Beta Portal Release Notes | ThreatLocker Help Center

3.3.2: 9/17/2025

Improvements

The Unified Audit now has a consistent guideline discouraging exports larger than 100k logs, with clear warnings and timeout messages

Bug Fixes

Temporarily reverted the new Access Device feature while we fix an issue preventing mobile registration via SMS/email invites

3.3.1: 9/17/2025

Improvements

Added a new advanced setting for organizations to set a custom minimum password length (minimum 8 characters)
Added account lockdown protection: after 100 failed login attempts the user is locked, and an admin password reset will unlock access.
Added an info tooltip clarifying phone format: numbers must include the country code (e.g., +1 XXX XXX XX XX).

3.3.0: 9/16/2025

Improvements

ConnectWise Manage integration has been transitioned from legacy Portal with the following updates:
- Custom Messaging: Add your own messaging to ticket summaries, while retaining Powered by ThreatLocker.
- Request Type in Summary: Ticket summaries now include the request type (Execute, Elevate, or Storage) for quick context.
- Escalated Requests Highlighted: Escalated requests now appear in bold with notes for faster visibility and response.
- Requestor Details: Tickets now display the original requestor's contact and email for clearer tracking.
The Kaseya integration has been migrated to the main ThreatLocker portal, with updated pages for setup and management
Added support for two-level grouping in Report Builder, allowing you to set two separate"Group By" parameters for more granular summaries
Added an API History tab to ConnectWise PSA Manage integrations, giving users visibility into their integration activity when the feature is enabled
Added permission to enable viewing of error logs from a customer account
Added a "Filter By" dropdown next to the search bar on the missing updates page with options for All, Patch Supported, and Not Patch Supported
Added "Last 24 Hours" as an option in the Timeframe dropdown for custom reports
Added DAC reporting to the Report Schedule window with customizable scheduling options, and improved unsubscribe messaging so users clearly see when they are already unsubscribed
Updated application page visuals: replaced the "Built-in" label and old Maintained icon with new ThreatLocker icons that clearly show whether an application definition is maintained or not, with hover-over descriptions for clarity
Added support for mapping Computer Groups in the ServiceNow integration, allowing group details to be included in tickets alongside computer information
Added a show all policies check box when looking at a specific machine in storage control
Updated Network Control policies so the "Applies To" field correctly reflects that it can target both individual computers and computer groups
Updated the Configuration Manager policy sidebar banner to read "Requires ThreatLocker Agent Version 9.0 and above" for clarity
Removed the beta tag from Cloud Control and added an information message in the sidebar
Enhanced display of impacted computers and analyzed totals on the DAC main page for better reporting
Policy expiration settings can now be applied when approving requests with Suggested Ringfencing, allowing temporary policies to follow organizational guidelines
Added a date created field to application sorting functionality
Added scrolling support to long DAC result views
Updated the options dropdown to display all customer-usable settings while restricting advanced debug and internal-only options
Added a success notification when moving applications from a child organization to the parent organization
Added a warning in the Ringfencing settings to inform users that the Autopopulate feature may be limited on ThreatLocker Agent versions earlier than 10.5.1
Implemented data insertion improvements to the Lookup Options table
Simplified the API Users page by removing the unused "Rows Used" button
Enhanced Unified Audit filtering by adding support for "less than" and "greater than" options on Destination Port
Aligned switch spacing in Application Control policies to ensure a consistent and cleaner layout
Improved policy management by ensuring the "Delete Policy" button accurately reflects selected items after promoting a policy
Improved filter functionality to maintain page size settings after search action
Standardized the password reset billing verification button to always display "Submit" for a consistent user experience
Aligned elements in the Password Reset Verification window for better visual consistency
Improved clarity in the Deploy Policies menu by removing links to deleted web control policies
Improved consistency in approval requests by ensuring Firefox extensions follow the same approval restrictions as Chrome and Edge
Made the Denied Count on the Organizations page clickable, linking to Unified Audit with pre-populated deny filters (1, 3, or 7 days) for faster investigation
Extended Maintenance Mode agent settings to macOS, ensuring ticket numbers and notes are required when enabled, consistent with Windows behavior
Improved DAC report exports by displaying compliance values directly on graphs, and correcting inconsistencies in Criticality Trends totals for low-risk items
Removed legacy custom branding options from tray settings; messages set under "Request Window Appearance" will no longer display, as this section has been retired
Improved Store policy management with a new "Published" toggle and an "Applies To" column on the main grid, plus clearer validation that files larger than 2GB cannot be uploaded
Improved performance and security of application policy lookups and added full support for Mac
Updated the Policy Reorder confirmation window to improve clarity and user experience.
Improved agent settings management: the "applies to" field is now locked for consistency, while Syslog OS type machine settings can still be deleted when needed
The Health Center now displays both Path Only and Process Only custom rules, giving clearer visibility into single-parameter application policies

