Windows Agent Version 8.x Release Notes

26 min. readlast update: 05.24.2024

Find all 9.X notes here

 

Version 8.7.4 - Live

05/13/2024

Security Fix

  • Resolved an issue where if the Network Control product was disabled, having previously been enabled, in some circumstances could cause traffic not to be passed to the Windows Firewall for processing.

Bugs and Fixes

  • Resolved an issue that caused a repeated error multiple times an hour on some machines, starting with threatlockerservice.CleanPath... 
  • Resolved an issue with ThreatLocker Detect that caused the Detect (Ops) database to grow larger than intended
  • Resolved an issue with ThreatLocker Detect related to the logic around handling errors
  • Resolved an issue with Network Control, which prevented Objects from working as intended on startup with local IP addresses in the same subnet.

 

Version 8.7.3 - Beta

04/23/2024

Improvements

  • Added a new Option that disables network traffic monitoring for Network Control called 'DisableInterceptNetworkAccessForAll'

 

Version 8.7.2 - Live

04/22/2024

updated: 4/26/2024

Improvements

  • Improvement to the Remove Local Admin account with exclusions configuration to now handle SIDS leftover on the local machine when a user has been removed from the domain, but not the endpoint
  • Updated the Certificate on the ThreatLocker Health Service
  • Made improvements to the handling of Event Log IDs and Opcodes
  • Improved logic in the Stub installer to prevent the installation of a 32-bit installer on a 64-bit machine
  • Improved logic in the Service to handle alternative data streams

Bugs and Fixes

  • Resolved an issue in which Tamper Protection was preventing the tray from accessing custom branding Icons and Logo files
  • Fixed an issue in which Network Control objects were not being returned when the Network Challenge was disabled
  • Resolved an issue with Network Control objects where they were not cached as intended, which caused high network activity
  • Removed the option to select TLS 1.2 Client and TLS 1.3 Client from the Configure TLS Protocols Configuration Manager policy
  • Resolved an issue in which Detect policy conditions were not correctly matching on the Source IP address
  • Resolved an issue with ThreatLocker Ops/Detect where using the CMDLineParameters in Ops/Detect conditions was not allowing for the condition to be met
  • Resolved an issue with ThreatLocker Ops where changing between Lockdown to Isolate would leave the machine in Lockdown mode
  • Resolved an issue with ThreatLocker Ops where the Canary File Path condition would require a service restart to take effect
  • Resolved an issue with ThreatLocker Ops where the threat level was not increasing as expected when multiple policies were matched
  • Resolved an issue with DomainNameParsing, where the option was causing slowness on the driver

 

Version 8.7.1 - Live

04/05/2024

New Features

Cyber Hero Detection and Response is now available

The CHMDR is an add-on to ThreatLocker® Detect (formerly known as Ops) that allows organizations to opt for the ThreatLocker Cyber Heroes to monitor and respond to Indicators of Compromise (IoC). When ThreatLocker® Detect detects suspicious activity in your environment, the Cyber Hero team will automatically review the alert to determine if there is a true IoC or a false positive. If an attacker is on your device, the Cyber Hero will follow the customer's runbook to either isolate or lock down the device and notify the customer. They will be able to identify additional information for the customer, including:

  • What the threat was

  • How/If initial access was gained

  • Where the threat originated

  • What the threat attempted to do

  • How the threat was blocked and mitigated

Improvements

  • Improved the compression of core files during download
  • Added a new Configuration Manager option to enable/disable Windows Defender
  • Improved the ThreatLocker Ops Event Log Match caching to reduce noise. View more information about Event Log Monitoring here: https://threatlocker.kb.help/threatlocker-ops/
  • Added a condition of Policy Name with Matches or Contains for ThreatLocker Detect/Ops
  • Improved the ThreatLocker Detect/Ops Threat Level counter to only increase the threat level a single time until the alerts are cleared

  • Improved our API security by removing anything under API level 14. Now, the minimal allowed API level is 15

  • Improved the process of excluding a File Path from the Baseline process by expanding functionality to Windows Computer Groups

