3.3.2: 9/17/2025
Improvements
- The Unified Audit now has a consistent guideline discouraging exports larger than 100k logs, with clear warnings and timeout messages
Bug Fixes
- Temporarily reverted the new Access Device feature while we fix an issue preventing mobile registration via SMS/email invites
3.3.1: 9/17/2025
Improvements
- Added a new advanced setting for organizations to set a custom minimum password length (minimum 8 characters)
- Added account lockdown protection: after 100 failed login attempts the user is locked, and an admin password reset will unlock access.
- Added an info tooltip clarifying phone format: numbers must include the country code (e.g., +1 XXX XXX XX XX).
3.3.0: 9/16/2025
Improvements
-
ConnectWise Manage integration has been transitioned from legacy Portal with the following updates:
-
Custom Messaging: Add your own messaging to ticket summaries, while retaining Powered by ThreatLocker.
-
Request Type in Summary: Ticket summaries now include the request type (Execute, Elevate, or Storage) for quick context.
-
Escalated Requests Highlighted: Escalated requests now appear in bold with notes for faster visibility and response.
-
Requestor Details: Tickets now display the original requestor's contact and email for clearer tracking.
-
- The Kaseya integration has been migrated to the main ThreatLocker portal, with updated pages for setup and management
- Added support for two-level grouping in Report Builder, allowing you to set two separate"Group By" parameters for more granular summaries
- Added an API History tab to ConnectWise PSA Manage integrations, giving users visibility into their integration activity when the feature is enabled
- Added permission to enable viewing of error logs from a customer account
- Added a "Filter By" dropdown next to the search bar on the missing updates page with options for All, Patch Supported, and Not Patch Supported
- Added "Last 24 Hours" as an option in the Timeframe dropdown for custom reports
- Added DAC reporting to the Report Schedule window with customizable scheduling options, and improved unsubscribe messaging so users clearly see when they are already unsubscribed
- Updated application page visuals: replaced the "Built-in" label and old Maintained icon with new ThreatLocker icons that clearly show whether an application definition is maintained or not, with hover-over descriptions for clarity
- Added support for mapping Computer Groups in the ServiceNow integration, allowing group details to be included in tickets alongside computer information
- Added a show all policies check box when looking at a specific machine in storage control
- Updated Network Control policies so the "Applies To" field correctly reflects that it can target both individual computers and computer groups
- Updated the Configuration Manager policy sidebar banner to read "Requires ThreatLocker Agent Version 9.0 and above" for clarity
- Removed the beta tag from Cloud Control and added an information message in the sidebar
- Enhanced display of impacted computers and analyzed totals on the DAC main page for better reporting
- Policy expiration settings can now be applied when approving requests with Suggested Ringfencing, allowing temporary policies to follow organizational guidelines
- Added a date created field to application sorting functionality
- Added scrolling support to long DAC result views
- Updated the options dropdown to display all customer-usable settings while restricting advanced debug and internal-only options
- Added a success notification when moving applications from a child organization to the parent organization
- Added a warning in the Ringfencing settings to inform users that the Autopopulate feature may be limited on ThreatLocker Agent versions earlier than 10.5.1
- Implemented data insertion improvements to the Lookup Options table
- Simplified the API Users page by removing the unused "Rows Used" button
- Enhanced Unified Audit filtering by adding support for "less than" and "greater than" options on Destination Port
- Aligned switch spacing in Application Control policies to ensure a consistent and cleaner layout
- Improved policy management by ensuring the "Delete Policy" button accurately reflects selected items after promoting a policy
- Improved filter functionality to maintain page size settings after search action
- Standardized the password reset billing verification button to always display "Submit" for a consistent user experience
- Aligned elements in the Password Reset Verification window for better visual consistency
- Improved clarity in the Deploy Policies menu by removing links to deleted web control policies
- Improved consistency in approval requests by ensuring Firefox extensions follow the same approval restrictions as Chrome and Edge
- Made the Denied Count on the Organizations page clickable, linking to Unified Audit with pre-populated deny filters (1, 3, or 7 days) for faster investigation
- Extended Maintenance Mode agent settings to macOS, ensuring ticket numbers and notes are required when enabled, consistent with Windows behavior
- Improved DAC report exports by displaying compliance values directly on graphs, and correcting inconsistencies in Criticality Trends totals for low-risk items
- Removed legacy custom branding options from tray settings; messages set under "Request Window Appearance" will no longer display, as this section has been retired
- Improved Store policy management with a new "Published" toggle and an "Applies To" column on the main grid, plus clearer validation that files larger than 2GB cannot be uploaded
- Improved performance and security of application policy lookups and added full support for Mac
- Updated the Policy Reorder confirmation window to improve clarity and user experience.