Bug Fixes

Fixed inconsistent chart rendering issues in custom MDR reports
Fixed an issue where the DAC Report option was incorrectly disabled when Cyber Hero MDR is disabled
Fixed an issue where the "Select All" checkbox in the Existing Policies tab did not update correctly when policies were manually deselected
Fixed spacing issues in the SMS verification section of the Password Reset window
Fixed an issue where newly created child organizations did not automatically inherit the DAC feature from the parent, ensuring consistent feature inheritance
Fixed an issue where Mac policies were not appearing in the Copy Existing Policies window, ensuring policies can now be copied between parent and child organizations as expected
Fixed an issue where the Maintenance Mode dropdown was cut off when near the bottom of the Devices list, ensuring the full dropdown menu is always visible
Fixed an issue where approval requests could incorrectly show as approved by a Cyber Hero instead of the client
Fixed Advanced Search chips in Unified Audit for Office 365/Cloud Detect action types to display proper capitalization and spacing, matching other action types
Fixed an issue where the "Resolve All" action on Missing Updates failed when a patch already had an existing transaction, ensuring statuses are now updated correctly
Fixed the Criticality Trends chart to stop backfilling prior "Fail" results when a current-day "Pass" exists, ensuring the chart reflects the latest status accurately
Fixed an issue where tags created in a child organization were not retained in grandchild Network Control policies; selected tags now save and display correctly
Fixed an issue where CSV exports from Unified Audit did not include Network Traffic counts; exports now display counts correctly
Fixed a caching issue where store categories displayed incorrectly until the page was refreshed; categories now load correctly on first open
Fixed an issue where creating a policy on an application that was being merged caused a hidden duplicate until updated; policies now correctly associate with the merged application or show an error
Fixed an issue where removing the Cyber Hero Management product showed an incorrect error if no child organization was using it
Fixed an issue where Mac tray notifications for approval requests displayed extra characters instead of clean line breaks
Fixed an issue where buttons and columns on custom report popups could become misaligned when resizing the screen
Fixed an issue where users with view permissions could not open built-in applications from the Policies page
Fixed an issue where tags appeared blank when policies with parent tags were copied into grandchild organizations; tags now display the full path
Fixed an issue where clients could not see the currently applied ThreatLocker version on computers if the build was not enabled for them, even though it was already applied
Fixed an issue where upcoming patches were showing for computers that had already been removed
Fixed an issue where disabled storage control policies appeared as "null" on devices instead of showing the correct policy name
Fixed an issue where approving Mac storage requests without a serial number failed
Fixed an issue where some modules were incorrectly shown as "Included" on the Organization page
Fixed an issue in Unified Audit where filtering by username with "equals" or "starts with" returned no results
Changed proxy Agent setting to allow a null value in the hostname/IP address field
Resolved an issue where the OS icon would not show on the devices page's dropdown
Scheduled policies now validate time entries
Fixed an issue where enabling the ThreatLocker Administrator Password System (TLAPS) incorrectly applied to Windows Domain Controllers; this policy will now correctly exclude Domain Controllers as intended
Resolved an issue with the Unified Audit where the count no longer shows a "+" symbol when the results are greater than the page size

3.2.4: 9/12/2025

Improvements

Added backend and UI enhancements to support upcoming improvements

3.2.3: 9/9/2025

Bugs Fixes

Fixed an issue on the Devices page where the Machines per page dropdown was missing the 500 option

3.2.2: 9/5/2025

New Features

Added a new full Executive Summary Report for Detect

Bugs Fixes

Resolved an issue in which the incorrect confirmation message was being displayed when moving an application
Resolved an issue in which the Effective Action was not properly displaying in the Incident log in the Incident Notebook
Resolved an issue in which multiple Cloud Detect alerts were unable to be cleared using the multiselect function; only the first alert was being cleared
Resolved an issue in which the Edit Endpoint Detect Policies permission was not allowing users to create Endpoint Detect policies
Resolved an issue in which selecting the Include Child Organizations checkbox in the Incident Notebook was causing errors
Resolved an issue in which the request body was not being cleared when changing a Call RestAPI or Call Webhook action from a POST to a GET or DELETE
Fixed alignment issues in the MDR Runbook sidebar

3.2.1: 9/4/2025

New features

Added new tab on all integration sidebars to show API logs.