  • Improved the process of automatic core database checks and the database self-healing process

Bugs and Fixes

  • Resolved an issue where the ThreatLocker Detect/Ops condition for Destination Port was not working as intended
  • Resolved an issue with Learned Ringfencing Exclusions where Outbound Network Control was blocking automatic learning of the exclusions
  • Resolved an issue with deleting a ThreatLocker Detect/Ops policy that had not been deployed but had also forced a machine into Locked Down or Isolated Mode
  • Resolved an issue where the Unified Audit would show logs for Outbound Network control without a policy
  • Resolved an issue where the Maintenance Mode popup would show before the scheduled start of that change
  • Resolved an issue with ThreatLocker Ops where using the CMDLineParameters in Ops conditions was not allowing for the condition to be met
  • Resolved an issue where the driver was not caching Tamper Protection logs for FileInstall.db-journal and FileInfov4.db-journal
  • Resolved an issue with the use of named pipes in the Windows service that stopped the service from listening to multiple users at a time

  • Resolved an issue with named pipes that stopped the service from listening to multiple users

  • Resolved an issue where the Misc. External Storage policy would block some Chromium extensions

  • Resolved an issue with an incorrect detection of the parent process. Implemented additional mechanisms to passthrough file operations from svc host

  • Resolved an issue with FortiClient where having a policy to run a program without elevation and then running as an administrator would cause an error

  • Resolved an issue with the processing of .exe exclusions

  • Resolved an issue where the Active Directory Users and Computers remote service administrator tool does not elevate

  • Resolved an issue in the Exclusions section when the process is run as Administrator or System

  • Resolved an issue where logging driver errors on the service was not logging as expected

  • Resolved an issue from 8.2 where the Configuration Manager policy Monitor PowerShell would cause a PowerShell crash

  • Resolved an issue causing some processes to be Ringfenced by the incorrect policy

  • Resolved an issue with 8.7 where ThreatLocker two ThreatLocker Detect registry keys were not set as intended during the install

  • Resolved an issue from 8.2.3-8.5.1 where the UAC would crash when trying to run a file as an administrator

  • Resolved an issue with Remote Desktop Service missing functionality when Servermanager.exe is elevated

  • Resolved an issue starting in 7.6 that prevented Driver updates when the ThreatLocker service was restarted

  • Resolved an issue with 8.3.4 where the UAC prompt would not show as expected

  • Resolved an issue with ThreatLocker Ops where policies with Windows Event Logs were not matching as expected

  • Resolved an issue where some users were able to access the internet when a machine was in Isolation Mode

 

Version 8.6.3 - Live

04/01/2024 

Improvements

  • Improved the ThreatLocker Ops/Detect Threat Level counter to only increase the threat level a single time until the alerts are cleared
  • Improved databases on endpoints to self-repair if missing, corrupted, or if they have zero-byte files
    • Databases include
      • AzureAD.db
      • cert.db
      • DeniedActionQueue.db
      • dns.db
      • fileinfoV4.db
      • FileInstall.db
      • nac.db
      • Ops.db

Bugs and Fixes

  • Resolved an issue with ThreatLocker Ops where administrators were unable to get Event Log Keywords to match based on the condition
  • Resolved an issue with ThreatLocker Ops where Occurrences were not being incremented if the TL Ops/Detect policy condition contains an Occurrences condition
  • Resolved an issue where the Unified Audit would show logs for Outbound Network control without a policy 

 

Version 8.6.2 - Live

03/12/2024

Improvements

  • Tamper Protection logs will no longer be available in the Unified Audit. They are now available in the ThreatLocker logs found at C:\Program Files\ThreatLocker\logs
  • Improved the ThreatLocker Ops Event Log Match caching to reduce noise. View more information about Event Log Monitoring here: 

