Security Improvements to Tamper Protection Performance Improvement when utilizing group membership Health Service is now installed by the ThreatLocker Service Added the ability to customize computer names upon installation by a script using the Stub Installer Fixed an issue with .ps1 files and baselining Fixed an issue where some customers experienced RetailPro 9 software failing on installation Fixed an issue where some customers experienced N-Able Backup Manager failing Fixed an issue with temp files being created for some customers when using an invalid URL for the Tray Icon Improved the compatibility between AD Groups and Ringfencing Policies for better functionality Fixed a performance issue that was experienced by some customers when adding new core files Fixed an issue where core files could create high disk IO usage when a large number of patches was released Resolved an issue where certain files were locked during the installation of some applications

Resolved an issue some customers experienced with Veeam Backup update failing. Resolved an issue in which some customers experienced a temporary increase in memory usage when restarting the ThreatLocker Service. Resolved an issue some customers experienced in which the certificate on some files registered incorrectly on installation (this did not affect execution). Made performance improvements to the calculation of SHA256 hashes. Made performance improvements to core file downloads. Resolved an issue in which some customers experienced an increase in IO usage when downloading the core files after applying a large number of Microsoft patches.

View in Browser New Features Kill Running Processes - Deny Policies now include the option to 'Kill Running Processes'. When enabled, once a file matches that Policy, the process that the file originated from will be terminated. Windows 11 Upgrade - ThreatLocker 6.6 now supports the feature update to Windows 11. Improvements General improvements to performance Improvements to Core performance and caching Fixes Resolved a Remote Presence issue some customers experienced that caused offline file synchronization to fail.

  We are excited to announce our latest build, "ThreatLocker 5.27". The new build brings improvements and enhancements. The improvements are listed in order below:- Fixes an issue with Tamper Protection Mode, where Solarwinds N-Central is unable to Monitor the Service when tamper protection is enabled.  Fixes an issue where restarting the driver when a computer is processing data can cause the system to crash.  Fixes issue where ThreatLocker is removed after upgrading to Windows 10 2004 Prevents tray popups when command prompt falsely reports none executable files, with the executive the action.

We are excited to announce our latest build, "ThreatLocker 5.25". The new build brings many improvements and enhancements. The build is currently in beta, and we are inviting our MSP Partners to test it out on your internal systems.  The improvements are listed in order below:- Performance improvements. ThreatLocker has made major changes to our system's core so that we process core operating system files directly at the Kernel.

New Features Added a link to the ThreatLocker Twitter feed in the bottom left corner Added a password strength meter into the Create or Edit Administrator window   Improvements Improved the overall performance of the Computers Page and the Organizations Page Improved the System Audit page to log more information Fixes Fixed Connectwise Integration company mapping issues experienced by some customers Fixed Unified Audit issue with policies not linking to some child accounts Fixed Billing Page issue where some customers could not view previously added payment methods

The new System Audit Page is live on beta.threatlocker.com. This page will provide a central area to view a log of the activity that has occurred within your ThreatLocker account, including the date and time, the username, their action, the IP address they connected from, details of what they interacted with within the ThreatLocker Portal, and whether or not that action was successful. These logs have traditionally been kept internally, but are now visible via the System Audit Page.

View in Browser We have added the ability to 'Override' your Cyber Hero Approval settings at the computer group level. For detailed instructions, click here. For accounts with Cyber Hero Approvals enabled, any request that the Cyber Heroes are unable to process will be escalated to the MSP. Those escalated requests will be emailed to the administrator that has been designated, and in the Approval Center they will be highlighted and marked as 'Escalated from the ThreatLocker Cyber Heroes'.

Improved Splunk Integration - Spunk is now enabled from the Integrations page, and you only need to enter your Splunk Receiver URL and Token once. Then you can simply click a checkbox on the policies you want records forwarded to Splunk on. For detailed instructions, please click here. New Billing Page - The Billing page now includes invoices and quotes as well as areas to update billing contacts and payment methods.

Approval Center Page When searching the 'Approved' requests, it will list the requests in descending order by the date and time of the approval instead of the request date and time. The 'Notes' section of request tickets has been increased from 1000 to 4000 characters. We have added logic when processing requests in which ThreatLocker will suggest the rules it thinks you will need based on the file. For example, if there is a request for a .