- Improved agent settings management: the "applies to" field is now locked for consistency, while Syslog OS type machine settings can still be deleted when needed
- The Health Center now displays both Path Only and Process Only custom rules, giving clearer visibility into single-parameter application policies
Bug Fixes
- Fixed inconsistent chart rendering issues in custom MDR reports
- Fixed an issue where the DAC Report option was incorrectly disabled when Cyber Hero MDR is disabled
- Fixed an issue where the "Select All" checkbox in the Existing Policies tab did not update correctly when policies were manually deselected
- Fixed spacing issues in the SMS verification section of the Password Reset window
- Fixed an issue where newly created child organizations did not automatically inherit the DAC feature from the parent, ensuring consistent feature inheritance
- Fixed an issue where Mac policies were not appearing in the Copy Existing Policies window, ensuring policies can now be copied between parent and child organizations as expected
- Fixed an issue where the Maintenance Mode dropdown was cut off when near the bottom of the Devices list, ensuring the full dropdown menu is always visible
- Fixed an issue where approval requests could incorrectly show as approved by a Cyber Hero instead of the client
- Fixed Advanced Search chips in Unified Audit for Office 365/Cloud Detect action types to display proper capitalization and spacing, matching other action types
- Fixed an issue where the "Resolve All" action on Missing Updates failed when a patch already had an existing transaction, ensuring statuses are now updated correctly
- Fixed the Criticality Trends chart to stop backfilling prior "Fail" results when a current-day "Pass" exists, ensuring the chart reflects the latest status accurately
- Fixed an issue where tags created in a child organization were not retained in grandchild Network Control policies; selected tags now save and display correctly
- Fixed an issue where CSV exports from Unified Audit did not include Network Traffic counts; exports now display counts correctly
- Fixed a caching issue where store categories displayed incorrectly until the page was refreshed; categories now load correctly on first open
- Fixed an issue where creating a policy on an application that was being merged caused a hidden duplicate until updated; policies now correctly associate with the merged application or show an error
- Fixed an issue where removing the Cyber Hero Management product showed an incorrect error if no child organization was using it
- Fixed an issue where Mac tray notifications for approval requests displayed extra characters instead of clean line breaks
- Fixed an issue where buttons and columns on custom report popups could become misaligned when resizing the screen
- Fixed an issue where users with view permissions could not open built-in applications from the Policies page
- Fixed an issue where tags appeared blank when policies with parent tags were copied into grandchild organizations; tags now display the full path
- Fixed an issue where clients could not see the currently applied ThreatLocker version on computers if the build was not enabled for them, even though it was already applied
- Fixed an issue where upcoming patches were showing for computers that had already been removed
- Fixed an issue where disabled storage control policies appeared as "null" on devices instead of showing the correct policy name
- Fixed an issue where approving Mac storage requests without a serial number failed
- Fixed an issue where some modules were incorrectly shown as "Included" on the Organization page
- Fixed an issue in Unified Audit where filtering by username with "equals" or "starts with" returned no results
- Changed proxy Agent setting to allow a null value in the hostname/IP address field
- Resolved an issue where the OS icon would not show on the devices page's dropdown
- Scheduled policies now validate time entries
- Fixed an issue where enabling the ThreatLocker Administrator Password System (TLAPS) incorrectly applied to Windows Domain Controllers; this policy will now correctly exclude Domain Controllers as intended
- Resolved an issue with the Unified Audit where the count no longer shows a "+" symbol when the results are greater than the page size
3.2.4: 9/12/2025
Improvements
-
Added backend and UI enhancements to support upcoming improvements
3.2.3: 9/9/2025
Bugs Fixes
-
