- Improvements to UI elements for usability and visibility
- Changes to Quotes, including: Business address field, the option to upload a resale certificate, added an expired resale certificate
New Features
- The release version that is installed will be viewable on the portal log-in screen as well as at the bottom of the navigation menu when logged in
- ThreatLocker has partnered with WhatFix, a digital adoption solution, to bring you on-screen support and insight within our new portal
- ThreatLocker Access settings are now found under the Help Desk dropdown in the upper right corner of the screen
- Added a Network Control Challenge Setting
- The Unified Audit now has a Save Search option
- SAML integration option has been added to the Integrations page
- Added the ability to upload a sales tax resale certificate
- We added an option inside the notification email to approve or deny an Approval Request when Cyber Hero Management needs more information
7/20/2023: Released to legacybeta.threatlocker.com
Bugs and Fixes
- Resolved an API issue in which MAC computers failed to download built-in applications
- Resolved an issue with the Azure Integration to ensure all available groups for a tenant are shown
Improvments
- Improved Health Center alerting capabilities
New Features
- Added SHA256 and Monitor PowerShell to the Options tab for customer use
6/28/2023: released to legacybeta.threatlocker.com
Bugs and Fixes
- Resolved an issue with Threat level and Event Occurrence functionality in ThreatLocker Ops
6/23/2023: released to legacybeta.threatlocker.com
Bugs and Fixed
- Resolved an issue with creating a Child Organization via deployment script
- Resolved an issue with MAC policy status visibility on the Policy page
- Resolved an issue with Network Control and null objects or tags
- Resolved an issue with processing double wildcard "**" entries
- Resolved an issue with the ThreatLocker Testing Environment and abandoned sessions
Improvements
- Improved the processing of geolocation data
New Features
- Threat level and Event Occurrence functionality are now included in ThreatLocker Ops
6/14/2023: released to legacybeta.threatlocker.com
Bugs and Fixes
- Resolved an issue with the removal of an administrator
- Resolved an issue where a permitted MAC file was logged in the wrong application
- Resolved an issue with permissions on Read Only accounts
- Resolved an issue where moving Ringfencing exclusions from the individual machine level to the entire organization level would not carry exclusions to the new level
- Resolved an issue with computer-level policies not including policy order when learning
- Resolved an issue where the Computer Count was not showing the correct organization
- Resolved an issue with Datto RMM integration and the RMM Zone on the Integration Settings tab
- Resolved an issue with V6 processing and ringfencing which caused duplicate extensions
- Resolved an issue where the Stub installer would not download from Deployment Center when using the Safari browser
- Resolved an issue where Network Control was unexpectedly blocking a small amount of internet shares
- Resolved an issue where some Network Control policies would not delete
- Resolved an issue with consecutive invoices not transferring all data from the old invoice to the new invoice
Improvements
- Improved the 'Manage Engine Rule' permission to include user roles under the master permissions menu
- Improved the integration with ConnectWise Manage so that grandchild organizations can now be referenced and mapped
- Added custom security policy headers
- Improved Ringfencing options in the Approval Center. Selecting PowerShell now includes PowerShell Version 7 (Built-In) and selecting RegSRV now includes Windows CScript (Built-In) and Windows WScript.exe (Built-In)
- Improved the Learning Mode for MAC to only learn files that hit the default deny policy
- Added a new, secondary Network Control challenge specific to Objects and a designated port for this challenge
- Added the Built-In Application Merge function to MAC applications
- Added Learning Mode (Hash Only) to the Mac Agent
- Added the automatic implementation of core MAC applications
- Improved the way SMS messages are sent. If you are in the US, UK, or Canada, SMS Messages are sent from a short code. Outside of these countries messages will be sent from “TL Auth”. For countries that do not support receiving messages from Alphanumeric, the countries will need to be specified and they will receive messages from the full phone number.
6/13/2023: Released to beta.threatlocker.com
Bugs and Fixes
- Resolved an issue where Deleted Groups would still be viewable in the dropdown on the Application Control page
- Resolved an issue where the Suggested Policies for Configuration Manager
- Resolved an issue with the Escalate to MSP button
- Resolved an issue with the Computers Page where an incorrect Organization would populate in the dropdown
- Resolved an issue which allowed users to spam the Generate button on the Reports page and cause duplicate entries.
