MAC Agent Version 2.0 Release Notes | ThreatLocker Help Center

Pushed to the Live portal on 07/11/2023

Pushed to the Beta portal on 07/07/2023

Latest Beta Version: 2.0.0.327

07/07/2023

Resolved an issue with MAC where PKG files did not prompt for Elevation
Resolved an issue from 2.0.0.313 where hashes were logged but not visible
Resolved an issue with MAC high CPU usage during baseline process
Resolved an issue with MAC machines failing to upgrade or downgrade versions successfully
Resolved an issue with the visibility of Elevation credentials and Tamper Protection mode.
Resolved an issue where Tamper Protection was causing MAC machines to freeze
Resolved an issue with custom rules not matching
Resolved an issue with Learning Mode causing real denies rather than simulated ones
Resolved an issue where the Application Name was not visible in the Unified Audit

Improved high CPU usage by requiring a short 5 minute delay prior to starting a new rescan after having already started the rescan baseline sequence
Improved the logging and visibility of SHA256 hashes for MAC

Added Learning Mode (Hash Only) to the MAC
Added three hard-coded process exclusions to the MAC agent to reduce unneeded Unified Audit Logs. BackupD, MDSync, and Bird will continue to run in the background but not be monitored by ThreatLocker
Added the Install action for MACs
Added the ability for the MAC computer groups to turn products on and off

Resolved an issue with machines failing to upgrade or downgrade versions successfully
Resolved an issue where Tamper Protection was causing machines to freeze
Resolved an issue with install events that do not include all needed information (hashes, certificates, etc.)
Resolved an issue where Learning Mode would be affected by loss of internet connection
Resolved an issue which caused users to wait up to 3 seconds to change a system setting after that setting is initially changed
Resolved an issue in the tray where the 'Don’t Show Again' option was malfunctioning due to how information was stored in the database
Resolved an issue that allowed users to run Sudo commands with Elevation
Resolved an issue related to how installed pkg files associate to policies when the policies contain a *(wildcard)
Resolved an issue where some files were reported as executing when Installer.app was only reading the file

Improvements to Network Control, including inbound connections are now being monitored. This can be changed in the products section
Improved and simplifies the uninstall process
Improved the Unified Audit to include and Install Action Type for new or modified executable files

Added the ability to detect installing pkg files from the command line
Added ability to Elevate additional system settings for MacOS 13.0-13.4, including:

Resolved an issue where CPU usage would remain high after a heavy task is performed (for example, XCode build)
Resolved an issue where the tray would crash when the 'Reload' button was clicked quickly and repeatedly

The full path is now displayed in the Blocked Items Window
Improved caching for filesystem and application events for faster response and less CPU usage

Additional Notes

The Elevation improvements that were added for MacOS 13.3 are coming soon to MacOS 13.1 and MacOS 12

Resolved an issue where the uninstall command did not remove /Applications/ThreatLocker.app file when running it as a non-admin user. This process will require a password when trying to remove the file.
Performance improvements
Resolved an issue where approved notifications would show before the Agent had received new policies.

Elevation Control may not support all elevation request types. If you find that elevation shows a password prompt without the ability to request elevation, please document and report to a Cyber Hero.
Silent elevation is not currently supported.