Bugs and Fixes

  • Resolved an issue with the processing speed of the Network Control Challenge
  • Resolved an issue where the Unified Audit would show logs for Outbound Network control without a policy
  • Resolved an issue from Windows version 8.3.2-8.6 where Chromium extensions were being learned with multiple full paths, causing them to be treated as .exe files
  • Resolved an issue with the Splunk integration that prevented PowerShell from launching when in Secured mode
  • Resolved an issue with the use of named pipes in the Windows service that stopped the service from listening to multiple users at a time
  • Resolved an issue with ThreatLocker Ops where policies with Windows Event Logs were not matching as expected
  • Resolved an issue with 8.5.1 where the ThreatLocker Tray would not start

 

Version 8.6.1 - Live

03/12/2024

New Features

  • The ThreatLocker Tray will now alert end-users of our research on their software requests, including software name and company name, countries of operation, and software categories. This will allow end-users insight into the software they are requesting and help guide their decision-making process before requesting the install
  • Three new conditions will be available in ThreatLocker Ops; Countries, Categories, and from Risks. Policies can be created to monitor for software running from certain countries, from certain software categories, and for known risks.

Bugs and Fixes

  • Resolved an issue with the Baseline process, which was not using the correct logic for extensions

 

Version 8.6 - Live

02/26/2024

Bugs and Fixes

  • Resolved an issue in which permitted outbound network traffic was displaying as a green deny in the Unified Audit
  • Resolved an issue with the processing of msedge.exe or chrome.exe extensions, causing slowness for some Citrix server users
  • Resolved an issue some customers experienced with computers not registering and checking in correctly when the preferred language was set to Chinese
  • Made performance improvements for machines running Deep Instinct AV alongside ThreatLocker
  • Resolved an issue where ThreatLocker Ops policies were causing a delay in loading policies for other modules
  • Resolved an issue in which computers experienced performance issues when their antivirus or another application was attempting to access ThreatLocker files, and, at the same time, ThreatLocker was logging into the database and processing this action through the TL engine to evaluate if the application had permission to access the files or not, which resulted in a race condition. Changes were made to ensure that ThreatLocker would not be inserted into the database until after receiving results from the engine to prevent this behavior.

 

Version 8.5.3 -  Live

02/16/2024 - Updated

Improvements

  • Improved the way missing files are logged and recovered when services are updated or downgraded
  • Improvements to ThreatLocker Ops file path monitoring
  • Added visibility of Event Log IDs in the ThreatLocker Ops Alerts sidebar
  • Added visibility of Ringfenced Registry items in the Blocked Items tray
  • Minor improvements to ThreatLocker Ops policy action caching to support quicker addition of new actions to an existing policy
  • ThreatLocker Ops policies will be able to action based on the SHAs, Hashes, Certs, and Application IDs of a parent process
  • The option to Disable Remote Presence has been changed to Enable Remote Presence
  • The ThreatLocker Tray will now alert end-users of our research on their software requests, including software name and company name, countries of operation, and software categories. This will allow end-users insight into the software they are requesting and help guide their decision-making process before requesting the install

Bugs and Fixes

  • Resolved an issue with how the Registry is protected while Tamper Protection is Enabled
  • Resolved an issue in which the Network Challenge was incorrectly permitting traffic from more than source objects. Changed the method of how ThreatLocker pulls Network Control objects and how they are cached. These resolutions were implemented officially with 8.6.
  • Resolved an issue with Application Control and the caching of parent processes
  • Resolved an issue with the Configuration Manager reports "Event Logon Reporting" and "Enable User Logon Reporting"
  • Resolved an issue with the ThreatLocker Elevation popup not reverting to the Windows UAC when Elevation was disabled
  • Resolved an issue with ThreatLocker Ops where Destination or Source IP Addresses with CIDR Notation would not process as expected
  • Resolved an issue with the Disable SMB V1 policy in Configuration Manager, where SMB was not disabled as expected when the policy was enabled
  • Resolved an issue where the ThreatLocker UAC would not support certain file paths based on prefix characters
  • Resolved an issue with the ThreatLocker Tray and the close tray process not working as intended
  • Resolved an issue with the ThreatLocker Administrator Password System (TAPS) where generating a password would fail and cause a 400 error
  • Resolved an issue that caused Tray icon ghosting during ThreatLocker service restarts

 