Fixed an issue on the Devices page where the Machines per page dropdown was missing the 500 option
3.2.2: 9/5/2025
New Features
- Added a new full Executive Summary Report for Detect
Bugs Fixes
- Resolved an issue in which the incorrect confirmation message was being displayed when moving an application
- Resolved an issue in which the Effective Action was not properly displaying in the Incident log in the Incident Notebook
- Resolved an issue in which multiple Cloud Detect alerts were unable to be cleared using the multiselect function; only the first alert was being cleared
- Resolved an issue in which the Edit Endpoint Detect Policies permission was not allowing users to create Endpoint Detect policies
- Resolved an issue in which selecting the Include Child Organizations checkbox in the Incident Notebook was causing errors
- Resolved an issue in which the request body was not being cleared when changing a Call RestAPI or Call Webhook action from a POST to a GET or DELETE
- Fixed alignment issues in the MDR Runbook sidebar
3.2.1: 9/4/2025
New features
- Added new tab on all integration sidebars to show API logs.
Bug Fixes
- Resolved an issue in which Configuration Manager policies were unable to be downloaded from the Community without error
- Resolved an issue in which Agent Settings were not correctly using nested data fields
- Resolved an issue in which the Instance dropdown on the login page was being displayed incorrectly
- Resolved an issue in which the delete button on the Existing Policies tab was being displayed with the incorrect label
- Updated the API User validation
- Resolved an issue in which the hoverover text on the auto-populate button was displaying incorrectly
- Resolved an issue where incorrectly formatted Linux baseline logs were not being displayed properly in the Unified Audit
3.2.0 8/29/2025
Improvements
- Made improvements to how Criticality levels are displayed for Compliance Frameworks without a manually assigned Criticality
- Added Policy ID along with the Application ID to System Audit log details
- Added Unified Audit search operators to the System Audit log
- Added an EULA to be displayed when first selecting the DNS server in Web Control
- Made improvements to the formatting of the 'Install Computers' dialog for better consistency and alignment
- Made improvements to the way Web Control policies are ordered when generated by Web Control request approvals
- Improved the DAC Compliance Details dialogue interface
- Added additional filtering on the DAC dashboard to filter by criticality
- Added the ability to view the Policy ID for a Patch Management policy being edited within the 'Edit Patch Policy' sidebar
- Updated the 'Select a version' dropdown within the 'Update ThreatLocker Version' dialog to display the correct logo for the Syslog version option
- Made improvements to the 'Add' and 'Remove' button styles on the 'Listener Configurations' agent setting sidebar
- Updated the pagination system on the 'File History' tab within Unified Audit entry sidebars for consistency across the portal
- Made improvements to now show the complete organization's familial relationships in the Organizations page
- Added scroll bars to the DAC, Health Center, and Community pages for improved navigation and visibility
- Optimized the 'Applies To' validations in the Response Center
- Added error notifications to clearly indicate when requests to export a large number of logs from the Unified Audit have timed out
- Added the hostname to the details field within the System Audit
- Added a link to view the latest DAC results for a specific device from the Devices page
- Improved the initial Learning Mode start date under 'Maintenance History' for a device to more accurately display the date of the initial Learning mode
- Made improvements to the 'Agent Restart Required' warning chip on the Computers tab of the Devices page to avoid false flags began
- Added an 'Applies To' column to the "Show All" filter in Patch Management
- Added a new Previous Version column to the Patch History tab of the Computer sidebar
- Improved the way Custom Rules are grouped and displayed in the Approval Center
- Added CSP to portal security headers
- Improved 'Submit Offline Ticket' creation to not require hitting enter after pasting contents from the clipboard
- Added a prompt identifying unpatched computers affected by a new Patch policy, with an option to patch them immediately
