Summary:

When ThreatLocker introduced Network Access Control (NAC) as a product for ThreatLocker versions 7.0 and newer, processing was added to the driver and service to monitor network traffic passively to allow the new product to be enabled and used at the partner's discretion.

In some situations, we have isolated reports of machines (typically servers) with large amounts of DNS entries that would potentially flood the caching tables and interrupt network traffic.

Symptoms:

• Network resources become inaccessible
• User logins managed by Active Directory may be interrupted or delayed
• Internet connectivity may be interrupted or delayed
• Managed services on the machine may be interrupted or delayed

Solution:

ThreatLocker has increased the cache limit for DNS entries following the release of version 7.7. We have included a NAC database that gets utilized to improve the efficiency of our service handling DNS entries being cached. We also limited the amount of processing when not utilizing NAC or ringfencing.