Linux Agent Release Notes | ThreatLocker Help Center

Linux Agent

Officially Supported Versions

Linux	Supported Kernel Version 3.10 and up
RHEL 7.9	3.10.0-1160.el7.x86_64; 3.10.0-1062.el7.x86_64; 3.10.0-1127.el7.x86_64; 3.10.0-862.el7.x86_64
RHEL 8.9	4.18.0-553.16.1.el8_10.x86_64
RHEL 8.10	4.18.0-553.16.1.el8_10.x86_64
RHEL 9.x	5.14.0-503.19.1.el9_5.x86_64 5.14.0-362.8.1.el9_3 5.14.0-284.11.1.el9_2.x86_64 5.14.0-427.18.1.el9_4.x86_64 5.14.0-427.28.1.el9_4.x86_64 5.14.0-427.20.1.el9_4.x86_64
Oracle Server 7.9	4.14.35-2047.515.3.el7uek.x86_64
CentOS 8 (Several versions are temporarily unsupported. See known issues.)	4.18.0-408.el8.x86_64 4.18.0-448.el8.x86_64 4.18.0-526.el8.x86_64 4.18.0-536.el8.x86_64 4.18.0-536.el8.x86_64+debug 4.18.0-544.el8.x86_64 4.18.0-546.el8.x86_64 4.18.0-546.el8.x86_64+debug 4.18.0-552.el8.x86_64
CentOS 9	5.14.0-386.el9.x86_64 5.14.0-437.el9.x86_64 5.14.0-119.el9.x86_64 5.14.0-479.el9.x86_64 5.14.0-419.el9.x86_64 5.14.0-460.el9.x86_64 5.14.0-446.el9.x86_64 5.14.0-480.el9.x86_64 5.14.0-372.el9.x86_64 5.14.0-373.el9.x86_64

To use ThreatLocker Agent on Ubuntu systems you need to meet exact kernel version support. For example 6.8.0-51-generic, not 6.8.0 or 6.8.0-59

For correct error handling you need to install curl on your Ubuntu system.

Ubuntu 16.04 Desktop/Server	4.15.0-1113-azure 4.15.0-112-generic 4.4.0-31-generic 4.4.0-210-generic 4.15.0-142-generic 4.13.0-1021-oem
Ubuntu 18.04 Desktop/Server	5.4.0-1109-azure 5.4.0-150-generic 4.15.0-213-generic 5.4.0-150-lowlatency 5.4.0-48-generic 5.3.0-28-generic 4.15.0-126-generic 4.15.0-194-generic
Ubuntu 20.04 Desktop/Server	5.15.0-46-generic;
Ubuntu 22.04 Desktop/Server	5.15.0-105-generic; 6.8.0-50-generic
Ubuntu 24.04 Desktop/Server	6.8.0-51-generic

Linux Agent Version 2.0: Beta 4/25/25

New Features

Network Control
Added support Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04
Added support Centos 7.9, 9
Added support RHEL 7.9
Added support RHEL 9.x
Added support RHEL 8.4, 8.5, 8.6, 8.8, 8.9, 8.10
Added support Oracle Server 7.9
Implemeted a Stub Installer
Added Override Codes
Increased stability

Bug Fixes

Resolved an issue with downgrading the agent not properly working
Resolved an issue in the Unified Audit with the Computer Mode for Linux showing the wrong values
Resolved an issue where the Override Code was not bypassing Tamper Protection
Resoved an issue where finishing a Baseline scan does not remove the "Waiting for Baseline" message on the Computers Page
Resolved an issue in which Linux applications were being learned with the incorrect order by number

New list of supported systems:

Oracle Server 7.9: 2.0.0-692_ol_7_9.x86_64.rpm
Red Hat Enterprise Linux Server 7.9: 2.0.0-692_rhel_7.x86_64.rpm
RHEL [8.4, 8.5, 8.6, 8.8, 8.9, 8.10]: 2.0.0-692_rhel_8.x86_64.rpm
RHEL 9: 2.0.0-692_rhel_9.x86_64.rpm
CentOS 8: 2.0.0-692_rhel_8.x86_64.rpm
CentOS 7.9: 2.0.0-692_rhel_7.x86_64.rpm
CentOS 9: 2.0.0-692_rhel_9.x86_64.rpm [5.14.0-565.el9.x86_64]

You need to install this package for all RPM-based systems:
threatlocker_2.0.0-692_modules.rpm

Ubuntu Server 16.04: 2.0.0-692_ubuntu_16_4.x86_64.deb
Ubuntu Server 18.04: 2.0.0-692_ubuntu_18_4.x86_64.deb
Ubuntu Server 20.04: 2.0.0-692_ubuntu_20_4.x86_64.deb
Ubuntu Server 22.04: 2.0.0-692_ubuntu_22_4.x86_64.deb
Ubuntu Server 24.04: 2.0.0-692_ubuntu_24_4.x86_64.deb