Version 8.5 - Live

2/5/2023 

Bugs and Fixes

  • Resolved an issue with the ThreatLocker Tray and the close tray process not working as intended
  • Resolved an issue with Storage Control and/or Storage Audit and the monitoring of drives
  • Resolved an issue with the Configuration Manager policy for Restrict Local Admin Tools and the Exempt Local Admin feature
  • Resolved an issue with ThreatLocker Ops Exclusions when logged from the Response Center
  • Resolved an issue with the UAC and cached Active Directory credentials if the machine is taken off the Active Directory network
  • Resolved an issue with the ThreatLocker Ops Destination Domain option and wildcards not functioning as intended
  • Resolved an issue the Exclusions section when the process is run as Administrator or System
  • Resolved an issue that caused Tray icon ghosting during ThreatLocker service restarts
  • Resolved an issue with the ThreatLocker Tray caching, which caused caching to turn off unintentionally
  • Resolved an issue with excessive logging from multiple Password Manager Chromium extensions

 

Version 8.4.1 - Live

1/26/2024

New Features

  • Six new Configuration Manager Policies are now available!
    • Disable TLS 1.0 Protocol
    • Enable SMB Signing
    • Disable Link-Local Multicast Name Resolution
    • Disable Multicast DNS
    • Disable Anonymous enumeration of SAM accounts and shares
    • Require Network Level Authentication for Remote Connections
  • The ThreatLocker Tray will now alert end-users of our research on their software requests, including software name and company name, countries of operation, and software categories. This will allow end-users insight into the software they are requesting and help guide their decision-making process before requesting the install 

Improvement

  • ThreatLocker Ops policies will be able to action based on the SHAs, Hashes, Certs, and Application IDs of a parent process 
  • The option to Disable Remote Presence has been changed to Enable Remote Presence
  • Approval Requests will no longer allow invalid emails when emails are set as a required field
  • End-Users who utilize a terminal server setup will now only be able to see their own real-time Unified Audit logs in the tray. Administrators will need to use our portal to see a complete list of all user activity

Bugs and Fixes

  • Resolved an issue with the ThreatLocker Tray caching, which caused caching to turn off unintentionally
  • Resolved an issue with the Windows Core Files on the Testing Environment Virtual Machines, which caused unintended blocks
  • Resolved an issue with ThreatLocker Ops where policies were being actioned multiple times due to an error with caching. Ops policies will only action once until the alert is cleared by a user
  • Resolved an issue with the ThreatLocker Tray and time not stored in UTC
  • Resolved an issue with the Tray where Chromium extension names were displayed incorrectly
  • Resolved an issue with the ThreatLocker Administrator Password System (TAPS) where generating a password would fail and cause a 400 error
  • Resolved an issue where Chromium extensions were not blocking as intended if Storage Control was not enabled
  • Resolved an issue that caused Tray icon ghosting during ThreatLocker service restarts
  • Resolved an issue with Ops condition Occurrences, and the option has been readded for use in policies
  • Resolved an issue with Default Deny working when not enabled based on Ringfencing settings

 

Version 8.4 - Live

01/22/2024

New Features

  • Added a new Configuration Manager policy to Enable/Disable PowerShell Constrained Language Mode 
  • Added a new Configuration Manager policy for CVE-2013-3900 WinVerifyTrust Signature Validation Vulnerability 

Bugs and Fixes

  • Resolved an issue related to zipped files with executables running on secured machines
  • Resolved an issue where the service would not start/restart or check-in due to a corrupt driver  
  • Resolved an issue where users were not getting the UAC prompt on version 8.2.3 when trying to run a program as an administrator 

 

Version 8.3.5 - Live

12/28/2023

Improvements

  • New option to disable installation file monitoring
  • New option to disable remote presence by default

Bugs and Fixes

  • Resolved an issue with serial numbers not logging based on abbreviations

 

Version 8.3.4 - Live

12/15/2023

Bugs and Fixes

  • Resolved an issue where the ThreatLocker Tray failed to start
  • Resolved an issue where parent processes were not matching the full path as expected

 

