MAC Agent Release Notes
Note: Reminder to run Learning Mode after installation prior to securing endpoints for the minimum recommendation of 5-7 days.
Latest Version 1.1
Version 1.1
3/22/2023
Known Limitation: Endpoints must be placed into Learning Mode during any updates to software. We are currently in the process of addressing the limitation and should have a solution shortly.
Bugs and Fixes
- Resolved an issue with process caching resulting in duplicate logging
Improvements
- Improved baseline scanner detection of executables
Version 1.0
2/9/2023
Bugs and Fixes
- Removed the Excluded Processes options section from the Computer Groups page
- Removed the "Attach a copy of the file with the request" feature from the Request Popup
- Solved an issue where some requests would fail to open
- Solved an issue where policy versions would not update during automatic downloads
- Solved an issue where the MAC agent would not upgrade or downgrade
- Solved an issue where maintenance modes were not being stored during reboot
- Solved an issue in which the MAC Agent would crash when saving to the database
- Solved an issue in which a machine with a maintenance mode set in the future would incorrectly appear as unsecured
New Features
- Added MAC uninstaller
- Added "Apple Fabric" as interface to storage policies
Improvements
- Improved the reporting and downloading mechanisms around MAC check-ins with policy numbers and approvalsÂ
1/31/2023
Known Bugs
- ThreatLocker Tray - No popup for Maintenance Modes
- Default Deny and Storage Control products are enabled by default and cannot be disabled
Bugs and Fixes
- Application Control - Resolved an issue preventing the ability to set a policy for a specific interface
- Application Contiol - Resolved an issue where the Default Deny policy was not created by default
- Storage Control - Resolved an issue preventing the ability to use Apple’s storage interface in policy
- Resolved an issue requiring policy deployment to approve via Approval Request
- Resolved an issue where .pkg files were not treated as executables and were not able to be blocked using Default Deny
- Resolved an issue where request Notifications relied on Apple's Notification Center and were not instant on a block
- Resolved an issue where the blocked items in the ThreatLocker Tray didn't show in the correct order
- Resolved an issue where processes did not work when used in Custom rules
1/9/2023
Known Bugs
- .pkg files are not treated as executables and are not able to be blocked using Default Deny
- Request Notifications rely on Apple's Notification Center and are not instant on a block
- Blocked items in the Tray don't show in the correct order
- Unable to set an Application Policy for a specified Interface
- Apple's storage interface cannot be used in Storage Policies
- Default Deny Policy isn't created automatically
- Approval Requests don't automatically trigger a Policy Download, and Policy Deploy is required
- Processes do not work when used in Custom rules
- Default Deny and Storage Control products are Enabled by default and cannot be Disabled
- Users don't receive a popup for active Maintenance Modes and can't end them from the Mac
New Features
- Mac Agent will install into the specified group and Check In to the Portal every minute
- The application and file actions are uploaded to the Portal every minute
- Upon Installation, a Baseline will run on the Mac, logging all files into the Unified Audit
- Learning Automatic <Group> and Learning Automatic <Computer> will create Policies based on the Baseline, and Simulated Denies (Green Denies) for the Default Deny Policy (e.g. Default - MAC)
- Application Definitions can be created using hashes and custom rules
- Tamper Protection Disabled, Learning, Installation, and Monitor Maintenance Modes are supported
- Full auditing of the read, write, move, and delete of files on external devices and specified local drive folders
- Ability to deny access to storage locations based on interface type or specified paths
- Supports authentication using Authorization Hosts on a Windows device using NAC
- Updates the IP address for NAC objects used by a Windows device
- Tamper Protection is on by default and prevents users from disabling or removing ThreatLocker
1/4/2023
Known Bugs
- Approving via Approval Request requires policy deployment
- Unable to disable products
- Application Control - Unable to set policy for specific interface
- Application Control - Default Deny policy is not created by default
- Storage Control - Unable to use Apple's storage interface in policy
- ThreatLocker Tray - No popup for Maintenance Modes
New Features
- Baselining applications during ThreatLocker installation
- Automatic Learning to Computer and Groups
- Permitting applications by Hash as well as Custom Rules when attached to a policy
- Application Control Default Deny Policy at the bottom of the policy hierarchy to secure machines and only permit what is explicitly allowed
- Supports Learning Mode, Installation Mode, and Monitor Only
- Storage Control supports auditing of external storage, custom paths, and specified local folders
- Monitor and denying on storage for all external storage as well as specified local folders
- Network Access Controls (NAC) supports Authorization Hosts as well as updating IPs for objects
- Tamper Protection to stop unauthorized users from disabling ThreatLocker
Did this answer your question?
Thanks so much for your feedback!
%s of people found this helpful.