Windows Agent Version 7.x Release Notes

12 min. readlast update: 09.17.2023

Version 7.10.6

4/20/2023

Improvements

  • Improved learning for OCX files
    • Automatic learning of OCX files is now occuring and can be changed via options on the Group level.  

Version 7.10.5

4/6/2023 

Improvements

  • Improved the API Applications download processes  

Version 7.10.4

3/30/2023

New Features

  • New options allow users to create granular policies by identifying certain file extensions as executables

Improvements

  • Improved the API Applications response times

 

Version 7.10.3

3/24/2023

Improvements

  • Improved logging details when registering a new computer 

Version 7.10.2

3/17/2023

Improvments

  • Added the username in the lookup of cached application policies so that ringfencing policies match by username, if specified 

Version 7.10.1

3/14/2023 

Bugs and Fixes

  • Resolved an issue in which Applications with a wildcard in the Created By Process field would show as matching but not follow the policy action.   

Version 7.10

We've extended the amount of files recognized by the ThreatLocker service when Windows flags the file as being executed and the process is PowerShell or rundll. This may lead to an increase in logs and denies on your machines. If you're experiencing issues, please reach out to a Cyber Hero for help.  

3/14/2023

Known Bug: Identified an issue in which Applications with a wildcard in the Created By Process field would show as matching but not follow the policy action. Issue is expected to be resolved in 7.10.1. 

2/23/2023

Bugs and Fixes

  • Resolved an issue with the editing of registry keys 
  • Resolved an issue where baselining would begin prior to policy downloading completing 
  • Resolved an issue with the security in connection to applications running from a WebDav 
  • Resolved an issue with drivers in connection to the WebDav folder and Clio software  
  • Resolved an issue with the status of USB updates during reformatting 
  • Resolved an issue with the “Run Now” popup in the tray 
  • Resolved an issue with the logs and execution of Visual Basic scripts 
  • Resolved an issue with the popup messages for .bat and .cmd files 
  • Resolved an issue with the correct logging of new processes 
  • Resolved an issue where cache times were not allowing for server recognition of workstations 
  • Resolved an issue with incorrect APIURL 
  • Resolved an issue with Unified Audit showing incorrect Effective Action 
  • Resolved an issue with the recreation of Private Keys on service restart 
  • Resolved an issue where the Realtime Unified Audit showed an incorrect Effective Action 
  • Changes startup procedure to mitigate potential duplication of computer entries on install
  • Resolved an issue where certain regex rules were not being processed. 

Improvements

  • Improved the error log to include Service/Driver version 
  • Improved the Unified Audit by adding an option, named LogRegistryPermit, that will log registry permits 

  

Version 7.9

Updated 3/14/2023

We've extended the amount of files recognized by the ThreatLocker service when Windows flags the file as being executed and the process is Window's explorer. This may lead to an increase in logs and denies on your machines. If you're experienceing issues, please reach out to a Cyber Hero for help. 

Bugs and Fixes

  • Resolved an issue with Tamper Protection that prevented users who didn’t run ThreatLocker service as System from getting the service stuck in Tamper Protection Enabled mode. Please note this is against recommendations. The ThreatLocker service is required to run as System.  
  • Resolved an issue where a client had “Task Manager” blocked by ThreatLocker due to unpermitted communication between the user’s server and ThreatLocker 
  • Resolved an issue with CPU spikes related to multi-wildcard use in custom rules and processing files 
  • Resolved an issue with CPU usage where certain processes were generating excessive installs of files that did not have a hash value 
  • Resolved an issue with NULL or “0” hash values. Drivers will no longer process these values and execution values less than 16 bytes will not process. 
  • Resolved an issue in which some MSI files that were trying to elevate were missing information  
  • Resolved an issue where the existing approval request process was not suggesting custom rules appropriately and instead lead to a Service Connection error message 
  • Resolved an issue where a modified active custom rule would not take affect until the service was restarted 
  • Resolved an issue with the tray notifications timing out 
  • Resolved an issue with “[]” not matching and permitting in the Custom Rules process 
  • Resolved an issue stopping the Apps database from downloading new content, including while on Proxy
  • Resolved an issue in which override codes were not set to 'used'
  • Resolved an issue where some ocx files were not being detected during execution

New Features

  • Added a feature to the Proxy option that will intercept all local traffic prior to other products accessing the data 
  • Added a debug feature to help users troubleshoot network caching issues   

Improvements

  • Improved Network Processing and Performance Monitoring to resolve Network Cache issue  
  • Improved Tamper Protection
  • Improved API calls to multiple locations 
  • Improved performance monitoring details 
  • Improved network processing
  • Improved the process of tracking every instance and logging file versions
  • Improved the access options around registry keys for Windows files   
  • Improved an issue in a previous release pertaining to custom rules that contain both hash and path