- Resolved an issue in Beta2 regarding a Super Admin Parent permissions setting
Improvements
- Updates to the New/Edit Tags sidebar UI
- Added button interactions to the email generated by a Cyber Hero that is unable to process an Approval Request based on rules provided by the Organization
- Updated the Network Control 'New' and 'Edit' UI popups
- Improved the 'View Check-in History' interactions and pagination
- Tags are now available in the new portal
- Added a second permission/validation check by Organization
- Added the ability to customize the email recieved from the Approval Center
- Updates to the Edit Computer page UI
- UI improvement to Login Settings popup
- UI improvements to the Login Settings
- Updates to the Roles page UI
- Updated Network Control UI to match the new portal
- Updates to the Integrations page UI
New Features
- ThreatLocker Protect is now available in the Modules dropdown, and includes Ringfencing, Default Deny, our Platform, and Network Control
6/6/2023 : Released to beta.threatlocker.com
Bugs and Fixes
- Resolved an issue with OTC MFA which forced a reset when editing the user's information
- Resolved an issue with the link generated and sent when creating a helpdesk ticket
- Resolved issues with visibility of historical messages and hidden messages in helpdesk
- Some legacy portal links now begin to redirect to the new portal
- Resolved an issue with the Multiselect feature on the Approvals page, the Unified Audit page, the Application Control page, and the Network Control page
- Resolved several issues with the UI on the Storage Policies page
- Resolved an issue with some storage policy edits not updating
- Resolved an issue with some storage policies not deploying
6/2/2023 : Released to legacybeta.threatlocker.com
Bugs and Fixes
- Resolved an issue with permissions on Read Only accounts
- Resolved an issue where the Computer Count was not showing the correct organization
- Resolved an issue where the Stub installer would not download from Deployment Center when using the Safari browser
- Resolved an issue with computer-level policies not including policy order when learning
- Resolved an issue where Network Control was unexpectedly blocking a small amount of internet shares
- Resolved an issue with V6 processing and ringfencing which caused duplicate extensions
- Resolved an issue with Datto RMM integration and the RMM Zone on the Integration Settings tab
- Resolved an issue with how license counts are populated
- Resolved an issue where moving Ringfencing exclusions from the individual machine level to the entire organization level would not carry exclusions to the new level
- Resolved an issue where a permitted MAC file was logged in the wrong application
- Resolved a known issue with the Monitor PowerShell and SHA256 options in the options tab
- Resolved an issue where moving Ringfencing exclusions from the individual machine level to the entire organization level would not carry exclusions to the new level
Improvements
- Improved the 'Manage Engine Rule' permission to include user roles under the master permissions menu
- Improved the integration with ConnectWise Manage so that grandchild organizations can now be referenced and mapped
- Added and improved our custom security policy headers
- Improved the Learning Mode for MAC to only learn files that hit the default deny policy
- Improved Ringfencing options in the Approval Center. Selecting PowerShell now includes PowerShell Version 7 (Built-In) and selecting RegSRV now includes Windows CScript (Built-In) and Windows WScript.exe (Built-In)
- Added custom security policy headers
5/9/2023
Bugs and Fixes
- Resolved an issue in which some Child level Orgs were seeing Parent level data
- Resolved an issue where endpoints learning at the computer level would hit a policy at the group level and network exclusions would not be learned to the group policy.
- Resolved an issue where users who can assign roles could not see all the available options
- Resolved an issue where the Baseline of a Mac was not being learned correctly when using Automatic Learning
- Resolved an issue in where a policy could crash on Save when there is a large number of Ringfencing rules
Improvements
- Improved the security of cookies, headers, MIME sniffing, and APIs on the portal
- Improved the automatic learning of Python Software Foundation and Adobe Creative Cloud
New Features
- Added Irish VAT Number to ThreatLocker Ireland Invoices
4/14/2023
Bugs and Fixes
- Resolved an issue where creating a Storage Control policy would include the entire folder
- Resolved an issue where the application service wasn’t reopening a closed connection
- Resolved an issue where the System Audit would not log group policy information when adding a suggested policy
- Resolved an issue where MAC applications were not showing on the Unified Audit
- Resolved an issue with the copying of group learning duration from template organizations
- Resolved an issue where adding elevation would not be recorded in the system audit.
- Resolved an issue where Storage Control policies would default to the Entire Org hierarchy level
- Resolved an issue where Global Orgs who accepted Suggested Ringfencing Policies from Child Orgs would not have a policy created
- Resolved an issue with ignoring requests related to the enter key and typing in a new line
- Resolved an issue with the password manager which was putting information in the incorrect field
- Resolved an issue where securing a machine would cancel a scheduled maintenance mode
- Resolved an issue where users were unable to add time to Learning (Hash Only) Mode
- Resolved an issue where users would get an error message when they are logged into the portal and attempt to log in as an administrator
- Resolved an issue where users could access Approval Requests in the portal after their organization had expired.
