Company logoHelp Center
Visit www.threatlocker.com

Windows Agent Version 11.x Release Notes

4 min. readlast update: 04.06.2026

11.0.5 | 11.0.6 | 11.0.7 

Version 11.0.7

Beta: 04/06/2026 

New Features and Improvements

  • Added support for a new "Effective Action" condition in Endpoint Detect policy creation
  • Added new DAC checks in the Windows Agent to verify RMM tools are set to 'Delayed Start' and to detect files installed by RMM tools
  • Added a new DAC check in Windows Agent to identify and report over-permissive file access exceptions
  • Added the ability for the agent to identify and store whether a device's IP address is static or dynamic during heartbeat/check-in
  • Added support for Ringfencing RDP Client connections to only trusted hosts
  • Implemented improved network connection handling in the Tray to automatically select the fastest available IP protocol (IPv4 or IPv6)
  • Improved CPU efficiency in Windows Agent by optimizing certificate processing to reduce unnecessary background activity
  • Updated the Windows Agent to ensure event log messages are now considered when generating alerts

Bug Fixes

  • Resolved an issue where FileInstall.db and FileInformation.db were not updating as expected
  • Resolved an issue  where the Domain Name Parsing option was not functioning as expected
  • Improved cleanup logic for the matched application table in Detect.db to remove outdated entries
  • Improved performance by reducing file database input/output operations through enhanced caching
  • Resolved an issue causing excessive RAM usage by optimizing thread management and error handling
  • Resolved an issue where tray pop-ups were incorrectly delivered to only the most recently logged-in user during remote sessions
  • Resolved an issue where AD group restrictions could fail after offline logins
  • Resolved an issue where the Tray notification incorrectly hyperlinked entire messages
  • Resolved an issue in which Detect policies monitoring registry key changes did not trigger alerts as expected

Version 11.0.6

Beta: 04/02/2026

New Features and Improvements

  • Unified Audit will show the Broker Server used by any SASE or Device-to-Device connections
  • Unified Audit will show Parent Process Name/Path for any Network operations
  • DNS resolutions will be made for DNS requests made over TCP in addition to UDP
  • Additional refinements made to DNS request resolutions made over Https (DoH)
  • Changed DAC test 169 RDP Client Ringfenced to use new Secure Network processor to evaluate test conditions
  • Changed resolver for DNS over UDP to only cache successful IPv4 results

Bug Fixes

  • Resolved issue with Secure Network assets (Policies, Memberships, Keys, Device Infos), they should be downloaded without needing an additional service restart after upgrading service to a version that uses Features instead of Products
  • Resolved issue with USB vendor name match in Storage Control

Version 11.0.5

Beta: 04/01/2026

New Features and Improvements

  • Added a new Agent Action to update the feature list
  • Added support for detecting and uploading memory dump files from C:\Windows\Minidump 
  • Added support for a new registration process with pending, approved, and rejected states to enhance device onboarding
  • Added support for an upcoming feature that will identify devices on the network that do not have ThreatLocker installed
  • Tamper Protection has been extended to include .config and .runTimeConfig.json files for Broker and Updater components
  • Updated the Windows Agent to ensure event log messages are now considered when generating alerts
  • The Windows Agent now supports a feature-based billing model
  • Added a check in the Windows Agent to identify and store whether a device's IP address is static or dynamic during heartbeat/check-in

Bug Fixes

  • Improved CPU efficiency by optimizing certificate processing to reduce unnecessary background activity
  • Resolved an issue causing excessive RAM usage by optimizing thread management and error handling
  • Resolved an issue in the Tray component where notification hyperlinks were not displaying correctly
  • Resolved an issue where scheduled patch alerts were not triggering at the scheduled time
  • Fixed an issue where the VDI Agent was not receiving Restart Agent actions during Full Check-in
  • Reduced unnecessary DotNET Tamper Protection logging by excluding registry locations not used by .NET Framework 4.5.1 and above
  • Resolved an issue in which Detect policies monitoring registry key changes did not trigger alerts as expected
  • Resolved an issue in which the Configuration Manager policy for Schedule Secure Free Space Delete was not correctly creating the task in Task Scheduler
Was this article helpful?