Note: Reminder to run Learning Mode after installation before securing endpoints for the minimum recommendation of 5-7 days.
Important: Use the link below to download the ThreatLocker MDM profiles required for Version 11 and above.
https://static.threatlocker.com/deployment/A/ThreatLocker+MDM+Profiles+v3.zip
From the downloaded file, extract the four .mobileconfig files:
- ThreatLocker Configuration (v3).mobileconfig - Configures core security permissions for ThreatLocker's core agent. It includes the core agent's System Extension, Full Disk Access, and Notifications. These enable ThreatLocker's Application, Ringfencing, Elevation, Storage, and other security policies.
- ThreatLocker Startup & Lock (v3).mobileconfig - Configures macOS Managed Login Items to enable auto starting and auto restarting of the ThreatLocker Agent. Additionally it prevents removal of ThreatLocker's System Extension and Network System Extension.
- ThreatLocker Network Core (v3).mobileconfig - Configures ThreatLocker's Network Filter (labeled 'Content Filter' by macOS) in firewall mode. This enables agent enforcement of network based ThreatLocker Ringfencing and ThreatLocker Zero Trust Endpoint Firewall policies.
- ThreatLocker Network ZTNA + ZTCA (v3).mobileconfig - Configures specific ThreatLocker Network Filters (Transparent Proxy & DNS Proxy). It includes configuration for the Secure Network Agent's System Extension and its Full Disk Access. These enable ThreatLocker's brokered ZTNA and ZTCA policies.
Version 11.0.1
Live: 07/01/2026
Beta: 06/18/2026
New Features and Improvements
- The macOS Agent has been updated to include support for custom SaaS application tags
- Made improvements to exclude Defender from Ringfencing policies and policies with "Kill Running Processes" enabled
Bug Fixes
- Resolved a communication issue between the Mac Agent and ThreatLocker application that caused incorrect status reporting
- Resolved an issue where the Mac Agent would intermittently lose connection to the secure network following a network change
- Resolved an issue on macOS where applications installed from the App Store could execute once without a policy or approval
- Resolved an issue where the DNS Proxy on macOS would stop functioning after using the Fast User Switching feature
- Resolved an issue where the DNS Proxy on macOS would stop functioning after using the Fast User Switching feature
Version 11.0
4/3/2026 - Beta
6/24/2026 - Live
New Features and Improvements
- Improved Tamper Protection to prevent unauthorized deletion of ThreatLocker files and logs by administrators
- Expanded Tamper Protection coverage to better preserve audit and forensic data.
- Strengthened protection against attempts to stop or interfere with ThreatLocker services and system extensions
- Restricted access to installation logs to authorized system users only
- Added automatic cleanup of installation logs after successful installation
- Enhanced runtime security protections for authentication components to improve resistance against tampering and unauthorized code injection
- The agent now enables DAC by default, with the option to disable it available through Advanced Settings
- Added support for Secure Network Policies and network configuration management
- Added new registration flow to the agent, supporting pending, approved, and rejected registration states for improved device onboarding
- Introduced support for a feature-centric billing model, enabling more granular purchasing and improved policy management
- Added a hierarchical view option to the Realtime Unified Audit, allowing users to toggle between regular and hierarchical table views with improved sorting and filtering
- Added Device Discovery feature, enabling network scanning for unprotected devices and open ports
- Updated the Mac Agent to improve how Network Activity monitoring is triggered
- Added tooltips to the Blocked Items List and Realtime Unified Audit buttons for improved user guidance
- Added a disk space monitoring feature to the Mac Agent to alert when free space is low
- Added support for configuring multiple broker servers per ZTNA and SaaS policy
- Improved performance by optimizing DNS resolution processing
- Improved Secure Network Web Control on Mac to ensure manually entered domains in policies are correctly matched and applied
- Improved ZTCA performance on Mac Agents by implementing latency testing to automatically route traffic through the most optimal server
- Improved the reliability of the Mac Agent's Secure Network Broker to ensure connection persistence and automatic recovery following network interruptions or server-side connection timeouts