Version 8.3.3 - Live

12/15/2023

Bugs and Fixes

  • Resolved an issue where expired policies were causing core file blocks 
  • Resolved an issue where the ThreatLocker Service would fail to start 
  • Resolved an issue with Ukrainian/Cyrillic characters displaying in the Portal 
  • Resolved an issue with the display name of browser extensions 

 

Version 8.3.2 - Live

12/05/2023

Improvements

  • Built-in applications that include Windows Core files will no longer process before custom rules

Bugs and Fixes

  • Resolved an issue with the delete action not logging in the Unified Audit as expected

 

Version 8.3.1

11/29/2023

Known Issue: Syncplicity preventing ThreatLocker machines from checking in to the portal

 

New Features

  • The default value for \device\syncplicity will now be null, and clients will need to set their preferred value
  • When the EnableLUA registry key is changed and a computer needs a reboot, a flag will now be visible on the Computers Page 
  • Override codes now also apply to Storage Control policies. If a ThreatLocker Override is run, all Storage Control denies will be permitted.
  • Configuration manager now has the option to enable Crash Dump complete file collection 

Improvements

  • Updates and improvements to the UAC prompt and the ThreatLocker Tray
  • Improvements to how the Monitor PowerShell option is applied to the endpoint
  • The error log folder located in the application folder will now clear logs older than 30 days 
  • Improvements to the handling of Global Configuration Manager Policies
  • Added the support of multiple wildcards within the registry path for Ringfencing exclusions 
  • Improved the way hostname is populated to show more than 15 characters 
  • Improved logging in the Check Errors section of the Computer's tab, including starting, stopping, and restarting the service 
  • Increased several API timeouts 

Bugs and Fixes

  • Resolved an issue with the ThreatLocker driver getting stuck in a restart cycle related to the default value for disabled devices 
  • Resolved an issue causing excessive logging of the FileInfo and FileInstall in the System Audit 
  • Resolved an issue in which opening multiple instances of the real-time audit caused high memory usage 
  • Resolved an issue that caused an API to stall when changing the page size on the Applications page 
  • Resolved an issue that caused an API to stall when changing the page size on the Applications page 
  • Resolved an issue where Network Control caused high CPU when monitoring outbound traffic 
  • Resolved an excessive logging issue in the Unified Audit related to the ThreatLocker Ops policy for Log All Logon Events 
  • Resolved an issue with conflicting serial number lengths based on differences in Windows 7 and Windows 10 
  • Resolved an issue where a client was unable to RDP into his machine by adding IPSec support 
  • Resolved an issue with Chrome extensions not being blocked as required 
  • Resolved an issue with the Disable UPnP policy in Configuration Manager 
  • Resolved an issue that would block a new USB request if there is already a pending, different, USB request in the system 
  • Resolved an issue with the UAC where the {Username}@{Domain} format would fail authentication 
  • Resolved an issue from 7.6 related to Windows programs that only work properly when run by an administrator, like the Windows Media Creation Tool 
  • Resolved an issue from 8.0 where the NetworkPendingQueueSize in the registry was not dropping as expected 
  • Resolved an issue in which opening multiple instances of the real-time audit caused high memory usage
  •  Resolved an issue for Legacy ThridWall users, which affected the excessive failed logon events policy 
  • Resolved an issue with built-in SDHC card readers and collecting S/N from SD cards 
  • Resolved a rare issue where the Windows API would not read an entire file
  • Resolved an issue with the Configuration Manager policy to Disable NetBios related to network adapter settings 
  • Resolved an issue where default ThreatLocker branding did not apply when clients had not implemented custom branding 
  • Resolved an issue where ProxyURLs were using port 443 

 

Version 8.2.4

11/16/2023

Improvements

  • Moving forward, ThreatLocker will not include C:\ProgramData\Docker* in the baseline learning process to avoid causing unintended issues. For more information about Baselining, please see our ThreatLocker University course Learning Mode

 

Version 8.2.3

11/01/2023

Bugs and Fixes

  • Resolved an issue that caused excessive logging in Tamper Protection Mode

built-in

Version 8.2.2

10/25/2023

Improvements

  • Improvements to outbound network processing
  • Added support for exclusions for Outbound Network Control  