You need to install this package for all DEB-based systems:
threatlocker_2.0.0-692_modules.deb

We still removed support for the following kernels due to inaccessible CentOS 8 repositories (temporary):
4.18.0-536.el8.x86_64
4.18.0-544.el8.x86_64
4.18.0-546.el8.x86_64

Known issues:
- it is possible to delete /etc/sudoers.d/threatlocker/ folder if it is empty (it will be re-created on Policy Update automatically, does not affect operations)
- it is possible to delete /var/cache/threatlocker/updates and /var/cache/threatlocker/downloads folders if they are empty (breaks auto-update)
- Some events can delay their appearance on the portal under heavy load

Installation/uninstallation instructions for ThreatLocker Linux Agent v2.0+:
Linux Agent v2.0+ Installing and Uninstalling process

Linux Agent Version 1.4: Beta 3/4/25

New Features

Added support Ubuntu 18.04
Added support Ubuntu 16.04
Added support Centos 7.9
Added support Centos 8
Updated heartbeat check in to call a new endpoint
Implemeted a Stub Installer

Bug Fixes

Downgrading not properly working
Unified Audit - Computer Mode for Linux shows wrong values
Add override capability to antitamper module
Finishing a Baseline does not remove "Waiting for Baseline" message on Computers Page
Build the ability to block specified TCP/UDP Traffic OUTBOUND
Log Network Traffic Inbound and Outbound
Logging Serial Number/Service Tag for Computers
Resolved an issue in which Linux applications were being learned with the incorrect order by number

New list of supported systems:

Oracle Server 7.9 - 1.4.0-569_ol_7_9.x86_64.rpm
Red Hat Enterprise Linux Server 7.9 - 1.4.0-569_rhel_7.x86_64.rpm
RHEL 8.9 - 1.4.0-569_rhel_8.x86_64.rp
RHEL 8.10 - 1.4.0-569_rhel_8.x86_64.rpm
RHEL 9 - 1.4.0-569_rhel_9.x86_64.rpm
Centos 8 - 1.4.0-569_rhel_8.x86_64.rpm
Centos 7.9 - 1.4.0-569_rhel_7.x86_64.rpm

You need to install this package for all RPM based systems:
threatlocker_1.4.0-569_modules.rpm

You need to install both the threatlocker rpm and the module at the same time.

Example: sudo dnf install ./1.4.0-583_rhel_8.x86_64.rpm ./threatlocker_1.4.0-583_modules.rpm

Ubuntu Server 16.04 - 1.4.0-569_ubuntu_16_4.x86_64.deb
Ubuntu Server 18.04 - 1.4.0-569_ubuntu_18_4.x86_64.deb
Ubuntu Server 20.04 - 1.4.0-569_ubuntu_20_4.x86_64.deb
Ubuntu Server 22.04 - 1.4.0-569_ubuntu_22_4.x86_64.deb
Ubuntu Server 24.04 - 1.4.0-569_ubuntu_24_4.x86_64.deb

You need to install this package for all DEB based systems:
threatlocker_1.4.0-569_modules.deb

Example: sudo apt install ./1.4.0-583_ubuntu_24_4.x86_64.deb ./threatlocker_1.4.0-583_modules.deb

You need to install both the threatlocker deb and the module at the same time.

Linux Agent Version 1.3: Beta 3/4/25

New Features

Added an Ubuntu Server 20.04 Agent
Added an RHEL 8.9, 8.10 Agent
Added support for Built-In Applications
Added logging of inbound and outbound network traffic
Made improvements to the baselining process
We build and install our kernel modules on all systems including 5.0+ kernels. So now you need to install both packages on any supported system.
(For example, Ubuntu 24.04 require to install both [1.3.0-495_ubuntu_24_4.x86_64.deb, threatlocker_1.3.0-495_modules.deb])
Added Override Codes

Bug Fixes

Resolved an issue in which Applications were not learned until after the baseline was scanned
Resolved an issue in which ThreatLocker modules were not installed on kernel update
Resolved an issue in which snap applications for Linux do not fully capture in Learning Mode unless a baseline scan is run
Resolved an issue with override capability to antitamper module
Resolved an issue in which downgrading was not properly working

New list of supported systems:

Oracle Server 7.9 - 1.3.0-495_ol_7_9.x86_64.rpm
Red Hat Enterprise Linux Server 7.9 - 1.3.0-495_rhel_7.x86_64.rpm
RHEL 8.9 - 1.3.0-495_rhel_8.x86_64.rp
RHEL 8.10 - 1.3.0-495_rhel_8.x86_64.rpm
RHEL 9 - 1.3.0-495_rhel_9.x86_64.rpm