- Resolved an issue where if a VDI machine timed out, the maintenance mode capture would not discard
- Resolved an issue where Super-Admin-Child approval requests would not change from Pending to Approved
- Resolved an issue where quotes were not populating all modules/products properly
- Resolved an issue where searching by Certificate would exclude Null processes
- Resolved an issue where the Process ID was missing when creating an export of the Unified Audit
- Resolved an issue where reordering a Storage Control policy may cause a browser crash
New Features
- Added the ability for Child Super Admin to bulk ignore approval requests
- Added "Install" Action Type to Mac Agent
Improvements
- Newly created computer groups will learn Computer Level policies, rather than Group Level policies
- Improved processing speed and page performance pf the Organization Invoice page
- Improved the process of generating random install keys
- Improved the integrations of Kaseya BMS, Datto PSA and CW Manage to show Escalated to ThreatLocker in tickets
- Improved proposal name of the default agreement on the Quotes page
- Updated MAC Installer
- Improved the Maintenance Mode popup window for MAC
- Improved the process of creating Child Orgs within the databases
- Users will now be able to view if an Options Tab option has been applied to their account, as well as remove the option
- Improved the download process of ThreatLocker Applications versions
- Memory usage in the View Check-In History page will now show in MB
- If the ThreatLocker Testing Environment times out, then the capture will be discarded
- Improved the ability to choose which day the CW Integration Syncs the Agreements Count
3/24/2023
Bugs and Fixes
- Resolved an issue with Read Only Permissions and Tags
- Resolved an issue between the database and Deploy Policies feature
- Resolved an issue where the Download Installation Script sent users to the wrong instance
New Features
- UI and APIs have been created for Azure integration
- Created a toggle option for the automatically generated emails when a user’s approval request is not addressed.
- Added the option to add branding to computer groups
- Added a feature for Application services to retrieve members for Azure integration
- Added HyperV functionality to the existing HyperCube feature
Improvements
- Improved the automatic flagging system for application updates
- Improved the URL redirect for approval requests
- Added SHA256 and Monitor PowerShell options, among others, on the Computers/Computer Groups/Org Pages. See KB for more information on these options.
- Improved the Copy Policies function
- Improved the EventLog processes
3/21/2023
New Featrues
- New User Role has been created. Now, users are able to be assigned Super Child Admin privledges for Specific Organizations. This will give super admin permissions to the specific organization for the user.
3/9/2023
Improvements
- Portal link to ThreatLocker University updated to reflect new URL How to Create a ThreatLocker University Account | ThreatLocker Help Center (kb.help)
3/8/2023
Bugs and Fixes
- Resolved an issue where users would not have permission to approve at Computer level even though they had permission to approve at the Entire Organization level.
- Resolved an issue with VDI machines and the time to populate Virus Totals inside Risk Center.
- Resolved an issue with the borders of the message box in relation to posting data from Excel.
- Resolved a formatting issue on the applications page, when searching by "Full Path" Mac Applications did not populate.
- Resolved an issue where users could not open the Ticket Configuration tab if they had deleted the Ticket Board within ConnectWise.
New Features
- Improved the language around Storage Control Popup notifications from the tray.
- The new Copy Policies button will now allow for policies to be copied between parent and child orgs, or to specific groups.
- The ThreatLocker Version drop down menu will now align with the computer groups running that version and allow for selecting endpoints for the next release.
Improvements
- Improved the speed at which customer data will be written into the database.
- Elevation logs will now include a Permit Application and Add to Application buttons.
3/1/2023
Bugs and Fixes
- Resolved an issue where the USB Activity in Selected Date Range Report failed to load older data
New Features
- Users can successfully ignore/bulk ignore approval requests and include the reasoning why. This also includes an email notification with the reason to the requester.
- Elevation Status property has been added to the MacPolicy class.
- Users are able to select Elevation options for MAC policies.
Improvements
- The ThreatLocker Updates Facebook feed is now included on the portal sign-in page.
- Improved Datto PSA integration. Tickets generated in the ThreatLocker portal with a requestor email that matches the email of a contact in Datto PSA will grab the corresponding contact and place the user as the main contact on the PSA ticket.
- Improved the Unified Audit filtering options by adding a ‘Simulate Denies’ check box filter to show green denies
2/23/2023
Bugs and Fixes
- Resolved an issue causing the healthTLservice to install incorrectly
- Resolved an issue some customer experienced where they only received Help Desk email notifications confirming ticket creation and resolution
- Resolved an issue causing the Step-by-Step instructions for deploying with ConnectWise Command (formerly Continuum) to show an error message
- Resolved an error in which all unhandled exceptions generated a 500 server error message
- Resolved a performance issue caused by a NAC policy
Improvements
- Improved the view on the Applications page to show the operating system of the application
- Improved the process of confirming the start time of a maintenance schedule on the Computers page
2/16/2023
Bugs and Fixes
- Resolved an issue with duplicate permit policy creation
- Resolved an issue with the logging of certain fields in the Approval Request popup.