On December 14th, 2022, there was an issue regarding ThreatLocker and Hyper-V hosts with Windows Server 2019 that affected a limited group of partners. Due to a known issue within Microsoft's December Patch Tuesday releases, an issue was triggered with our Hyper-V hosts that caused a handful of files to be profiled to our core later than usual. This has since been remedied, and all files were accounted for by 10:30 AM EST on December 14th.

Made Improvements when managing Organizations, you can now manage sub-organizations in separate tabs. This makes it easier for MSPs to switch between accounts.  Added Documents section to the billing page, where you can see agreements or other documents added by ThreatLocker.  Added Google Chrome Lookup and Edge Chromium Lookup for Extensions from the Audit. 

The following changes are being released to the portal this week.  We have added support for lower resolution screens. When running on a screen that is lower resolution, the menu bar will now shrink and the page will have a minimum width. This makes rendering on mobile devices much more friendly, and lower resolution screens.  Managed Service Providers can now directly permit items to their "Global" groups directly from the Audit and the Approval Center.

The following changes have been made to the portal. Added information to the application Notes when adding items from the Portal through the "Add to Application" button in the Unified Audit, or from the Applications page Added the Unique Identifier for deployment scripts to the "Install New Computer" page Fixed an issue where the Computer page didn't appear to be loading when changing the page size Fixed an issue where some dates weren't using the local time zone settings Added an Application Policy filter for policies not matched in over six weeks Fixed an issue with Permit Vender when permitting for Global the policy would not be created

 The following changes have been made to the portal.  Added the Application Name to the Unified Audit, this will show which application in a policy that was matched Added the full path of the Policy (i.e. Organization Name \ Group Name \ Policy Name) to the Unified Audit; this path is also a link that will open the policy Added the Date Created field to the Organizations Page Seperated the Active count on the Organizations page to a new "

 The following changes have been made to the portal. Performance improvement on the Computers Page. The Last Checkin date will not be updated on login or manually using the "Update Last Checkin Date" button on the Computers page. Added a notification to complete contact details when logging in, if they were not already provided.  Added configuration options for Scheduled Policies for customers using 5.24 or above. 

Complete overhaul to the approvals process, full details can be read in our article "Approval Center – Revamped" Overhaul to our Child Organization management - selecting Manage will open a new tab and allow you to view the child organization as they will see it, the managed organization name will display in the tab name and you can manage multiple organizations at the same time through different tabs Added the ability to select your idle logout time from the login page - please note, the times selected here are inactive time, so selecting 30 minutes will allow you to work on the portal as long as you desire, and remain inactive up to 30 minutes between tasks without needing to re-authenticate.

 The following changes have been made to the portal.  Maintenance Schedules have replaced Learning Mode, Tamper Protection, and Monitor Only (See "Maintenance Mode" in this article) Added the feature to mass Move Computers between Organizations and Groups (See "Move Computer" in this article) Added the feature to mass Remove offline computers from the portal Added a feature to Remove Unused Policies from a group (See "Remove Unused Policies Button"

View in browser We have made multiple changes to the Unified Audit in the backend to improve search performance We have added the ability to exclude items from the search by prefixing the field with an "!" e.g. To exclude the path c:\example\* from the audit results, you need to input !c:\example\* into the Path search box Following your feedback on our new Computers page, we have added further changes to make the process easier when switching a computer between Learning, Monitor Only, Installation, and Secured.

Resolved issue with the ConnectWise Integration that was imposing a limit on the number of computers for some organizations Added paging to the Tags page to improve page loading Resolved an issue where some customers received an invoice pdf that was unreadable

 View in Browser The first version of the ThreatLocker Mobile Application is currently available for iOS devices. We do have a limited amount of spaces, so testing privileges will be assigned on a first-come, first-serve basis. ThreatLocker Mobile currently provides a condensed view of your Computers page, allowing you to quickly enable and disable Learning Mode, Monitor Only Mode, or Elevation Mode.    If you are interested in participating in this beta test, please send your AppleID to mobileapp@threatlocker.