Version 7.8.3

Updated 3/16/2023

Known Issue: Applications May Not be Able to Run as Admin when Updating from Agent Version 7.8.x 

New Features

  • New ThreatLocker Proxy Service supported 

Version 7.8.2

Updated 3/16/ 2023

Known Issue: Applications May Not be Able to Run as Admin when Updating from Agent Version 7.8.x 

Bug and Fixes

  • Resolved an issue where the service could start the baseline process before the apps database was fully downloaded
  • Resolved an issue preventing the installation of new machines while using the ThreatLocker Proxy 

Version 7.8

Updated 3/16/2023

Known Issue: Applications May Not be Able to Run as Admin when Updating from Agent Version 7.8.x 
Proxy is now supported, however new machines will not install with the current build. Fix expected in the 7.8.2 release. 

Bugs and Fixes

  • Resolved an issue some customers experienced with high CPU spikes when compiling code
  • Resolved an issue affecting some customers using Authorization Hosts in their NAC policies
  • Resolved backup issues with Tamper Protection
  • Resolved an issue with Policies not inheriting status change
  • Resolved Ringfencing issues impacting some customers regarding Application Interaction, Read & Write permissions, and Network Denies
  • Resolved an issue where Driver Registry Keys were not populating upon update from previous version
  • Resolved an issue experienced by a customer regarding 0 byte size executables and DLL files
  • Resolved an issue where the ThreatLocker Service Driver used more memory than expected 
  • Changes the Core download function to prevent increased bandwidth if and processing if the core download fails

New Features

  • Added support for future product
  • Added ability to audit outbound traffic to localhost
  • VBS scripts are logged as an executable and blocked by default

Improvements

  • Improved log processing to decrease disk usage 
  • Improvements to Tamper Protection Mode
  • General security improvements
  • General performance improvements and fixes
  • Improved Remote Presence storage policies 

Version 7.7.4

1/17/2023

Known Bugs

Bugs and Fixes

  • Resolved an issue some customers experienced when upgrading ThreatLocker, relating to the initial core database file being interrupted. 

Version 7.7.3

Updated 1/17/2023

Known Bugs

Bugs and Fixes

  • Resolved an issue where .Net error was populating when selecting RealTime Action Log from the ThreatLocker Tray  

Version 7.7.1

Updated 1/17/2023

Known Bugs

Bugs and Fixes

  • Solved an issue for the tray not starting on non-English operating systems

 Improvements

  • Performance improvements on application downloads 

Version 7.7

Updated 1/17/2023

Known Bugs

Bugs and Fixes

  • Resolved an issue some customers experienced involving case differences on certificates during elevation
  • Resolved an issue where Windows was recycling Process IDs
  • Resolved an issue affecting a customer where their Tags.json file became corrupt
  • Resolved an issue affecting a customer where NAC could fail to connect to the authorization host
  • Resolved an issue experienced by a customer involving Application Control via network drives
  • Resolved a blue screen issue related to driver verification and USB drives
  • Resolved an issue where an incorrect override code displayed a success message instead of a failure message

New Features

Improvements

  • Improvements to Tamper Protection Mode
  • General security improvements
  • General performance improvements and fixes
  • Revised the acceptable characters and maximum length for Request Reason field
  • Improved support for wildcard characters within Storage Policy Process paths
  • Improvements to NAC and DNS caching: Known Issue: DNS Caching on Versions 7.0-7.6.2 
  • Added additional support for execution and logging of .py files   

Version 7.6.2

Updated December 9, 2022

Bugs and Fixes

  • Resolved an issue where antivirus software could prevent ThreatLocker from getting the correct hash of the file, leading to files being processed incorrectly 

Version 7.6.1

Updated November 29, 2022

Bugs and Fixes

  • Resolves an issue some customers experienced in 7.6 where certificates rules weren't matching for Elevation 

New Features

  • Allows additional verification of unverified certificates due to missing Root CA Certificates on computers by using known validated certificates from ThreatLocker 

Version 7.6

Updated November 16, 2022

IMPORTANT NOTE: Version 7.6 does not currently support the use of the ThreatLocker Proxy
Note: It is expected behavior on Upgrade and Deployment for the Agent to check-in to the Portal on 7.6 once, and then delay the next check-in as it prepares its files for use. This will also prevent the Tray from starting/updating until the Service is checking in normally again.
Note: It is recommended to update a small group of machines to 7.6 prior to global deployment due to the significant amount of changes made to this build. Here is how you can update individual machines or specific groups: Updating the ThreatLocker Version on a Single Computer | ThreatLocker Help Center (kb.help) | Updating ThreatLocker to the Latest Version | ThreatLocker Help Center (kb.help) 
Reminder: Windows Server 2008 needs to be fully patched in order for the ThreatLocker Agent to fully function.