- Resolved an issue with the Created By character limit
- Resolved an issue with Datto RMM where companies on the deployment tab were not being integrated
- Resolved an issue in which elevation actions were not updating with the policy last match
- Resolved an issue with uppercase hashes being converted to lowercase
- Resolved a permissions issue between clients and partners
- Resolved an issue with the redirection of several locations in the Portal to Beta2
New Features
- New Help and Support drop-down menu available in the left-hand navigation menu
- Added MAC OS as an option to the CopyApplication function
- Added feature for new organizations to access the VDI environment
- Added options to the Remove Unused Policies features
- Added the option to include IP ranges in a Tag (not CIDR notation)
Improvements
- Improved the redirect location when users log out
- Improved the Service Errors Page to include the ThreatLocker version
- Improved automatic email generation when creating a ticket
- Improved the support of Polish characters in the tray
- Improved the dropdown menu options for modules
- Improved the location of new policies that are listed as “after” to not show up after the Default-Deny policy
- Improved the HelpDesk options for child organizations without Co-Managed Direct Support
- Improvements to UX throughout
- Improved the System Audit Log to include the approval request GUID
- Changed from Twitter feed to the Facebook updates feed
2/9/2023
Bugs and Fixes
- Solved an issue with the ThreatLocker Testing Environment where hitting “Discard” could sometimes recognize as “End and Capture”
- Solved an issue with the ThreatLocker Testing Environment where Maintenance Mode was not working properly due to time sync issues
- Solved an issue where moving a user to a new organization would not update the user’s apps database to the new organization
2/7/2023
Improvements
- Improved the handling of certificates in the registration process
New Features
- Added ThreatLocker Ops to the Product List Dropdown
- Added Configuration Management to the Product List Dropdown
1/23/2023
Bugs and Fixes
- Solved an issue that was preventing a report from populating and providing an export option
- Solved an issue in which the application definitions w ere not downloading to apps.db due to being moved between hierarchy levels
- Solved an issue in which searching for computers after going to the last page would not reset to the first page after completing the search
- Solved an issue where information in the portal would appear skewed on small computer screens
- Solved an issue where the existing approval request process was not suggesting custom rules appropriately and instead lead to a Service Connection error message
- Solved an issue in which the MAC API and WebUI were not copying policies to the correct hierarchy levels
- Solved an issue in which MAC Computer Groups in new organizations were being set to indefinite learning periods by default instead of 21 days.
- Solved an issue in which password managers were automatically putting saved passwords into the Multifactor Authentication Field
- Solved an issue with the "Enable Learning and Rescan Baseline" checkbox
- Solved an issue in which non-US Administrators were able to select ITAR compliance via the Organization Settings
- Solved an issue which allowed double wildcards within the User Interface
- Fixed an issue with App Definitions and Hashes in which custom rules would be associated with a single hash, possibly blocking future updates
- Fixed an issue within the portal that caused a customer to be charged incorrectly
- Solved an issue that led to agreement quantities not updating correctly according to the data
New Features
- Add Nerdio to dropdown under "Select your Deployment Method" in the deployment Center
- The Mac Agent can now download hashes without needing to click Deploy Policies.
- Added PutCore Support for MAC
Improvements
- Removed Pending and Approved escalation options from the Approval center drop down, except in multi-level approval request options
- Improved the process of verifying default computer group creation during the creation of New Organizations
- Improved the WebUI and API process where a new default group and a database are created when creating a New Organization
- Added an error message for users attempting to create a policy named "N/A"
- Added an option to end a scheduled maintenance mode via the API
- Added a "Select All" checkbox in the Unified Audit
- Added Organization Name in requests from approval center and unified audit.
- Added a hyperlink to Knowledge Base website back to the web portal
- Improved the process for policies in which multi-application suggested policies successfully add all applications associated with them.
- Added a new permission level to allow access to Organization level only, and exclude any Child Organization levels
- Improved the background process and speed of creating a computer group
- Added search options by ticket number and ticket subject in the Mobile Help Desk
- Improved customer options on the Options tab on computer, group, and organization popups
- Added functionality where newly created child organization will inherit Options from a Template organization within the parent.
- Added function to add a note to modified times with Action logs in the Unified Audit
- Improved the process in which the platform product will automatically be selected and cannot be disabled
- Added a field in the Payment Details for Purchase Order numbers
- Added function to log when the "Remove Unused Policies" button is used in the System Audit
- Improved the Update Stub options to Support Proxy URLs
- Improved the Debug options by removing from Computer Settings and giving exclusive access to master accounts
1/4/2023
Bugs and Fixes
- Resolved an issue where specifying * (any) Path and [] (empty/null) Process shows as matching in the Permit Application popup
- Resolved an issue where navigation buttons on the Storage Devices page was not correctly progressing to the next page
New Features
- Added proxy configuration for computers, computer group, and organizations
- Added option to hide details of folders elements for computers not running ThreatLocker
- Added ability to set an expiration date on storage approvals directly from approval
- User login data records now contain geolocation data for enhanced security
Improvements
- Improved move computer functionality between organizations – Policies for Built-in Applications and Computer Specific Applications will now be transferred over with the move
- Enhanced ITAR Compliance functionality
- Increased total number of users that can be applied to a storage policy
- Device names may now be modified from the Storage approval window
12/6/2022
Bugs and Fixes
- Fixed matching applications by Created By Process and Certificates
- Resolved an issue where Agreement Quantity and License Count values were mis-matched
- Resolved an issue where the Configuration type was not displaying properly
- Fixed a Permissions issue involving Maintenance Mode Popup
- Fixed a Permissions issue involving Permit Application Popup
- Resolved an issue where the type of approval request was not being properly displayed the header
- Fixed formatting issues in Partner Resources Page.