Bug Fixes

Resolved an issue in which Configuration Manager policies were unable to be downloaded from the Community without error
Resolved an issue in which Agent Settings were not correctly using nested data fields
Resolved an issue in which the Instance dropdown on the login page was being displayed incorrectly
Resolved an issue in which the delete button on the Existing Policies tab was being displayed with the incorrect label
Updated the API User validation
Resolved an issue in which the hoverover text on the auto-populate button was displaying incorrectly
Resolved an issue where incorrectly formatted Linux baseline logs were not being displayed properly in the Unified Audit

3.2.0 8/29/2025

Improvements

Made improvements to how Criticality levels are displayed for Compliance Frameworks without a manually assigned Criticality
Added Policy ID along with the Application ID to System Audit log details
Added Unified Audit search operators to the System Audit log
Added an EULA to be displayed when first selecting the DNS server in Web Control
Made improvements to the formatting of the 'Install Computers' dialog for better consistency and alignment
Made improvements to the way Web Control policies are ordered when generated by Web Control request approvals
Improved the DAC Compliance Details dialogue interface
Added additional filtering on the DAC dashboard to filter by criticality
Added the ability to view the Policy ID for a Patch Management policy being edited within the 'Edit Patch Policy' sidebar
Updated the 'Select a version' dropdown within the 'Update ThreatLocker Version' dialog to display the correct logo for the Syslog version option
Made improvements to the 'Add' and 'Remove' button styles on the 'Listener Configurations' agent setting sidebar
Updated the pagination system on the 'File History' tab within Unified Audit entry sidebars for consistency across the portal
Made improvements to now show the complete organization's familial relationships in the Organizations page
Added scroll bars to the DAC, Health Center, and Community pages for improved navigation and visibility
Optimized the 'Applies To' validations in the Response Center
Added error notifications to clearly indicate when requests to export a large number of logs from the Unified Audit have timed out
Added the hostname to the details field within the System Audit
Added a link to view the latest DAC results for a specific device from the Devices page
Improved the initial Learning Mode start date under 'Maintenance History' for a device to more accurately display the date of the initial Learning mode
Made improvements to the 'Agent Restart Required' warning chip on the Computers tab of the Devices page to avoid false flags began
Added an 'Applies To' column to the "Show All" filter in Patch Management
Added a new Previous Version column to the Patch History tab of the Computer sidebar
Improved the way Custom Rules are grouped and displayed in the Approval Center
Added CSP to portal security headers
Improved 'Submit Offline Ticket' creation to not require hitting enter after pasting contents from the clipboard
Added a prompt identifying unpatched computers affected by a new Patch policy, with an option to patch them immediately
Added a list of Application Policies and their locations that would apply to that computer in the Application Approvals sidebar
Changed the Escalated Approval Status to reflect all possible escalations better
Added the ability to create new policies and edit existing policies from the Actions section of the Detect policy page
Added two new Detect Exclusion Conditions of "Full Path With CmdLine" and "Process Path With CmdLine"
Made Improvements to the UI when creating or editing Detect policies with a lot of Policy Conditions
Added column sorting to the Cloud Detect Policies page
Added column sorting to the Endpoint Detect Policies page
Improved the Initiate Defender Scan Detect Policy Action feature to avoid multiple
Made improvements to policy layout and display for Detect Recommendation Details scans from being initiated
Added multiselect functionality to Community Policies
Changed the Elevate chip color to blue in the Approval Center to easily differentiate
Improved the 'Create Report' permission by allowing users to save new reports and create scheduled reports. This new permission is called 'Create Custom Schedule Reports'

