Linux Agent
Officially Supported Versions
- Ubuntu Server 22.04.4 LTS (Jammy Jellyfish)
- Red Hat Enterprise Linux 9.4 (Plow) (May work on Rocky Linux 9.4 as well)
Known Limitations
- Files downloaded from the ThreatLocker portal will need to be renamed before installing
-
File names as downloaded from the portal:
-
Ubuntu - ThreatLocker-xxxxxxxxxxxxxxxxxxxx.deb
-
RHEL - ThreatLocker-xxxxxxxxxxxxxxxxxxxxxx.rpm
-
- File names need to be changed to:
- Ubuntu - 1.1.0-297_ubuntu_22_4.x86_64_xxxxxxxxxxxxxxxxxxxxx_c.deb
- RHEL - 1.1.0-297_rhel_9.x86_64_xxxxxxxxxxxxxxxxxxxxxxxx_c.rpm
- Command to rename the file:
- cp /path/to/file /path/to/renamed-file
-
- ThreatLocker Linux Agent is headless (no tray)
- Override Codes are not currently supported
- Storage Control is not currently supported
- Network Control is not currently supported
- ThreatLocker Detect is not currently supported
- Configuration Manager is not currently supported
- Linux core is currently being refined
- Built-ins are currently being refined
- Elevation has not been fully implemented
Linux Agent Version 1.2: Beta 09/25/24
New Features
- Added support for Policy statuses
- Added the ability to use Installation mode
- Added visibility of the Created By Process on Execute logs, and support to use the Created By Process in custom rules
- Added the ability to trigger a baseline scan from the portal
- Added logic to pull down Policies and Application definitions before the baseline scan begins
Bug Fixes
- Resolved an issue in which Applications were not learned until after the baseline was scanned
Linux Agent Version 1.1: Open Beta 09/09/24
New Features
- Added Linux support for Heatbeat Check in and Full Check in
Bug Fixes
- Resolved an issue in which storage device serial numbers were not displaying correctly in the Unified Audit from a Linux machine
- Resolved an issue in which the Process Path in the Unified Audit was not reflecting the exact path of a file executed on Linux
Linux Agent Version 1.0.5.272
Officially Supported Versions
- Ubuntu Server 22.04.4 LTS (Jammy Jellyfish)
- Red Hat Enterprise Linux 9.4 (Plow) (May work on Rocky Linux 9.4 as well)
Known Limitations
- ThreatLocker Linux Agent is headless (no tray)
- Override Codes are not currently supported
- Storage Control is not currently supported
- Network Control is not currently supported
- ThreatLocker Detect is not currently supported
- Configuration Manager is not currently supported
- Linux core is currently being refined
- Built-ins are currently being refined
- Elevation has not been fully implemented
New Features
- Install and uninstall instructions found here: https://threatlocker.kb.help/installing-and-uninstalling-the-threatlocker-linux-agent/
- Added the ability to specify an API URL into the installer file
- Added the ability to block and unblock files
- Added Tamper Protection
- Added support for Ubuntu Server 22.04.4 LTS (Jammy Jellyfish) and Red Hat Enterprise Linux 9.4 (Plow)
- Added the ability to request an application/file
- Added support for enabling/disabling products
Bugs and Fixes
- Resolved an issue in which user permission was denied on newly created Permit policies
- Resolved an issue in which the agent was ignoring Application Definition updates
- Resolved an issue in which installation failed due to lack of synchronization
- Resolved an issue in which the Linux agent was terminated on reboot if the machine lost internet access
- Resolved an issue in which actions that were performed with the same file by different users were only logging for the first user
- Resolved an issue in which multiple policies referring to the same binary were leading to a permanent binary lock
- Resolved an issue in which unexpected policies were generated for some applications
- Resolved an issue in which Sudo was not being impacted by Default - Deny
- Resolved an issue in which the Policy Name and Policy ID were not being displayed in the Unified Audit