- Fixed an issue where the matching applications option was displayed despite no matches made
- Revised Application Policy Popup formatting
- Revised error message prompt to be displayed when attempting to save an empty Application Definition
New Features
- Added enhanced security to NAC Policies and NAC Authorization Hosts
Improvements
- Improved user Authorization pertaining to Help Desk ticket permissions (create, view, etc.)
- Added an error message which displays when attempting to merge applications of different OS types
- Improved performance on the Policies, Storage Policies, and Approvals when attempting to load Azure Directory Groups
- Revised and unified language used in “Start Trial” links
- Improved Deploy Policies functionality
- Added support for duplicate naming of parent and child applications
- Improved audit logging policies
11/28/2022
Bugs and Fixes
- Resolved issue involving Password Reset Link Expiration after setting up SSO
- Resolved an issue with Network Access Control where Authorization Hosts did not download when set to global
- Resolved Unified Audit issue caused by time mismatch
- Resolved an issue in which some Admins were logged out when doing approval request from email
- Resolved an issue with policies being created in the wrong order
- Resolved an issue with Keeper Password's Auto Submit is interfering with /popups/admin.aspx
- Resolved an issue with Kaseya Integration - Add Paging to Kaseya API call for Services
- Resolved an issue with ConnectWise Integration in which the Closing Status dropdown menu excluded inactive statuses
- Resolved an issue with Storage Policies where selecting "Save" moved policy to top of hierarchy
- Resolved an issue with Approval Requests not displaying properly when requested reason contained a large number of extended characters
- Resolved an issue with Approval Request in which not all Groups were displayed when actioning a request for grandchildren
- Resolved an issue with Reports where "Blocked Files in the Last 7 Days (Including Child Orgs)" was not displaying for some clients
New Features
- Added Tray Redirect URL to the Application Policy Page
- Storage Request - Copied Tray Notification Setup from Application Policies to Storage Policies
- Elevation Request - Copied Tray Notification Setup from Application Policies to Computer Group Settings
- MAC Application Learning
- Added Mac Applications to the Approval Request Page
- Unified Audit file sizes may now be seen when exporting results
- Storage Request options may now be modified directly from a request
- Storage Request policy names may now be modified directly from an approval
- Added Application Control Polcies to MAC
Improvements
- Allow deletion of Applications/Storage Devices applied to policies
- Live Chat is now shown on the Quotes page
- Changes to Template
- Improvements to Ticketing System Performance 10/28/2022
10/28/2022
Bugs and Fixes
- Resolved an issue where expired trials were not showing pending quotes when redirected
- Resolved an issue some customers experienced when trying to update a ticket that was just created
- Resolved an issue on the edit Administrator page where pressing 'Enter' key would clear the value inside the Password field
- Resolved an issue where the Export of Application Files would include 'DELETED' items
- Resolved an issue with our PartnerProvision API where the data returned was not realtime data
- Resolved an issue where NAC objects were duplicated in the list
- Resolved an issue some customers experienced where duplicate entries were being created per Storage device
- Resolved an issue where the ITGlue mapping was limited to 50 items for some customers
- Resolved an issue some customers experienced where their login would fail to redirect from portal.threatlocker.com for Child Organizations
New Features
- Added the ability to pass an OgranizationId through to our Reports API when getting Report Data
- Added fields for Ticket Number and Comments to Storage Policies - these are pulled from the Approval page when approving Storage Requests
- Added configuration for how ThreatLocker will close tickets using the ConnectWise Manage Integration
- Added the ability to restrict Storage Policies to users from Approval Requests
- Added the ability to add expiration to Storage Policies from Approval Requests
- Added the ability to name the Storage Device from Approval Requests
Improvements
- Added more details to the System Audit logging when changing Ringfencing within a Policy
- Added validation to Regex rules when adding to an Application definition
- Improvements to learning regarding empty files
9/21/2022
Bugs and Fixes
- Resolved an issue in the Unified Audit where searching by the 'Policy Name' field excluded logs without a Policy Match (Network Entries)
- Resolves an issue some customers were having whilst logging in using Geo Location restrictions
- Resolves an issue experienced by some customers using File Ringfencing where the exclusions would not apply
- Resolves an issue where the Deployment Center wasn't showing completed for "Review the Audit" when your computers were fully secured
- Resolves an issue where expired trials were not showing pending quotes when redirected
Improvements
- Improved the learning algorithms for Bluebeam files
- Added the ability to search the Unified Audit by Created By process
- Improved the speed in which Unified Audit logs are updated
New
- Added support for multiple Created By processes on files to be displayed in the portal (requires Agent 7.6 or greater to apply)
- Created User Roles - this allows you to create permission groups that can be applied to users
- Reports API now supports the OrganizationId being passed through to Reports
9/13/2022 - Deployed Live
9/8/2022
- Improved logging to the System Audit page to include maintenance mode used when approving a request
- Improvements to moving policies from the Permitted Applications page
- Added the ability to search by display name on the Organizations page
- Performance improvements to the File History page to reduce load time
- Introduced cloud-based installation using ThreatLocker VDIs with Risk Center (for preapproved Beta testers only) see the associated article here.
