Help CenterNote: Reminder to run Learning Mode after installation before securing endpoints for the minimum recommendation of 5-7 days.
Version 11.0
4/3/2026 - Beta
New Features and Improvements
- Improved Tamper Protection to prevent unauthorized deletion of ThreatLocker files and logs by administrators
- Expanded Tamper Protection coverage to better preserve audit and forensic data.
- Strengthened protection against attempts to stop or interfere with ThreatLocker services and system extensions
- Restricted access to installation logs to authorized system users only
- Added automatic cleanup of installation logs after successful installation
- Enhanced runtime security protections for authentication components to improve resistance against tampering and unauthorized code injection
- The agent now enables DAC by default, with the option to disable it available through Advanced Settings
- Added support for Secure Network Policies and network configuration management
- Added new registration flow to the agent, supporting pending, approved, and rejected registration states for improved device onboarding
- Introduced support for a feature-centric billing model, enabling more granular purchasing and improved policy management
- Added a hierarchical view option to the Realtime Unified Audit, allowing users to toggle between regular and hierarchical table views with improved sorting and filtering
- Added Device Discovery feature, enabling network scanning for unprotected devices and open ports
- Updated the Mac Agent to improve how Network Activity monitoring is triggered
- Added tooltips to the Blocked Items List and Realtime Unified Audit buttons for improved user guidance
- Added a disk space monitoring feature to the Mac Agent to alert when free space is low
- Added support for configuring multiple broker servers per ZTNA and SaaS policy
- Improved performance by optimizing DNS resolution processing
- Improved Secure Network Web Control on Mac to ensure manually entered domains in policies are correctly matched and applied
- Improved ZTCA performance on Mac Agents by implementing latency testing to automatically route traffic through the most optimal server
- Improved the reliability of the Mac Agent's Secure Network Broker to ensure connection persistence and automatic recovery following network interruptions or server-side connection timeouts
Bug Fixes
- Removed developer-specific path information from distributed components
- Resolved an issue where the agent would prompt for admin credentials by attempting to uninstall the Secure Network Extension even when the feature was not enabled
- Resolved an issue where scheduled policies on Mac endpoints were not applying the correct date and time, ensuring policy timing now works as expected in the Mac Agent
- Resolved an issue where the Secure Network Extension on macOS failed to update automatically alongside the ThreatLocker agent
- The agent now includes its version information in Unified Audit logs and PortalAPI responses
- Updated the agent to skip processing directed broadcast network traffic, aligning its behavior with the Windows agent
- Resolved an issue where newly created standard users could not use sudo; now, user creation and deletion events on macOS 14+ properly update the sudoers file
- Resolved an issue where you were not able to connect to SMB share with Secure Network
- Resolved issue where agent logs showed 'cannot download memberships for organization' error until first agent restart
- Resolved issue where Secure Network could become broken because of memory allocation errors for DNS flows
- Resolved an issue where error messages appeared during initial installation if the Secure Network feature was enabled
- Resolved an issue where the Secure Network extension could lose DNS Proxy, Transparent Proxy access, and communication with the ThreatLocker application
- Resolved an issue where excessive network logs were generated for Secure Network events
- Updated the agent to allow uninstallation when device registration is rejected