- Added a list of Application Policies and their locations that would apply to that computer in the Application Approvals sidebar
- Changed the Escalated Approval Status to reflect all possible escalations better
- Added the ability to create new policies and edit existing policies from the Actions section of the Detect policy page
- Added two new Detect Exclusion Conditions of "Full Path With CmdLine" and "Process Path With CmdLine"
- Made Improvements to the UI when creating or editing Detect policies with a lot of Policy Conditions
- Added column sorting to the Cloud Detect Policies page
- Added column sorting to the Endpoint Detect Policies page
- Improved the Initiate Defender Scan Detect Policy Action feature to avoid multiple
- Made improvements to policy layout and display for Detect Recommendation Details scans from being initiated
- Added multiselect functionality to Community Policies
- Changed the Elevate chip color to blue in the Approval Center to easily differentiate
- Improved the 'Create Report' permission by allowing users to save new reports and create scheduled reports. This new permission is called 'Create Custom Schedule Reports'
Bug Fixes
- Resolved an issue where the 'Prioritize Built-In Applications' Agent Settings checkbox was always checked
- Resolved an issue in which adding an Object as a selected source on a Network Control policy would cause the 'All Ports' destination option to remain disabled after switching back to 'All' sources
- Resolved an issue in which assigned managers for organization admins would not show properly on the Users page
- Removed the ability to edit the 'Applies To' of an agent setting after the setting is created and saved
- Resolved an issue in which the 'Selected Users & Groups' input field on an Application Control policy would not clear properly after successfully adding a user or group
- Resolved an issue in which selecting 'Add Policy to Top' on a Web Control policy would not follow the correct hierarchy when assigning the policy order
- Resolved an issue in which the checkbox for the 'Prioritize Built-In Applications' agent setting would always display as enabled
- Resolved an issue in which the Run in Testing Environment was not being displayed from the Unified Audit
- Resolved an issue in which the 'Pending Restart' tag would be displayed incorrectly on the Devices page when sorting by certain columns
- Resolved an issue in which Agent Settings would be incorrectly displayed for deleted computers
- Resolved an issue in which a 500 error would occur when using the 'Copy Link' option to download the SysLog Ingester Installer from the 'Install Computer' dialog
- Resolved an issue in which copying policies was incorrectly resulting in an Invalid ID error
- Resolved an issue in which Linux policies set for specific users and groups were incorrectly clearing the users on save
- Resolved an issue in which a scheduled Application Control policy was incorrectly permitting Elevation to be set to expire
- Resolved an issue where the Requestor details were not being saved to the Application Policy in the Approval Center
- Resolved an issue in which Tags could be saved with the same name
- Resolved an issue with running a file in the Testing Environment that contained an ampersand in the filename
- Removed help text in the Login Settings that noted IP addresses could be added in CIDR notation, as that is not a valid configuration entry
- Resolved an issue where a 500 error was given when trying to access the Detect Executive Summary Report
- Resolved an issue where specific Cloud Detect Threats would produce inconsistent errors
- Resolved an issue with being unable to copy inactive Detect policies
- Resolved an issue where the 'Applies To' in a Detect Policy was not searchable by Hostname
- Resolved an issue with a 500 error when trying to Clear All Detect Alerts
- Resolved an issue where long Policy names were cut off in Detect Policy Conditions
3.1.3 8/28/2025
Bug Fixes
- Resolved an issue with Unified Audit filter chips not clearing when the filter itself was cleared
- Resolved an issue with the Unified Audit filter chips not loading automatically when using Advanced Search
- Resolved an issue with the Unified Audit filters not clearing when filter chips are closed (x)
3.1.1: 8/20/2025
Improvements
- Updated DAC Criticality Trend Chart logic to better account for Tests that have been run multiple times per day
- Alerts are no longer displayed for objects (M365 accounts or Devices) that are in Remediation