- Resolved an issue some customers experienced with application rules failing to refresh when editing an application from the audit
- Resolved an issue some customers experienced when attempting to delete a Super Admin causing an error even when other Super Admins are still present
- Resolved issue some customers experienced with ITGlue integration duplicating company entries
9/1/2022
- Minor Bug Fixes and Improvements
- Resolved an issue some customers experienced with application rules not automatically loading into the application page when viewed from the Unified Audit
- Improvements to learning for LogMeIn Rescue Applet application
- Added the ability to export filtered results from an application definition
- Added the ability to ignore approval requests in bulk
- Added a message when processing approval requests to alert you if an application has an existing policy applied to the requesting computer
- Added support for USB Manufacturers in Storage Control
- Added the ability to define custom User Roles and apply those to Administrators
- Performance improvements to the Permitted Applications page
8/25/2022
- Added individual computers to NAC 'Object' dropdowns in 'Source Location'
- Improvements to ThreatLocker Access settings - child org settings will now be copied from the parent org
- Improvements when approving a request using custom rules to also create a hash rule
- Improved logging in the System Audit to log the child org a group is a member of when the ThreatLocker Version is changed on that computer group
- Resolved an issue some customers experienced when receiving a password reset email it contained a link to the beta portal instead of the production portal
8/23/2022
- Minor bug fixes and improvements
- UI Improvements to the Permitted Applications page
- Improvements in the handling of empty certificates in Approval Requests
8/19/2022
New Features
- Added new Permitted Applications page where users can view all permitted applications in their environment along with the policies associated with those applications
- Added an error message to the Help Desk when a user attempts to create a new ticket without providing a summary
- Added an update button to the Deployment Center when manually updating the endpoint count
- Added additional logging in the System Audit when changing NAC policies and Authorization Hosts
- Added the ability to disable local login to ThreatLocker if SSO is enabled
- Added a banner to show users on trial when their trial is set to expire
- Changed the default learning period from 'Indefinite' to 21 days
Improvements and Bug Fixes
- Resolved an issue some customers experienced when attempting to run the Blocked Files in the Selected Date Range report
- Improvements to Help Desk to have better visibility when attaching pictures or have long text in a ticket
- Improvement to Storage Control to prevent devices from using the same serial number
- Improvements to the Deployment Center to change the Learning computers count logic
- Resolved an issue some customers experienced with Cyber Hero Request Instructions not saving the 'Use Organization Settings' setting
- Resolved an issue some customers experienced with grandchild organizations being unable to view child organization applications
- Resolved an issue some customers experienced with the Permit Application page having a delay on loading
- Added support to the ConnectWise Manage Integration to select the default contact if the requestor email does not match a contact within the integration
- Resolved an issue some customers experienced with the type of request not being added in the subject of request notification emails
8/9/2022
New Features
- Added a Help button to the SSO setup page
- Added a Switch to Beta button to make it easier if you are testing new Beta features
- Added ThreatLocker Tamper Protection logs to the 'Remove White Noise' filter on the Unified Audit
- Added the ability to adjust the column widths on the Organizations page
- Added support to the ConnectWise Manage Integration to select the default contact if the requestor email does not match a contact within the integration
Improvements and Bug Fixes
- Improvements to Approval Request links in emails
- Improvements to System Audit logging
- Improvements to the Signup page for new Trials
- Improvements to Storage Control Policy creation page
- Resolved an issue some customers experienced with Passwordless Login always logging out after 30 minutes, even if the user selected a longer inactivity logout time
- Resolved an issue some customers experienced with Cyber Hero Management settings not saving for child organizations if the parent organization did not have Cyber Hero Management enabled
- Resolved an issue some customers experienced with their Help Desk tickets crashing when attempting to reply
- Resolved an issue some customers experienced where the Update Contact Details page required input multiple times
- Resolved an issue some customers reported with the Requestor reason becoming unreadable when an Approval was escalated to MSP via Cyber Hero Management
- Resolved an issue some customers experienced with the type of request not being added in the subject of request notification emails
- Resolved an issue some customers experienced with the Permit Application page having a delay on loading
7/29/2022
New Feature
- Added the ability to add storage devices to an existing policy through an Approval Request
7/15/2022
New Features
- Added Requestor email address and reason to Storage Requests
- Added feature to notify requestors when their Storage Requests are processed
- Added the ability to sign quotes using a mobile web browser
Bug Fixes
- Resolved an issue some customers experienced with the bottom menu items being omitted when using the screen zoomed in
- Improvements to logging of activity from the mobile app
- Minor improvements and bug fixes
7/13/2022
New Features