Bug Fixes

Resolved an issue where the 'Prioritize Built-In Applications' Agent Settings checkbox was always checked
Resolved an issue in which adding an Object as a selected source on a Network Control policy would cause the 'All Ports' destination option to remain disabled after switching back to 'All' sources
Resolved an issue in which assigned managers for organization admins would not show properly on the Users page
Removed the ability to edit the 'Applies To' of an agent setting after the setting is created and saved
Resolved an issue in which the 'Selected Users & Groups' input field on an Application Control policy would not clear properly after successfully adding a user or group
Resolved an issue in which selecting 'Add Policy to Top' on a Web Control policy would not follow the correct hierarchy when assigning the policy order
Resolved an issue in which the checkbox for the 'Prioritize Built-In Applications' agent setting would always display as enabled
Resolved an issue in which the Run in Testing Environment was not being displayed from the Unified Audit
Resolved an issue in which the 'Pending Restart' tag would be displayed incorrectly on the Devices page when sorting by certain columns
Resolved an issue in which Agent Settings would be incorrectly displayed for deleted computers
Resolved an issue in which a 500 error would occur when using the 'Copy Link' option to download the SysLog Ingester Installer from the 'Install Computer' dialog
Resolved an issue in which copying policies was incorrectly resulting in an Invalid ID error
Resolved an issue in which Linux policies set for specific users and groups were incorrectly clearing the users on save
Resolved an issue in which a scheduled Application Control policy was incorrectly permitting Elevation to be set to expire
Resolved an issue where the Requestor details were not being saved to the Application Policy in the Approval Center
Resolved an issue in which Tags could be saved with the same name
Resolved an issue with running a file in the Testing Environment that contained an ampersand in the filename
Removed help text in the Login Settings that noted IP addresses could be added in CIDR notation, as that is not a valid configuration entry
Resolved an issue where a 500 error was given when trying to access the Detect Executive Summary Report
Resolved an issue where specific Cloud Detect Threats would produce inconsistent errors
Resolved an issue with being unable to copy inactive Detect policies
Resolved an issue where the 'Applies To' in a Detect Policy was not searchable by Hostname
Resolved an issue with a 500 error when trying to Clear All Detect Alerts
Resolved an issue where long Policy names were cut off in Detect Policy Conditions

3.1.3 8/28/2025

Bug Fixes

Resolved an issue with Unified Audit filter chips not clearing when the filter itself was cleared
Resolved an issue with the Unified Audit filter chips not loading automatically when using Advanced Search
Resolved an issue with the Unified Audit filters not clearing when filter chips are closed (x)

3.1.1: 8/20/2025

Improvements

Updated DAC Criticality Trend Chart logic to better account for Tests that have been run multiple times per day
Alerts are no longer displayed for objects (M365 accounts or Devices) that are in Remediation

Bug Fixes

Resolved an issue where a specific Unified Audit Simulated Deny could not be opened

3.1.0: 8/19/2025

New Features & Improvements

Added ability to build and schedule custom reports using the Report Builder
Added a button to the Unified Audit which opens the Schedule Report dialog
Added a new permission which provides access to create new scheduled reports from the Schedule Report window
Added the ability to filter Application Control policies by a new "Policies Without Ringfencing" filter option
Improved the user creation process by allowing individual permissions to be assigned at time of creation
Improved UI alignment on the Maintenace tab in the Computer sidebar
Changed the Storage Control Policies default view to include Inactive and Expired policies
Improved the Upload File button functionality in an Approval Request to behave more consistently with the expected use case
Improved the automatically generated Unified Audit recent search names for readability and conciseness
Improved alignment of components in the DAC dashboard
Improved alignment throughout the Community Policy sidebar
Improved Unified Audit filter chip alignment
Improved alignment of IP Addresses table in the Computer sidebar
Updated pagination wording to better reflect page content on the Policies tab of the Elevation Control Module
Updated Version title text on the Computer sidebar to better reflect the information being displayed
Updated text on Agent Restart success toast
Added Application Control Policy Creation from Approval Requests to the System Audit, including Applies To and Ringfencing
Made improvements to the Missing Updates tab regarding minimum Agent version
Improved the logical grouping of information being presented in the Maintenance History section of the Maintenance tab on the Computer sidebar
Made an improvement to how Web Control Dashboard chart labels are displayed
Improved display of the shadow text when setting proxy or relay settings to include http or https
Added 'Applies To' for Patch Management, Configuration Manager, and Web Control policies to their respective System Audit entries
Now displaying what policy was responsible for the deny in the Approval Center
Removed the ability to set Exclusions in the Organization sidebar as they are no longer supported
Removed the All Ports Destination option when using Objects as a source in a Network Control policy
Implemented Categories for Custom Applications in the Application Store
Updated the Copy Existing Policies feature help and error messaging in Application Control for clarity when duplicate policies exist in the destination
Added a file counter to the Additional Files tab when the file count was less than required for pagination
Made improvements to the settings layout and verbiage in the 'Computer Group Settings' section of the 'Edit Computer Group' sidebar
Updated the IT Glue integration to move it off of legacy portal
Updated the verbiage for ThreatLocker App email and SMS notifications to remove the word "Access"