Bugs and Fixes

  • Fixed a bug with Exclusions where, in certain circumstances, they would not apply as intended

 

Version 8.2.1

10/19/2023

Improvements

  • Improvements to inbound network processing

 

Version 8.2

Updated 3/12/2024

New Features

Improvements

  • Improved logging for the Network Challenge feature 
  • Improved the real-time audit logs to show the time zone of the machine 
  • The requester email is now included in the UAC prompt for Elevation and Approval Requests
  • In order to avoid unintended blocks, if a policy with a .dll only is above a policy for the same application with a .exe and the same .dll, when the first policy runs, the 2nd policy with the .exe and .dll will match and permit. This change will cause built-in policies to take precedence over custom rules for the same applications
  • Improvements to the Approve Applications process, including identification of a matching application to happen inside the virtual testing environment 
  • Improved the processing of UDP traffic 
  • Improvements to Isolation Mode in Configuration Manager, including blocking TCP & UDP traffic 
  • Improved internal logging of events related to temp files, delete actions, sleep/hibernation behaviors, and more  
  • The Stub Installer is now integrated into the MSI Installer 
  • Improvements made to new applications and the amount of logging in the Unified Audit 
  • Improved the Windows Service and Driver features to harden the process of service downgrading, stopping/starting of the service and driver, and Tamper Protection 
  • Reinstated Green Denies on Network Control in the Unified Audit when no policies exist but the Module is enabled 
  • Improved error messaging around Chromium Extensions, which return an empty string 
  • SHA256 captures will now be enabled by default and users will have the ability to disable this feature under the Organization Options 
  • Added a Kill Running Process option to ThreatLocker Ops 
  • Improved Threatlocker Ops by adding canary files 
  • Elevation buttons have been changed to look more prominent 
  • Configuration Manager now has a policy to block Developer Mode in MS Edge Chromium and Google Chrome 
  • Improved the handling of temporary files to reduce the data set kept in the memory cache 
  • Windows machines will now display the major and minor versions in the Portal 
  • Improved the cache of items in the Unified Audit to reduce noise. This will not affect Denies. All denies will log
  • Updates and improvements to the UAC prompt 
  • Updates to Configuration Manager including the Set Screen Saver policy and how it logs in the Unified Audit 
  • Added Tray notification messaging for the Isolate/Un-isolate feature 
  • Added functionality to disable the notification that users see when programs install or update 
  • Improved the speed of cert.db download speed 
  • Improved the way hostname is populated to show more than 15 characters 
  • Reduced minimum monitored file size from 16 bytes to 4 bytes 