- Added Requestor email address and reason to Storage Requests
- Added feature to notify requestors when their Storage Requests are processed
- Added support for storage device serial numbers that include special characters
- Added the ability to sign quotes using a mobile web browser
- O356 SSO support added for login. See KB here
- Added the ability to use a pipe character as a delimiter to add multiple specifications in the same filter textbox in the Unified Audit. See KB here
- Added support for plus sign characters in usernames
- Added hostname to System Audit entries when the ThreatLocker Service is restarted
- Added button to download EU Partner Terms and Conditions to the Terms popup
Bug Fixes
- Minor improvements and bug fixes
- Improvements to logging of activity from the mobile app
- Improvements and bug fixes to the Deployment Center page
- Improvements to data upload for machines that have been offline
- Improvements to HelpDesk
- Resolved an issue some customers experienced with the bottom menu items being omitted when using the screen zoomed in
- Fixed an issue some customers experienced with ConnectWise Integration tickets failing to be closed in ConnectWise when they were closed in ThreatLocker
- Resolved an issue some customers experienced when attempting to load a Storage Control request from the tray and using the 'Login as Admin' button sending the user to a No Access page
- Resolved an issue some customers experienced when completing approval requests the default 'Rules' options would be reset when 'CheckFileHistory' was used
- Resolved an issue some customers experienced when creating a password that hitting the Enter key refreshed the page instead of saving the password
- Resolved an issue some customers experienced in which Passwordless Login wasn't honoring the user's extended logout time
- Security improvements to Super-Admin Child permission
- Fixed an issue some customers experienced with NAC policies not being created via group templates when deployed using an RMM
6/14/2022
- Minor improvements and bug fixes
- Improvements to Reports Page
- Resolved an issue some customers experienced with certificate data occasionally not displaying properly
- Improvements to Resolve Ticket prompt making the feedback optional
- Resolved an issue some customers experienced with links included in emails redirecting them incorrectly
- Resolved an issue some customers experienced in which they received an error when redirecting from the Policies Page Last Match column
- Improvements to Super-Admin Child permissions
- Resolved an issue some customers experienced with files not being added if Installation Mode was ended prematurely
6/6/2022
New Features
- New Deployment Center Dashboard to add visibility to deployment progress
- Added an alert if trying to export more data than a CSV can contain
Improvements
- Performance improvements
- Improvements to processing Approval Requests to include an email to the Requestor when an Approval Request is added to an existing Application Definition
- Improvements to generating reports to add the ability to download large reports directly, saving browser resources
- Improvements to the Help Desk to permit attaching zip files
- Improvements to NAC policies to eliminate Global options until this feature is supported
- Improvements to the RMM and Script Window to link to the Deployment KBs
- Improvements to the Help Desk to provide better visibility of the Status of a ticket
- Improvements to Approval Request Reports to include comments and Requestor reason
- Removed source port from NAC policies to simplify the process
- Improvements to setting up Cyber Hero Management
- Improvements to the Datto Integration company mapping to sort clients alphabetically
Bug Fixes
- Minor bug fixes
- Resolved an issue some customers experienced when opening a ticket through the Help Desk, the text field could be cleared when the page refreshed
- Resolved an issue some customers experienced with super admins being unable to move computers to other organizations when managing a child organization
- Resolved an issue some customers experienced with super admin child when making changes to the parent level policies
- Resolved an issue some customers experienced in which notifications from an Approval Request were not linking to the request
- Resolved an issue some customers experienced in which navigating to a different page while in a LiveChat with a Cyber Hero would open a new ticket
- Resolved an issue one customer experienced with their Datto Integration resetting
- Resolved an issue with the Help Desk in which some customers occasionally couldn't save the ticket
- Resolved an issue in which the Confirm Ticket Resolution popup wasn't working correctly in Firefox browser
- Resolved an issue some customers experienced with the DUO integration settings showing incorrectly for some users
- Resolved an issue some customers experienced with Pending and Ignored Approval Requests failing to populate the Requestor's email address
5/19/2022
New Features
- Added a Health Dashboard page
- Added 'Add to Online Application', and 'Add to Offline Application' buttons in the Unified Audit - these buttons will be supported in a future build
Fixes and Improvements
- Resolved an issue in which the cursor wasn't automatically returning to the input box when logging in using OTC
- Resolved an issue some customers experienced with the Edit Application button showing an error
- Resolved an issue some customers experienced with the System Audit Page searching by UTC instead of the configured time zone of the organization
- Made improvements to how Certificates are displayed in the Unified Audit
- Changed the ConnectWise Integration label to Active
- Fixed an issue some customers experienced in which the entire name of the organization they are managed was not visible in the upper right-hand corner of the portal
5/9/2022