View in Browser Added the visibility of Parent Applications in the Application dropdown lists for child accounts Added the ability to enter comments when ignoring an Approval Request Added more information to the System Audit when adding new files to an Application Added a message to Integrations to prompt users to reach out to Support when setting up a new integration Added support for European IT Glue Improvements and bug fixes to the ConnectWise Integration Made overall improvements to the Portal's performance Fixed a bug where some customers were unable to link from a file in the Unified Audit to the Policy that matched the file because the link was disabled Fixed a bug where for some customers, if a computer was in a permanent Monitor Only status, the Maintenance Mode wouldn't change from the quick dropdown menu Fixed an issue with autofill when adding a credit card payment Fixed an issue where some customers were unable to select a payment method

Bug Fixes and Performance Improvements Resolved an issue experienced by some customers when adding credit card information from Autofill Added a Save & Close button to all Integrations setup windows Resolved an issue where some customers couldn't remove their payments from the Billing page Fixed an issue with Kaseya BMS failing to save changes for some customers Resolved an issue with the Applications Installed/Updated in the last 30/7 days report Fixed an issue some customers were experiencing with ConnectWise quantities not syncing correctly with their contracts Changed the red message bar that populates on integrations to only show if the message is relevant to the user Fixed issues some customers experienced with the ITGlue Integration regarding assets and computers Resolved an issue where some customers were unable to view the Built-In Applications when creating Policies Resolved an issue where some customers couldn't create new maintenance schedules from the Maintenance Schedule window Fixed an issue some customers experienced where the user would be logged out when completing an approval after following the link from their email Resolved an issue where the users dropdown wasn't showing for some customers when setting a maintenance schedule from the Maintenance Schedule window

  Fixed an issue some customers experienced with the Computers Not Running ThreatLocker script not working correctly Added Ticket Type and Ticket Source dropdown menus to the Kaseya Integration Fixed an issue in which some customers could not move Policies from a child organization to the Global level Resolved an issue where some customers were logged out of the Mobile App after 30 minutes regardless of the logout time they selected Made performance improvements on the Computers Page Fixed an issue where some customers occasionally did not receive the banner message when pressing the 'Update Last Match' button.

New Features Added ability to enforce MFA settings on the Security Center > Login Settings Page Added the ability to move computer(s) in a child account to a grandchild account Improvements Fixed an issue some customers experienced where applications you learn into wasn't being displayed on the Computers Page Fixed an issue some customers experienced where a permanent policy was occasionally created showing an expiry Fixed an issue where some password managers were unable to use autofill on the ThreatLocker Login Page Fixed an issue some customers using the ConnectWise Integration experienced in which their ConnectWise settings appeared to reset upon opening Fixed an issue some customers experienced when using the Datto Integration Auto-Push feature that jobs were being scheduled as immediately instead of being scheduled as daily.

New Features Added a new Help Desk page to the ThreatLocker Portal. Provides the ability for customers to open support tickets, close support tickets, and check on the progress of their support tickets. For more information, please see theHelp Desk KB.

 The following updates have been applied to 5.21.7. Computers that are configured for the 5.21 major releases will automatically receive these updates on their next computer or service restart. You can force the restart from the computers page on the ThreatLocker portal.  Fixed issue where unchecking the "Restrict access to the internet" checkbox without turning off ringfencing did not disable ringfencing internet policies.  Added the ability to add Monitoring Only Mode for individual policies.

There is a change to the method in which we process Chrome and Edge Chromium extensions Instead of processing the CRX files which were constantly changing and unidentifiable, we now process the manifest.json file this allows us to pull the application name from the file as well as display the identifier that can be searched in Chrome Web Store In addition to this change, we made a change to the Portal to display the application name as it is pulled from the manifest.

New feature - You can now schedule policies to only run during the times specified, allowing you to permit or deny access to certain tools outside of the schedule you configure (Screenshot below) We have resolved an issue affecting limited users where files would become locked when being created on network shares Additional small bug fixes Performance improvements

 We are excited to announce our latest build, "ThreatLocker 5.26". The new build brings improvements and enhancements. The improvements are listed in order below:- Performance improvements. ThreatLocker has made changes to our service, to reduce the processing when there are shared libraries used. This can reduce the number of files processed during startup by up to 75% Added support for blank processes using storage policies. You can now specify [] to represent no process in a storage policy.

  We are excited to announce our latest build, "ThreatLocker 5.28". The new build brings improvements and enhancements. The improvements are listed in order below:- Fixes an issue where some items are flagged as executed from command prompt when they are not executable files.  If you wish to make use of 5.28, please perform the following steps.  Log into the ThreatLocker Portal.  Select the Computer Groups page.  Select the group you wish to test on.

