Linux Agent Release Notes

Linux Agent 

Officially Supported Versions

Known Limitations

• Files downloaded from the ThreatLocker portal will need to be renamed before installing

  • File names as downloaded from the portal:

    • Ubuntu - ThreatLocker-xxxxxxxxxxxxxxxxxxxx.deb

    • RHEL - ThreatLocker-xxxxxxxxxxxxxxxxxxxxxx.rpm

  •  File names need to be changed to:
    • Ubuntu - 1.1.0-297_ubuntu_22_4.x86_64_xxxxxxxxxxxxxxxxxxxxx_c.deb
    • RHEL - 1.1.0-297_rhel_9.x86_64_xxxxxxxxxxxxxxxxxxxxxxxx_c.rpm
  • Command to rename the file:
    • cp /path/to/file /path/to/renamed-file
• ThreatLocker Linux Agent is headless (no tray)
• Override Codes are not currently supported
• Storage Control is not currently supported
• ThreatLocker Detect is not currently supported
• Configuration Manager is not currently supported
• Elevation has not been fully implemented
• RHEL7 does not include the ability to enable/disable Tamper Protection
• Network Control is currently only logging network traffic
• Network Control does not work on RHEL7, and is currently unreliable on Ubuntu 20.04, and 22.04.

Linux Agent Version 1.3: Beta 11/22/24

New Features

• Added an Ubuntu Server 20.04 Agent
• Added support for Built-In Applications
• Added logging of inbound and outbound network traffic
• Made improvements to the baselining process

Bug Fixes

• Resolved an issue in which Applications were not learned until after the baseline was scanned

Linux Agent Version 1.2:  Live 10/18/24

New Features

• Added support for Policy statuses
• Added the ability to use Installation mode
• Added visibility of the Created By Process on Execute logs, and support to use the Created By Process in custom rules
• Added the ability to trigger a baseline scan from the portal
• Added logic to pull down Policies and Application definitions before the baseline scan begins

Bug Fixes

• Resolved an issue in which Applications were not learned until after the baseline was scanned

Linux Agent Version 1.2:  Beta 09/25/24

New Features

• Added support for Policy statuses
• Added the ability to use Installation mode
• Added visibility of the Created By Process on Execute logs, and support to use the Created By Process in custom rules
• Added the ability to trigger a baseline scan from the portal
• Added logic to pull down Policies and Application definitions before the baseline scan begins

Bug Fixes

• Resolved an issue in which Applications were not learned until after the baseline was scanned

Linux Agent Version 1.1: Live 09/11/24

New Features

• Added Linux support for Heatbeat Check in and Full Check in

Bug Fixes

• Resolved an issue in which storage device serial numbers were not displaying correctly in the Unified Audit from a Linux machine
• Resolved an issue in which the Process Path in the Unified Audit was not reflecting the exact path of a file executed on Linux

Linux Agent Version 1.1: Beta 09/09/24

New Features

• Added Linux support for Heatbeat Check in and Full Check in

Bug Fixes

• Resolved an issue in which storage device serial numbers were not displaying correctly in the Unified Audit from a Linux machine
• Resolved an issue in which the Process Path in the Unified Audit was not reflecting the exact path of a file executed on Linux

Linux Agent Version 1.0.5.272: Live 9/9/24 

New Features

• Install and uninstall instructions found here: https://threatlocker.kb.help/installing-and-uninstalling-the-threatlocker-linux-agent/
• Added the ability to specify an API URL into the installer file
• Added the ability to block and unblock files
• Added Tamper Protection 
• Added support for Ubuntu Server 22.04.4 LTS (Jammy Jellyfish) and Red Hat Enterprise Linux 9.4 (Plow)
• Added the ability to request an application/file
• Added support for enabling/disabling products

Bugs and Fixes

• Resolved an issue in which user permission was denied on newly created Permit policies
• Resolved an issue in which the agent was ignoring Application Definition updates
• Resolved an issue in which installation failed due to lack of synchronization
• Resolved an issue in which the Linux agent was terminated on reboot if the machine lost internet access
• Resolved an issue in which actions that were performed with the same file by different users were only logging for the first user
• Resolved an issue in which multiple policies referring to the same binary were leading to a permanent binary lock
• Resolved an issue in which unexpected policies were generated for some applications
• Resolved an issue in which Sudo was not being impacted by Default - Deny
• Resolved an issue in which the Policy Name and Policy ID were not being displayed in the Unified Audit

Linux Agent Version 1.0.5.272: Beta (8/29/2024)

New Features

• Install and uninstall instructions found here: https://threatlocker.kb.help/installing-and-uninstalling-the-threatlocker-linux-agent/
• Added the ability to specify an API URL into the installer file
• Added the ability to block and unblock files
• Added Tamper Protection 
• Added support for Ubuntu Server 22.04.4 LTS (Jammy Jellyfish) and Red Hat Enterprise Linux 9.4 (Plow)
• Added the ability to request an application/file
• Added support for enabling/disabling products

Bugs and Fixes

• Resolved an issue in which user permission was denied on newly created Permit policies
• Resolved an issue in which the agent was ignoring Application Definition updates
• Resolved an issue in which installation failed due to lack of synchronization
• Resolved an issue in which the Linux agent was terminated on reboot if the machine lost internet access
• Resolved an issue in which actions that were performed with the same file by different users were only logging for the first user
• Resolved an issue in which multiple policies referring to the same binary were leading to a permanent binary lock
• Resolved an issue in which unexpected policies were generated for some applications
• Resolved an issue in which Sudo was not being impacted by Default - Deny
• Resolved an issue in which the Policy Name and Policy ID were not being displayed in the Unified Audit