You need to install this package for all RPM based systems:
threatlocker_1.3.0-495_modules.rpm

Ubuntu Server 20.04 - 1.3.0-495_ubuntu_20_4.x86_64.deb
Ubuntu Server 22.04 - 1.3.0-495_ubuntu_22_4.x86_64.deb
Ubuntu Server 24.04 - 1.3.0-495_ubuntu_24_4.x86_64.deb

You need to install this package for all DEB based systems:
threatlocker_1.3.0-495_modules.deb

Linux Agent Version 1.2.1: Beta 3/4/25

Bug Fixes

Resolved an issue in which downgrading was not properly working

Linux Agent Version 1.2: Live 10/18/24

New Features

Added support for Policy statuses
Added the ability to use Installation mode
Added visibility of the Created By Process on Execute logs, and support to use the Created By Process in custom rules
Added the ability to trigger a baseline scan from the portal
Added logic to pull down Policies and Application definitions before the baseline scan begins

Bug Fixes

Resolved an issue in which Applications were not learned until after the baseline was scanned

Linux Agent Version 1.2: Beta 09/25/24

New Features

Added support for Policy statuses
Added the ability to use Installation mode
Added visibility of the Created By Process on Execute logs, and support to use the Created By Process in custom rules
Added the ability to trigger a baseline scan from the portal
Added logic to pull down Policies and Application definitions before the baseline scan begins

Bug Fixes

Resolved an issue in which Applications were not learned until after the baseline was scanned

Linux Agent Version 1.1: Live 09/11/24

New Features

Added Linux support for Heatbeat Check in and Full Check in

Bug Fixes

Resolved an issue in which storage device serial numbers were not displaying correctly in the Unified Audit from a Linux machine
Resolved an issue in which the Process Path in the Unified Audit was not reflecting the exact path of a file executed on Linux

Linux Agent Version 1.1: Beta 09/09/24

New Features

Added Linux support for Heatbeat Check in and Full Check in

Bug Fixes

Resolved an issue in which storage device serial numbers were not displaying correctly in the Unified Audit from a Linux machine
Resolved an issue in which the Process Path in the Unified Audit was not reflecting the exact path of a file executed on Linux

Linux Agent Version 1.0.5.272: Live 9/9/24

New Features

Install and uninstall instructions found here: https://threatlocker.kb.help/installing-and-uninstalling-the-threatlocker-linux-agent/
Added the ability to specify an API URL into the installer file
Added the ability to block and unblock files
Added Tamper Protection
Added support for Ubuntu Server 22.04.4 LTS (Jammy Jellyfish) and Red Hat Enterprise Linux 9.4 (Plow)
Added the ability to request an application/file
Added support for enabling/disabling products

Bugs and Fixes

Resolved an issue in which user permission was denied on newly created Permit policies
Resolved an issue in which the agent was ignoring Application Definition updates
Resolved an issue in which installation failed due to lack of synchronization
Resolved an issue in which the Linux agent was terminated on reboot if the machine lost internet access
Resolved an issue in which actions that were performed with the same file by different users were only logging for the first user
Resolved an issue in which multiple policies referring to the same binary were leading to a permanent binary lock
Resolved an issue in which unexpected policies were generated for some applications
Resolved an issue in which Sudo was not being impacted by Default - Deny
Resolved an issue in which the Policy Name and Policy ID were not being displayed in the Unified Audit

Linux Agent Version 1.0.5.272: Beta (8/29/2024)

New Features

Install and uninstall instructions found here: https://threatlocker.kb.help/installing-and-uninstalling-the-threatlocker-linux-agent/
Added the ability to specify an API URL into the installer file
Added the ability to block and unblock files
Added Tamper Protection
Added support for Ubuntu Server 22.04.4 LTS (Jammy Jellyfish) and Red Hat Enterprise Linux 9.4 (Plow)
Added the ability to request an application/file
Added support for enabling/disabling products

Bugs and Fixes

Resolved an issue in which user permission was denied on newly created Permit policies
Resolved an issue in which the agent was ignoring Application Definition updates
Resolved an issue in which installation failed due to lack of synchronization
Resolved an issue in which the Linux agent was terminated on reboot if the machine lost internet access
Resolved an issue in which actions that were performed with the same file by different users were only logging for the first user
Resolved an issue in which multiple policies referring to the same binary were leading to a permanent binary lock
Resolved an issue in which unexpected policies were generated for some applications
Resolved an issue in which Sudo was not being impacted by Default - Deny
Resolved an issue in which the Policy Name and Policy ID were not being displayed in the Unified Audit