View in browser The ThreatLocker Tray located on your Windows Taskbar has recently brought forth changes in its function. Along with those changes and a new and improved icon image, you are now able to execute a variety of tasks. This article will cover the functionality of the new ThreatLocker Tray. Before and After: Note: You must be running ThreatLocker version 5.29 Blocked Files/User Requests When a file is now blocked, a pop-up window that includes the file details will be displayed on the bottom right of your screen.

We are excited to announce our latest build, "ThreatLocker 5.29". The new build brings improvements and enhancements. The improvements are listed in order below:- Upon popular request, we have re-added support for Windows Server 2008 R1.  Added the ability to add a rule to the application process path for empty processes by adding [] in the process path Fixed an issue, where antivirus can block calculation of the Hash when updating ThreatLocker, causing the update the redownload multiple times Introduced a new version of the Tray - for all details of this feature please view the full article here Introduced the ability to monitor PowerShell commands (the first 100 characters of the command will be displaced under the action type of PowerShell) If you wish to make use of 5.

   We are excited to announce our latest build, "ThreatLocker 5.30". The new build brings improvements and enhancements. The improvements are listed in order below: Due to various conflicts, we have removed the logging of PowerShell commands from the mainstream build and limited it to the PS build.  Added significant performance improvements when installing or deleting new executable or DLL files.  Fixed an issue where partial files on WinSXS folder are only hashed in a partial state.

This article contains the details on the features and fixes released with "ThreatLocker 6.0" New Products ThreatLocker Elevation introduced New Features and Improvements   Added Registry Key containing the current ThreatLocker Agent version installed on the Computer - "ThreatLockerVersion"  Automatically Delete Temporary Files from the ThreatLocker folder when updates are completed. Resolves an issue where Installed By was causing a match when installed by another application Remote Presence introduced Tray updated to a friendlier design The tray icon is now able to be changed, you can also use (hide) to hide the tray icon, and (disable) to stop the tray from opening.

 This article contains the details on the features and fixes released with "ThreatLocker 6.1"New Products New Features and Improvements    Made improvements to Powershell ringfencing policies.  Made improvements with application cert cache.  Fixes and Improvements Resolves an issue where "Installed By" was causing a mismatch when installed by another application.

 This article contains the details on the features and fixes released with "ThreatLocker 6.2" Fixes and Improvements Resolves an issue where certain 32-bit computers were unable to install ThreatLocker. Works around an issue with Sophos Intercept X Advanced where their driver could cause a computer to Blue Screen if other filter drivers are installed - more information on this can be found in our article: Working Around the Sophos BSoD.

Before ThreatLocker Version 6.4, if an application had Elevation enabled, the application was run under a simulated user called threatlocker_uac. Beginning in ThreatLocker Version 6.4 if a program is run with Elevation, it now runs the application under that same local user, just with elevated privileges. This means that if the user is running an application such as QuickBooks, and there are mapped drives and network shares that they need to access, when that application is Elevated, it will be Elevated under their normal user account and they will still be able to access these mapped drives and network shares.

Improvements to Tamper Protection Improvements to Ringfencing  Fixes an issue where a process may be marked as Ringfenced if it uses the same process ID as a previous Ringfenced process. For example, if you opened Internet Explorer and that is Ringfenced, and then you close it, and you open Office and it is not Ringfenced, but it uses the same process ID, then it would have been Ringfenced. This issue has been resolved.

View in Browser Elevate  Version 6.4 makes improvements to the Elevate product. Instead of being Elevated under a simulated account, threatlocker_uac, the end user will now be Elevated under their normal user account for the specified application.   Ringfencing Version 6.4 makes improvements to the default Ringfencing policies. It fixes an error that caused some default Ringfencing policies to ignore the computer learning mode and be secured right away.

Before ThreatLocker Agent 6.5, we've received reports that Elevation fails to elevate a user even when there's a policy in place. This is due to a known issue where if you were previously an Administrator, ThreatLocker mistakenly believes the local user is already an Administrator and fails to elevate as a result. Improvements to ThreatLocker Agent 6.5 have successfully resolved this mistake, and elevates the user or policy as expected.