- Improvements to OTC to include a 'Reset OTC for Next Login' button and new QR Code generation when switching from OTC to SMS to OTC again
- Improvements to enforce MFA functionality
- Added the ability to open a ticket in the Help Desk for a child organization as an admin of the parent organization
- Improvements to Learning Mode to now learn SHA256 Hashes
- Resolved an issue certain customers experienced being prompted to confirm contact details on every login when using DUO
- Enhancements and bug fixes to IT Glue Integration
5/3/2022
- Performance improvements to the Unified Audit page
- Improvements to permissions around making Network Ringfencing changes
- Fixed an issue some customers experienced with ConnectWise Agreements failing to update
- Add the ability to filter by Computer Groups on the Computers Page
- Fixed an issue some customers experienced that when using the Policies Export button, deleted Policies were also exported
- Resolved an issue some customers experienced that not all usernames for an organization were being populated in the Username dropdown on the System Audit Page
- Resolved an issue some customers experienced in which Policies created at the grandchild org level were applied to the grandparent org and not the parent org as expected
- Improvements to the 'Show Computers for Child Orgs' checkbox on the Computers Page to have a default status of selected
- Fixed an issue some customers experiences with the Help Desk Page not showing Resolved tickets as expected when the 'Resolved Tickets' checkbox was selected
- Resolved an issue one customer experienced with Policies being incorrectly created in multiples for files that meet a specific criteria
- Improvements to the Help Desk Page to include the ability for parent organizations to open tickets for child organizations
- Resolved an issue some customers experienced with enabling Learning Mode from the quick dropdown on the Computers Page not being logged correctly in the System Audit
- Resolved an issue some customers experienced that when editing their own administrator settings, they received an error
- Resolved an issue in which some customers failed to receive the Update Contact Details page if admins changed enforced MFA settings
- Added the ability to sort in ascending and descending order the Action Type, Hostname, Policy Action, Username and Date/Time in the Unified Audit
- Moved the 'Continue' button on the Setup MFA page for a better user experience
- Added the option to Elevate silently in the Policy window (Elevate Silently will be supported in ThreatLocker Version 7.2 or greater)
4/20/2022
- Improvements to GeoFencing login restriction
- Resolved an issue some customers experienced with rebranding the ThreatLocker Logo
- Improvements to the ThreatLocker Request and Tray Notification customization feature
- Improvements to the Help Desk Search fields
- Fixed an issue some customers experienced with the User list on the Login Settings Page
- Improvements to the user interface of the System Audit page
- Added a popup reminder on login for customers that have support tickets to respond to
4/14/2022
- Fixed an issue some customers experienced with ConnectWise Agreements not updating as expected
- Fixed an issue some customers experienced with the ConnectWise Integration page
- Made improvements to the System Audit page to permit searching by GUID of the ObjectID
- Fixed an issue some customers experienced with the Application Definition failing to properly export certificate information
- Fixed an issue some customers experienced with deleting administrator accounts
- Improvements to Help Desk textboxes
- Improvements to Learning Mode
- Fixed an issue some customers experienced with the ConnectWise Integration Agreements not updating as expected
4/7/2022
- Improvements to the Edit Computer Groups Page
- Improvements to the UI functionality when utilizing the 'Move Computer' button on the Computers Page
- Resolved an issue some customers experienced when attempting to use the 'Export' button on the Policies Page
- Resolved an issue in which some customers were able to edit the ThreatLocker Access settings without super-admin permissions
- Improvements to the ordering of Network Access Control Policies
- Corrected an issue in which an entry in the Unified Audit would not link to the Network Access Control Policy that applied
- Corrected an issue some customers experienced in which Network Access Control continued logging network traffic once it was disabled
- Improved functionality of the 'Return to Parent' button
- Improvements to the Update Contact Details page
- Added the option to search by Subject on the Help Desk Page
- Improved functionality of the Resolved/Not Resolved Ticket window popup
- Improved the functionality of policies created by using template groups
- UI improvements to the Help Desk Page
- Improvements to the functionality of the Login Settings Page
- Improvements to the policy creation page pertaining to policies created without applications
- Improvements to the IT Glue Integration pertaining to mapping and asset creation
- Resolved an issue some customers experienced when adding Tags to a Policy
4/6/2022
- Resolved an issue some customers experienced in which the 'Resolve Ticket' button on the Help Desk page wasn't marking tickets as resolved
- Resolved an issue some customers experienced in which disabling products from the Organizations Page was incorrectly causing the 'Configure Cyber Hero Management' button to populate
- Resolved an issue in which some customers were unable to view and make changes to the ThreatLocker Tray Notification Appearance in the Default Policy
- Resolved an issue some customers experienced with the IT Glue Integration not correctly saving certain settings
- Resolved an issue some customers experienced with the Datto Integration in which the Auto-Push feature was failing to push large batch jobs
- Performance improvements on the Computers Page