Bugs and Fixes

  • Resolves an issue with DotNET DLL's not being permitted despite being learned
  • Resolves an issue with APC Index Mismatch causing Blue Screens
  • Resolved an issue some customers had with performance when their RMM was calling PowerShell repeatedly
  • Resolved an issue some customers experienced with performance related to DNS queries coming from ThreatLockerService when using a SIEM and sysmon
  • Resolved an issue some customers experienced when opening Batch files
  • Resolved an issue with Windows Apps not prompting for elevation when being run as administrator
  • Resolved an issue some customers experienced when attempting to block the iPhone driver
  • Resolved an issue some customers experienced where the driver failed to restart - Known Issue - Driver Not Restarting on Versions 7.0-7.5 | ThreatLocker Help Center (kb.help)
  • Resolved an issue where using the "Login as Admin" button from the tray could cause you to be incorrectly logged out of the Portal after completing the request if you had been signed in previously
  • Resolves an issue where if the computer has no internet connection, the Tray would fail to load the request window
  • Resolved an issue some customers experienced with NAC Keywords needing to be added to policies on both the client and server machines in order to function properly 
  • Resolved an issue where some customers saw an increase in CPU if updates.threatlocker.com was restricted on their firewall 
  • Resolved an issue some customers had when using NAC and port 8810 was already in use

New Features

  • Block Android as well as iPhones via Application Control
  • Added a popup to inform the user that there is already a request pending for an application they have already requested - this will reduce the number of duplicate requests from the same user
  • Added a right-click on the Tray menu item for Maintenance Mode - This is for a feature currently in Open Beta on the Mobile App
  • Added support for a future feature - support for file size when creating custom rules

Improvements

  • Improved performance on Network related Tasks in Ringfencing and NAC
  • Improvements to the initial download speed of core files on Deployment
  • Improvements to Core file processing and memory usage
  • Changes to Override Codes - these are now generated automatically per computer, and in addition to enabling Monitor Only, Tamper Protection will also be disabled
  • Improvements to Tamper Protection
  • Improvements to the way ThreatLocker processes applications, reducing RAM usage by the service and driver by 70+ percent
  • Improvements to Bandwidth utilization during policy deployment
  • Performance improvements regarding Checking for Updates 
  • Added extra logic to handle the increased number of executions seen by RMMs and Anti-Viruses

Version 7.4

8/10/2022

Bugs and Fixes 

  • Resolved an issue where excessive caching caused high memory usage. 
  • Resolved an issue some customers experienced with elevation mode not logging as elevated in the Unified Audit
  • Resolved an issue some customers experienced with Ringfencing needing a process restart after the ThreatLocker service was restarted
  • Reduced the number of logs generated by certain processes that scan files but windows identifies their scanning as executes 

Version 7.3

Updated August 19, 2022

  • Added push notification to inform users when their Approval Requests have been processed 
  • Improvements to the Blocked Items list in the tray
  • Optimization of NAC policy caching including the removal of Source Ports
  • Improvements to NAC 
  • Event log de-duplication 
  • Improvements to tray branding
  • Minor bug fixes and improvements
  • Resolved an issue some customers experienced with customized text displaying incorrectly in the tray popup
  • Resolved an issue some customers experienced with the tray not correctly showing progress in the learning popop progress bar
  • Resolved an issue some customers experienced with the tray crashing when displaying a high number of alerts  

Version 7.2.1

Updated July 15, 2022

  • Includes all improvements in 7.2
  • Performance Improvements 

Version 7.2

Updated July 14, 2022

New Features

  • Added the ability to disable the Elevation request popup to permit 'Elevating Silently'
  • Added paging and Action Type Filtering to the Blocked Items log in the tray
  • Added a new GUID option to NAC location dropdowns to provide a more user-friendly way of adding computers and/or groups to NAC Policies 
  • NAC default setting was changed to 'Monitor Only' status - create a default-deny policy at the computer group level to enable blocking
  • Added Process and Created By Process logging on Elevation logs on machines running Windows 10 and higher

Improvements and Fixes

  • Fixed an issue some customers experienced with Ringfencing Audit entries showing the application instead of the process
  • Resolved an issue some customers experienced with Tags not applying to Destination Locations on NAC Policies
  • Performance improvements to Network Access Control
  • Improvements to performance and memory usage  

Version 7.1.1

Updated May 18, 2022

  • Resolves an issue some customers experienced with Ringfencing while .NET files were being learned 

Version 7.1

Updated May 4, 2022

Please note: Includes all changes from 7.0. See the associated article here: https://threatlocker.kb.help/threatlocker-version-70-beta-release-notes
  • Improvements to NAC logging
  • Made improvements to processing Active Directory Group Enabled Policies
  • Added learning to the files previously excluded as part of the Windows vulnerability that was worked around in Version 6.8 
  • Resolved an issue some customers experienced when customizing the icon on popup windows it showed the ThreatLocker Icon for a brief moment when loading 

Was this article helpful?