Bug Fixes
- Resolved an issue where a specific Unified Audit Simulated Deny could not be opened
3.1.0: 8/19/2025
New Features & Improvements
- Added ability to build and schedule custom reports using the Report Builder
- Added a button to the Unified Audit which opens the Schedule Report dialog
- Added a new permission which provides access to create new scheduled reports from the Schedule Report window
- Added the ability to filter Application Control policies by a new "Policies Without Ringfencing" filter option
- Improved the user creation process by allowing individual permissions to be assigned at time of creation
- Improved UI alignment on the Maintenace tab in the Computer sidebar
- Changed the Storage Control Policies default view to include Inactive and Expired policies
- Improved the Upload File button functionality in an Approval Request to behave more consistently with the expected use case
- Improved the automatically generated Unified Audit recent search names for readability and conciseness
- Improved alignment of components in the DAC dashboard
- Improved alignment throughout the Community Policy sidebar
- Improved Unified Audit filter chip alignment
- Improved alignment of IP Addresses table in the Computer sidebar
- Updated pagination wording to better reflect page content on the Policies tab of the Elevation Control Module
- Updated Version title text on the Computer sidebar to better reflect the information being displayed
- Updated text on Agent Restart success toast
- Added Application Control Policy Creation from Approval Requests to the System Audit, including Applies To and Ringfencing
- Made improvements to the Missing Updates tab regarding minimum Agent version
- Improved the logical grouping of information being presented in the Maintenance History section of the Maintenance tab on the Computer sidebar
- Made an improvement to how Web Control Dashboard chart labels are displayed
- Improved display of the shadow text when setting proxy or relay settings to include http or https
- Added 'Applies To' for Patch Management, Configuration Manager, and Web Control policies to their respective System Audit entries
- Now displaying what policy was responsible for the deny in the Approval Center
- Removed the ability to set Exclusions in the Organization sidebar as they are no longer supported
- Removed the All Ports Destination option when using Objects as a source in a Network Control policy
- Implemented Categories for Custom Applications in the Application Store
- Updated the Copy Existing Policies feature help and error messaging in Application Control for clarity when duplicate policies exist in the destination
- Added a file counter to the Additional Files tab when the file count was less than required for pagination
- Made improvements to the settings layout and verbiage in the 'Computer Group Settings' section of the 'Edit Computer Group' sidebar
- Updated the IT Glue integration to move it off of legacy portal
- Updated the verbiage for ThreatLocker App email and SMS notifications to remove the word "Access"
Bug Fixes
- Resolved an issue where an admin received a 401 error trying to schedule an Elevation Maintenance Mode while the Computer was in Application Control Learning Mode
- Resolved an issue where admin able to click 'Add Note' button without entering all required fields first resulting in an error message
- Resolved an issue where the Unified Audit filter chips were not clearing when the current filters were cleared
- Resolved an issue where unable to save an Application Control policy successfully when the only change was toggling 'Attach file with request' on or off
- Resolved an issue within certain modules where the Home and End keys were not functioning
- Resolved an issue where the Application name was not being displayed when adding an application to an Existing Policy
- Resolved an issue where pagination wasn't updating when switching between organizations in the Unified Audit
- Resolved an issue where a false 400 error is continuously encountered when setting a new Maintenance Mode after getting a legitimate 417 error from an invalid date being entered
- Resolved an issue where you were able to promote a policy in Application Control to the 'Removed Computers' Computer Group
- Resolved an issue where trying to merge Applications spread across multiple pages would deselect the first selected when navigating to the next page