Bug Fixes

Resolved an issue where an admin received a 401 error trying to schedule an Elevation Maintenance Mode while the Computer was in Application Control Learning Mode
Resolved an issue where admin able to click 'Add Note' button without entering all required fields first resulting in an error message
Resolved an issue where the Unified Audit filter chips were not clearing when the current filters were cleared
Resolved an issue where unable to save an Application Control policy successfully when the only change was toggling 'Attach file with request' on or off
Resolved an issue within certain modules where the Home and End keys were not functioning
Resolved an issue where the Application name was not being displayed when adding an application to an Existing Policy
Resolved an issue where pagination wasn't updating when switching between organizations in the Unified Audit
Resolved an issue where a false 400 error is continuously encountered when setting a new Maintenance Mode after getting a legitimate 417 error from an invalid date being entered
Resolved an issue where you were able to promote a policy in Application Control to the 'Removed Computers' Computer Group
Resolved an issue where trying to merge Applications spread across multiple pages would deselect the first selected when navigating to the next page
Resolved an issue where the reveal password button would disappear if you clicked off the field and not come back after clicking back into the field
Resolved an issue where HaloPSA integration was not pulling down Client name changes
Resolved an issue where specific PowerShell process paths were being filtered out of the Unified Audit when 'Remove White Noise' was applied
Resolved an issue with Cyrillic Usernames appearing as ?????? in the Response Center
Resolved an issue where the Organization dropdown when setting Roles or Permissions was not showing the full available list
Resolved an issue where Unified Audit Export to CSV was limited to 10,000 rows without checking the Show Count checkbox
Resolved an issue where unable to make changes to Application Policies attached to hidden Mac Applications
Resolved an issue with being able to add Entra groups to a Web Control policy from the Response Center
Resolved an issue with getting a 500 error when trying to sync Datto Service Bundles with long names
Resolved an issue with the tab counters not displaying properly in the Response Center without clicking the in-page refresh button
Resolved an issue that allowed users to rename a Computer Group containing devices into a Global Group unexpectedly
Resolved an issue in which selecting 'Forgot Password' was causing errors
Resolved an issue in which Portal Banners would incorrectly include line breaks

3.0.6: 8/18/2025

Improvements

Additional updates and improvements to the Portal and API in support of future functionality

3.0.5: 8/15/2025

Improvements

General updates to the Portal and API in support of future functionality

3.0.4: 8/14/2025

Improvements

Improved cache performance for Portal API

3.0.3: 8/12/2025

Improvements

Disabled the 'Application' Condition in a Detect policy when paired with a Read or Write Action Type Condition as it would never produce an Alert
Improved how Policy Conditions are displayed in the Detect sidebar when creating a policy
Made improvements to how the Detect Alert Center displays on lower resolutions
Removed the unnecessary Body field for Detect Call Rest API/Call Webhook Actions using the DELETE Method
Added 'View Administrator Account Password' permission to allow for an admin with the permission to view the password from the portal

Bug Fixes

Fixed an issue with the Super Admin Child permission, where it was able to move an application to the parent organization
Fixed an issue with password reset for SAML on beta.threatlocker.com
Fixed an issue with Cyber Hero privileges for DAC reporting tab
Resolved an issue with a field validation error being displayed unexpectedly when creating a Detect policy utilizing the 'Create Connectwise Ticket' Action
Resolved an issue with a Call Rest API/Call Webhook Detect Policy Action failing when configured as an IP versus FQDN
Resolved an issue with not being able to disable or delete Cloud Detect policies on a Child Organization from the Parent
Resolved an issue with a field validation error being displayed unexpectedly when creating a Detect policy utilizing the 'Send Email' Action

3.0.2: 8/8/2025

Bug Fixes

Resolved an issue where selecting an application from the 'Add to Application' search results with multiple matches would incorrectly choose the closest match instead of the selected one

3.0.1: 8/8/2025

Improvements

Improved wording of and streamlined available options for Network Control policies by Process
Improved DAC layout of compliance chips

Bug Fixes

Resolved an issue where the 'Patch Now' button appeared for applications with patches still undergoing testing

3.0.0: 8/6/2025

New Features & Improvements

We are excited to open up the new Defense Against Configuration (DAC) feature to Beta. Please reach out to your Account Manager or Sales Representative for additional details
Navigating the Defense Against Configuration Dashboard | ThreatLocker Help Center
Added new Syslog Ingester feature
How to Install the Syslog Ingester | ThreatLocker Help Center
Improved Portal API memory usage and performance
Changed the default for the 'Notify Requestor' checkbox on Approval responses to checked

Bug Fixes

Resolved an issue where approving an application with permanent Elevation was creating an expired policy in specific circumstances

To view beta portal release notes for version 2.25.2 and lower, please visit: Beta Portal Release Notes - Version 2.25.2 and lower | ThreatLocker Help Center