Note: Reminder to run Learning Mode after installation prior to securing endpoints for the minimum recommendation of 5-7 days.

 Latest Version 1.1

Version 1.1

3/22/2023

Known Limitation: Endpoints must be placed into Learning Mode during any updates to software. We are currently in the process of addressing the limitation and should have a solution shortly. 

Bugs and Fixes

• Resolved an issue with process caching resulting in duplicate logging 

Improvements

• Improved baseline scanner detection of executables 

Version 1.0

2/9/2023

Bugs and Fixes

• Removed the Excluded Processes options section from the Computer Groups page  
• Removed the "Attach a copy of the file with the request" feature from the Request Popup  
• Solved an issue where some requests would fail to open 
• Solved an issue where policy versions would not update during automatic downloads  
• Solved an issue where the MAC agent would not upgrade or downgrade  
• Solved an issue where maintenance modes were not being stored during reboot 
• Solved an issue in which the MAC Agent would crash when saving to the database   
• Solved an issue in which a machine with a maintenance mode set in the future would incorrectly appear as unsecured

New Features

• Added MAC uninstaller  
• Added "Apple Fabric" as interface to storage policies  

Improvements

• Improved the reporting and downloading mechanisms around MAC check-ins with policy numbers and approvals   

1/31/2023

Known Bugs

• ThreatLocker Tray - No popup for Maintenance Modes
• Default Deny and Storage Control products are enabled by default and cannot be disabled

Bugs and Fixes

• Application Control - Resolved an issue preventing the ability to set a policy for a specific interface
• Application Contiol - Resolved an issue where the Default Deny policy was not created by default 
• Storage Control - Resolved an issue preventing the ability to use Apple’s storage interface in policy
• Resolved an issue requiring policy deployment to approve via Approval Request
• Resolved an issue where .pkg files were not treated as executables and were not able to be blocked using Default Deny
• Resolved an issue where request Notifications relied on Apple's Notification Center and were not instant on a block
• Resolved an issue where the blocked items in the ThreatLocker Tray didn't show in the correct order
• Resolved an issue where processes did not work when used in Custom rules

1/9/2023

Known Bugs

• .pkg files are not treated as executables and are not able to be blocked using Default Deny
• Request Notifications rely on Apple's Notification Center and are not instant on a block
• Blocked items in the Tray don't show in the correct order
• Unable to set an Application Policy for a specified Interface
• Apple's storage interface cannot be used in Storage Policies
• Default Deny Policy isn't created automatically
• Approval Requests don't automatically trigger a Policy Download, and Policy Deploy is required
• Processes do not work when used in Custom rules
• Default Deny and Storage Control products are Enabled by default and cannot be Disabled
• Users don't receive a popup for active Maintenance Modes and can't end them from the Mac

New Features

• Mac Agent will install into the specified group and Check In to the Portal every minute
• The application and file actions are uploaded to the Portal every minute
• Upon Installation, a Baseline will run on the Mac, logging all files into the Unified Audit
• Learning Automatic <Group> and Learning Automatic <Computer> will create Policies based on the Baseline, and Simulated Denies (Green Denies) for the Default Deny Policy (e.g. Default - MAC)
• Application Definitions can be created using hashes and custom rules
• Tamper Protection Disabled, Learning, Installation, and Monitor Maintenance Modes are supported
• Full auditing of the read, write, move, and delete of files on external devices and specified local drive folders
• Ability to deny access to storage locations based on interface type or specified paths
• Supports authentication using Authorization Hosts on a Windows device using NAC
• Updates the IP address for NAC objects used by a Windows device
• Tamper Protection is on by default and prevents users from disabling or removing ThreatLocker

1/4/2023

Known Bugs

• Approving via Approval Request requires policy deployment
• Unable to disable products 
• Application Control - Unable to set policy for specific interface
• Application Control - Default Deny policy is not created by default
• Storage Control - Unable to use Apple's storage interface in policy
• ThreatLocker Tray - No popup for Maintenance Modes

New Features

• Baselining applications during ThreatLocker installation
• Automatic Learning to Computer and Groups
• Permitting applications by Hash as well as Custom Rules when attached to a policy
• Application Control Default Deny Policy at the bottom of the policy hierarchy to secure machines and only permit what is explicitly allowed
• Supports Learning Mode, Installation Mode, and Monitor Only
• Storage Control supports auditing of external storage, custom paths, and specified local folders
• Monitor and denying on storage for all external storage as well as specified local folders
• Network Access Controls (NAC) supports Authorization Hosts as well as updating IPs for objects
• Tamper Protection to stop unauthorized users from disabling ThreatLocker