- Resolved an issue where the reveal password button would disappear if you clicked off the field and not come back after clicking back into the field
- Resolved an issue where HaloPSA integration was not pulling down Client name changes
- Resolved an issue where specific PowerShell process paths were being filtered out of the Unified Audit when 'Remove White Noise' was applied
- Resolved an issue with Cyrillic Usernames appearing as ?????? in the Response Center
- Resolved an issue where the Organization dropdown when setting Roles or Permissions was not showing the full available list
- Resolved an issue where Unified Audit Export to CSV was limited to 10,000 rows without checking the Show Count checkbox
- Resolved an issue where unable to make changes to Application Policies attached to hidden Mac Applications
- Resolved an issue with being able to add Entra groups to a Web Control policy from the Response Center
- Resolved an issue with getting a 500 error when trying to sync Datto Service Bundles with long names
- Resolved an issue with the tab counters not displaying properly in the Response Center without clicking the in-page refresh button
- Resolved an issue that allowed users to rename a Computer Group containing devices into a Global Group unexpectedly
- Resolved an issue in which selecting 'Forgot Password' was causing errors
- Resolved an issue in which Portal Banners would incorrectly include line breaks
3.0.6: 8/18/2025
Improvements
- Additional updates and improvements to the Portal and API in support of future functionality
3.0.5: 8/15/2025
Improvements
- General updates to the Portal and API in support of future functionality
3.0.4: 8/14/2025
Improvements
- Improved cache performance for Portal API
3.0.3: 8/12/2025
Improvements
- Disabled the 'Application' Condition in a Detect policy when paired with a Read or Write Action Type Condition as it would never produce an Alert
- Improved how Policy Conditions are displayed in the Detect sidebar when creating a policy
- Made improvements to how the Detect Alert Center displays on lower resolutions
- Removed the unnecessary Body field for Detect Call Rest API/Call Webhook Actions using the DELETE Method
- Added 'View Administrator Account Password' permission to allow for an admin with the permission to view the password from the portal
Bug Fixes
- Fixed an issue with the Super Admin Child permission, where it was able to move an application to the parent organization
- Fixed an issue with password reset for SAML on beta.threatlocker.com
- Fixed an issue with Cyber Hero privileges for DAC reporting tab
- Resolved an issue with a field validation error being displayed unexpectedly when creating a Detect policy utilizing the 'Create Connectwise Ticket' Action
- Resolved an issue with a Call Rest API/Call Webhook Detect Policy Action failing when configured as an IP versus FQDN
- Resolved an issue with not being able to disable or delete Cloud Detect policies on a Child Organization from the Parent
- Resolved an issue with a field validation error being displayed unexpectedly when creating a Detect policy utilizing the 'Send Email' Action
3.0.2: 8/8/2025
Bug Fixes
- Resolved an issue where selecting an application from the 'Add to Application' search results with multiple matches would incorrectly choose the closest match instead of the selected one
3.0.1: 8/8/2025
Improvements
- Improved wording of and streamlined available options for Network Control policies by Process
- Improved DAC layout of compliance chips
Bug Fixes
- Resolved an issue where the 'Patch Now' button appeared for applications with patches still undergoing testing
3.0.0: 8/6/2025
New Features & Improvements
- We are excited to open up the new Defense Against Configuration (DAC) feature to Beta. Please reach out to your Account Manager or Sales Representative for additional details
Navigating the Defense Against Configuration Dashboard | ThreatLocker Help Center - Added new Syslog Ingester feature
How to Install the Syslog Ingester | ThreatLocker Help Center - Improved Portal API memory usage and performance
- Changed the default for the 'Notify Requestor' checkbox on Approval responses to checked
Bug Fixes
- Resolved an issue where approving an application with permanent Elevation was creating an expired policy in specific circumstances
To view beta portal release notes for version 2.25.2 and lower, please visit: Beta Portal Release Notes - Version 2.25.2 and lower | ThreatLocker Help Center