Bugs and Fixes

  • Resolved an issue with Excluded Processes, and they will now exclude Install action types 
  • Resolved an issue using wildcards (*) in Storage Control Policies in the "What program does this apply to?" field 
  • Resolved an issue with Network Control that was causing intermittent incorrect denies 
  • Resolved an issue with RAID drives and ringfencing
  • Resolved an issue with baselining that caused high CPU usage 
  • Resolved an issue with MSI files trying to elevate 
  • Resolved an issue with thumb drives and logging of encryption status 
  • Improved file logging in the Unified Audit to only record Reads and Writes, either in Permit or Deny policies, for .exe and .dll files, reducing white noise and unintentional blocks 
  • Resolved an issue with Network Control and deleted Authorization Hosts 
  • Resolved an issue identified in 7.10 where some Chromium extensions would not read as executable 
  • Resolved an issue where some extensions were not being blocked in Chrome 
  • Resolved an issue from 7.10.2 and 8.0 with svchost.exe and hash showing incorrectly on installs 
  • Resolved an issue for Legacy ThridWall users, which affected the excessive failed logon events policy 
  • Resolved an issue with \\localhost\c$\*\ related to storage devices and excessive logging 
  • Resolved an issue from 7.6.1 where the tray notification would not populate at the correct time 
  • Resolved an issue where a user was getting BSOD when connecting to a home network 
  • Resolved an issue with Chrome extensions not being blocked as required 
  • Resolved an issue with Network Control not caching as expected and then sometimes failing the Challenge
  • Resolved an issue with Chromium Extensions that were being denied via storage policies 
  • Resolved an issue where FortiNet VPN allowed RDP connections with Network Control RDP deny policies in place 
  • Resolved an issue with Elevation that gave incorrect permissions based on the ThreatLocker Consent setting
  •  Resolved an issue with storage policies when multiple policies use different drives 
  • Resolved an issue related to capturing core files from all drives, which caused some core files to be blocked 
  • Resolved an issue that would block a new USB request if there is already a pending, different USB request in the system 
  • Resolved an issue that was allowing non-permitted files to execute from the C:\Windows\Assembly folder 
  • Resolved an issue that allowed files to be renamed even though they were protected by Tamper Protection 
  • Resolved an issue with Ringfencing failing to block Reads/Writes as expected 
  • Resolved an issue that caused the Tray to crash for users on .NET 4.8+ 
  • Resolved an issue with Tamper Protection Deny logs, which caused excessive logging 
  • Resolved an issue with proxy and service loss 
  • Resolved an issue that allowed Ringfencing to process when only Default Deny was selected 
  • Resolved an intermittent issue found on Windows 10 where certain files were being logged as execute even though they were not .exe files 
  • Resolved an issue with system stress caused by installations 
  • Resolved an issue where the SHA256 was captured but not showing in the Unified Audit 
  • Resolved an issue with Network Control and error messages populating incorrectly 
  • Resolved an issue with Configuration Manager and the Set Password Protected Screen Saver enable/disable feature 
  • Resolved an issue with UDP Multicast IPs, and now they are no longer blocked and/or logged 
  • Resolved an issue with the capture of UDP traffic if a registry value was set 
  • Resolved an issue where any binaries run by rundll32 will be blocked by ThreatLocker as a normal user 
  • Resolved an issue with the Created By Process and custom rules 
  • Resolved an issue with Network Control and unnecessary logging of ThreatLocker domains 

 

Version 8.0.2

7/15/2023

Bugs and Fixes

  •  Resolved a minor issue with RoboCopy which was causing high CPU usage

 

Version 8.0.1

07/07/2023

Improvements

  • Improved the way hostname is populated to show more than 15 characters  

 

Version 8.0

6/16/2023

Bugs and Fixes

  • Resolved an issue with  not disabling when an Override would be applied
  • Resolved several issues with the tray, including crashing and missing attachments 
  • Resolved an issue with devices being blocked due to language settings 
  • Resolved an issue with corrupt pk.dat files  
  • Resolved several issues with Network Control, including authorization host timeouts, objects not applying to IPv6, and issues with keywords 
  • Resolved an issue where Tamper Protection would set prior to a successful checkin 
  • Resolved an issue with the ThreatLocker service not honoring DNS changes  
  • Resolved an issue in 7.10 where Created by Custom rules would not apply 
  • Resolved an issue where the Run Now button would not close when running a .dll file 
  • Resolved an issue where users got a BSOD from a single IP address 
  • Resolved an issue where Bypass I/O was not supported by the ThreatLocker Driver. This will now work for new installs of 8.0 but not updates to 8.0
  • Resolved an issue where corrupted tags.json would not recover 
  • Resolved an issue where Administrators would not get correctly redirected to their approvals after logging into the portal 
  • Resolved an issue where system32 paths would be stopped when killing all running processes 
  • Resolved an issue where VirtualBox virtual machines would get stuck on service restarts 
  • Resolved an issue where deployment could have caused duplicate machines 
  • Resolved an issue when a workstation freshly boots up and wants to authenticate but the server does not know this workstation yet 
  • Resolved an issue where storage approvals would not generate a popup after an approval had been actioned 

New Features

Improvements

  • Improvements to security by only allowing one instance of ThreatLocker service to run at a time 
  • When the user is System, files run by powershell.exe or rundll32.exe to not be processed as executing 
  • Improved how deny actions are recorded

 

 

 Find older release notes here: Windows Agent Version 7.x Release Notes
Was this article helpful?