- Improved the performance of the Mac Agent by optimizing policy loading at startup, significantly reducing the time for the Secure Network extension to apply security rules
- Updated agent log submission to a new logging endpoint and ensured logs include the correct Mac source type identifier for improved log routing and consistency
- Added advanced settings to allow disabling Elevation Control and Local Admin Management features per machine or group in the Mac Agent
- Improved the Mac Agent Secure Network extension’s resilience by ensuring it can automatically re-establish communication with the ThreatLocker application after an internal connection failure
- Improved the Mac Agent's ability to correctly identify and match domain-based tags within Zero Trust Network Access (ZTNA) policies
Bug Fixes
- Removed developer-specific path information from distributed components
- Resolved an issue where the agent would prompt for admin credentials by attempting to uninstall the Secure Network Extension even when the feature was not enabled
- Resolved an issue where scheduled policies on Mac endpoints were not applying the correct date and time, ensuring policy timing now works as expected in the Mac Agent
- Resolved an issue where the Secure Network Extension on macOS failed to update automatically alongside the ThreatLocker agent
- The agent now includes its version information in Unified Audit logs and PortalAPI responses
- Updated the agent to skip processing directed broadcast network traffic, aligning its behavior with the Windows agent
- Resolved an issue where newly created standard users could not use sudo; now, user creation and deletion events on macOS 14+ properly update the sudoers file
- Resolved an issue where you were not able to connect to SMB share with Secure Network
- Resolved issue where agent logs showed 'cannot download memberships for organization' error until first agent restart
- Resolved issue where Secure Network could become broken because of memory allocation errors for DNS flows
- Resolved an issue where error messages appeared during initial installation if the Secure Network feature was enabled
- Resolved an issue where the Secure Network extension could lose DNS Proxy, Transparent Proxy access, and communication with the ThreatLocker application
- Resolved an issue where excessive network logs were generated for Secure Network events
- Updated the agent to allow uninstallation when device registration is rejected
- Resolved an issue where users could not request access to blocked websites when "Allow User to Request" was enabled in Secure Network policies
- Resolved an issue where the tray icon on macOS devices would remain visible after being configured to be hidden in the group settings
- Resolved an issue where tags database journaling would not stop, by updating tag handling to use UUIDs for improved reliability
- Resolved an issue where the Secure Network Extension on macOS failed to update automatically alongside the ThreatLocker agent
- Resolved an issue in Mac Agent 11.0 where Secure Network Full Disk Access status was incorrectly shown as denied, ensuring accurate permissions display and improved user experience
- Resolved an issue where the Secure Network extension could stop working and display "Cannot Allocate Memory" errors due to connection leaks; improvements now ensure proper connection handling and stability
- Resolved an issue in Mac Agent 11.0 where multiple Baseline Scanner processes could run simultaneously after installation
Version 11.0.1
6/18/2026 - Beta
New Features and Improvements
- The macOS Agent has been updated to include support for custom SaaS application tags, allowing for more granular policy control and identification of web-based applications
- Improved exclusion logic on macOS to ensure the agent correctly honors exclusions for security products, preventing unnecessary interactions during Ringfencing or process termination events
Bug Fixes
- Resolved a communication issue between the Mac Agent and ThreatLocker application that caused incorrect status reporting, and updated the status interface to more accurately reflect connection states
- Resolved an issue where the Mac Agent would intermittently lose connection to the secure network for an extended period following a network change
- Resolved an issue on macOS where applications installed from the App Store could execute once without a policy or approval
- Resolved an issue on Mac agents where hostnames were incorrectly identified as domains in Web Control
- Resolved an issue in which the Secure Network System Extension was unable to communicate after updating
- Resolved an issue where the DNS Proxy on macOS would stop functioning after using the Fast User Switching feature
Help Center