Windows Agent 8.2 Release Notes

6 min. readlast update: 11.27.2023
Known Issue: Simulated Denies Not Showing When Network Control is Enabled Without Policies | ThreatLocker Help Center ( 
Known Issue: Powershell Will Not Open When the Option MonitorPowerShell is Enabled | ThreatLocker Help Center ( 
Released to Open Beta on 9/19/2023
Released Live on 10/16/2023

Version 8.2

Updated 11/27/2023

New Features

  • Added %%actiontype%% as new parameter for post request URL
  • Added %%username%% as a parameter for post redirect 
  • Added Policy Name to the Blocked Items grid  
  • In the Elevation module, administrators are now able to customize and limit permissions to specific settings - Changes to Elevation in ThreatLocker Version 8.2
  • New Configuration Manager module is now available  
  • ThreatLocker now includes Isolate, Lockout, and Screen Lock options, which can be found on the Computer's Page
  • Added Tray notification messaging for the Isolate/Un-isolate feature  
  • has been added to Configuration Manager's social media controls  
  • Lemon8 has been added to Configuration Manager's social media controls 
  • Added a feature to recover core.db if it is reporting as malformed  
  • Added Network Control to the Override feature   


  • Improved logging for the Network Challenge feature 
  • Improved the real-time audit logs to show in the time zone of the machine 
  • Requester email is now included in the UAC prompt for Elevation and Approval Requests
  • In order to avoid unintended blocks, any policy with both .exe and .dll will run the .exe first and incorporate the .dll after executing 
  • Improvements to the Approve Applications process, including identification of a matching application to happen inside the virtual testing environment 
  • Improved the processing of UDP traffic 
  • Improvements to Isolation Mode in Configuration Manager, including blocking TCP & UDP traffic 
  • Improved internal logging of events related to temp files, delete actions, sleep/hibernation behaviors, and more  
  • The Stub Installer is now integrated into the MSI Installer 
  • Improvements made to new applications and the amount of logging in the Unified Audit 
  • Improved the Windows Service and Driver features to harden the process of service downgrading, stopping/starting of the service and driver, and Tamper Protection 
  • Reinstated Green Denies on Network Control in the Unified Audit when no policies exist but the Module is enabled 
  • Improved error messaging around Chromium Extensions which return an empty string 
  • SHA256 captures will now be enabled by default and users will have the ability to disable this feature under the Organization Options 
  • Added a Kill Running Process option to ThreatLocker Ops 
  • Improved Threatlocker Ops by adding canary files 
  • Elevation buttons have been changed to look more prominent 
  • Configuration Manager now has a policy to block Developer Mode in MS Edge Chromium and Google Chrome 
  • Improved the handling of temporary files to reduce data set kept in memory cache 
  • Windows machines will now display the major and minor version in the Portal 
  • Improved the cache of items in the Unified Audit to reduce noise. This will not affect Denies. All denies will log. 
  • Updates and improvements to the UAC prompt 
  • Updates to Configuration manger including the Set Screen Saver policy and how it logs in the Unified Audit 
  • Added Tray notification messaging for the Isolate/Un-isolate feature 
  • Added functionality to disable the notification that users see when programs install or update 
  • Improved the speed of cert.db download speed 
  • Improved the way hostname is populated to show more than 15 characters 
  • Reduced minimum monitored file size from 16 bytes to 4 bytes 

Bugs and Fixes

  • Resolved an issue with Excluded Processes and they will now exclude Install action types 
  • Resolved an issue using wildcards (*) in Storage Control Policies in the "What program does this apply to?" field 
  • Resolved an issue with Network Control that was causing intermittent incorrect denies 
  • Resolved an issue with RAID drives and ringfencing
  • Resolved an issue with baselining that caused high CPU usage 
  • Resolved an issue with MSI files trying to elevate 
  • Resolved an issue with thumb drives and logging of encryption status 
  • Improved file logging in the Unified Audit to only record Reads and Writes, either in Permit or Deny policies, for .exe and .dll files, reducing white noise and unintentional blocks 
  • Resolved an issue with Network Control and deleted Authorization Hosts 
  • Resolved an issue identified in 7.10 where some Chromium extensions would not read as executable 
  • Resolved an issue where some extensions were not being blocked in Chrome 
  • Resolved an issue from 7.10.2 and 8.0 with svchost.exe and hash showing incorrectly on installs 
  • Resolved an issue for Legacy ThridWall users which affected the excessive failed logon events policy 
  • Resolved an issue with \\localhost\c$\*\ related to storage devices and excessive logging 
  • Resolved an issue from 7.6.1 where the tray notification would not populate at the correct time 
  • Resolved an issue where a user was getting BSOD when connecting to a home network 
  • Resolved an issue with Chrome extensions not being blocked as required 
  • Resolved an issue with Network Control not caching as expected and then sometimes failing the Challenge
  • Resolved an issue with Chromium Extensions that were being denied via storage policies 
  • Resolved an issue where FortiNet VPN allowed RDP connections with Network Control RDP deny policies in place 
  • Resolved an issue with Elevation that gave incorrect permissions based on the ThreatLocker Consent setting
  •  Resolved an issue with storage policies when multiple policies use different drives 
  • Resolved an issue related to capturing core files from all drives, which caused some core files to be blocked 
  • Resolved an issue that would block a new USB request if there is already a pending, different, USB request in the system 
  • Resolved an issue that was allowing non-permitted files to execute from the C:\Windows\Assembly folder 
  • Resolved an issue that allowed files to be renamed even though they were protected by Tamper Protection 
  • Resolved an issue with Ringfencing failing to block Reads/Writes as expected 
  • Resolved an issue which caused the Tray to crash for users on .NET 4.8+ 
  • Resolved an issue with Tamper Protection Deny logs which caused excessive logging 
  • Resolved an issue with proxy and service loss 
  • Resolved an issue that allowed Ringfencing to process when only Default Deny was selected 
  • Resolved an intermittent issue found on Windows 10 where certain files were being logged as execute even though they were not .exe files 
  • Resolved an issue with system stress caused by installations 
  • Resolved an issue where the SHA256 was captured but not showing in the Unified Audit 
  • Resolved an issue with Network Control and error messages populating incorrectly 
  • Resolved an issue with Configuration Manager and the Set Password Protected Screen Saver enable/disable feature 
  • Resolved an issue with UDP Multicast IPs and now they are no longer be blocked and/or logged 
  • Resolved an issue with the capture of UDP traffic if a registry value was set 
  • Resolved an issue where any binaries run by rundll32 will be blocked by ThreatLocker as a normal user 
  • Resolved an issue with the Created By Process and custom rules 
  • Resolved an issue with Network Control and unnecessary logging of ThreatLocker domains 

Was this article helpful?