Version 8.2 - Open Beta

9/19/2023

New Features

• Added %%actiontype%% as new parameter for post request URL
• Added %%username%% as a parameter for post redirect
• Added Policy Name to the Blocked Items grid  
• In the Elevation module, administrators are now able to customize and limit permissions to specific settings - https://threatlocker.kb.help/changes-to-elevation-in-threatlocker-version-81/
• New Configuration Manager module is now available  
• ThreatLocker now includes Isolate, Lockout, and Screen Lock options, which can be found on the Computer's Page
• Added Tray notification messaging for the Isolate/Un-isolate feature  
• WhatsApp.com has been added to Configuration Manager's social media controls  
• Lemon8 has been added to Configuration Manager's social media controls 
• Added a feature to recover core.db if it is reporting as malformed  
• Added Network Control to the Override feature   

Improvements

• Improved logging for the Network Challenge feature 
• Improved the real-time audit logs to show in the time zone of the machine 
• Requester email is now included in the UAC prompt for Elevation and Approval Requests
• In order to avoid unintended blocks, any policy with both .exe and .dll will run the .exe first and incorporate the .dll after executing 
• Improvements to the Approve Applications process, including identification of a matching application to happen inside the virtual testing environment 
• Improved the processing of UDP traffic 
• Improvements to Isolation Mode in Configuration Manager, including blocking TCP & UDP traffic 
• Improved internal logging of events related to temp files, delete actions, sleep/hibernation behaviors, and more  
• The Stub Installer is now integrated into the MSI Installer 
• Improvements made to new applications and the amount of logging in the Unified Audit 
• Improved the Windows Service and Driver features to harden the process of service downgrading, stopping/starting of the service and driver, and Tamper Protection 
• Reinstated Green Denies on Network Control in the Unified Audit when no policies exist but the Module is enabled 
• Improved error messaging around Chromium Extensions which return an empty string 
• SHA256 captures will now be enabled by default and users will have the ability to disable this feature under the Organization Options 
• Added a Kill Running Process option to ThreatLocker Ops 
• Improved Threatlocker Ops by adding canary files 
• Elevation buttons have been changed to look more prominent 
• Configuration Manager now has a policy to block Developer Mode in MS Edge Chromium and Google Chrome 
• Improved the handling of temporary files to reduce data set kept in memory cache 
• Windows machines will now display the major and minor version in the Portal 
• Improved the cache of items in the Unified Audit to reduce noise. This will not affect Denies. All denies will log
• Updates and improvements to the UAC prompt 
• Updates to Configuration manger including the Set Screen Saver policy and how it logs in the Unified Audit 
• Added Tray notification messaging for the Isolate/Un-isolate feature 
• Added functionality to disable the notification that users see when programs install or update 
• Improved the speed of cert.db download speed 
• Improved the way hostname is populated to show more than 15 characters 

Bugs and Fixes

• Resolved an issue with Excluded Processes and they will now exclude Install action types 
• Resolved an issue using wildcards (*) in Storage Control Policies in the "What program does this apply to?" field 
• Resolved an issue with Network Control that was causing intermittent incorrect denies 
• Resolved an issue with RAID drives and ringfencing
• Resolved an issue with baselining that caused high CPU usage 
• Resolved an issue with MSI files trying to elevate 
• Resolved an issue with thumb drives and logging of encryption status 
• Improved file logging in the Unified Audit to only record Reads and Writes, either in Permit or Deny policies, for .exe and .dll files, reducing white noise and unintentional blocks 
• Resolved an issue with Network Control and deleted Authorization Hosts 
• Resolved an issue identified in 7.10 where some Chromium extensions would not read as executable 
• Resolved an issue where some extensions were not being blocked in Chrome 
• Resolved an issue from 7.10.2 and 8.0 with svchost.exe and hash showing incorrectly on installs 
• Resolved an issue for Legacy ThridWall users which affected the excessive failed logon events policy 
• Resolved an issue with \\localhost\c$\*\ related to storage devices and excessive logging 
• Resolved an issue from 7.6.1 where the tray notification would not populate at the correct time 
• Resolved an issue where a user was getting BSOD when connecting to a home network 
• Resolved an issue with Chrome extensions not being blocked as required 
• Resolved an issue with Network Control not caching as expected and then sometimes failing the Challenge
• Resolved an issue with Chromium Extensions that were being denied via storage policies 
• Resolved an issue where FortiNet VPN allowed RDP connections with Network Control RDP deny policies in place 
• Resolved an issue with Elevation that gave incorrect permissions based on the ThreatLocker Consent setting
•  Resolved an issue with storage policies when multiple policies use different drives 
• Resolved an issue related to capturing core files from all drives, which caused some core files to be blocked 
• Resolved an issue that would block a new USB request if there is already a pending, different, USB request in the system 
• Resolved an issue that was allowing non-permitted files to execute from the C:\Windows\Assembly folder 
• Resolved an issue that allowed files to be renamed even though they were protected by Tamper Protection 
• Resolved an issue with Ringfencing failing to block Reads/Writes as expected 
• Resolved an issue which caused the Tray to crash for users on .NET 4.8+ 
• Resolved an issue with Tamper Protection Deny logs which caused excessive logging 
• Resolved an issue with processing very small files 
• Resolved an issue with proxy and service loss 
• Resolved an issue that allowed Ringfencing to process when only Default Deny was selected 
• Resolved an intermittent issue found on Windows 10 where certain files were being logged as execute even though they were not .exe files 
• Resolved an issue with system stress caused by installations 
• Resolved an issue where the SHA256 was captured but not showing in the Unified Audit 
• Resolved an issue with Network Control and error messages populating incorrectly 
• Resolved an issue with Configuration Manager and the Set Password Protected Screen Saver enable/disable feature 
• Resolved an issue with UDP Multicast IPs and now they are no longer be blocked and/or logged 
• Resolved an issue with the capture of UDP traffic if a registry value was set 
• Resolved an issue where any binaries run by rundll32 will be blocked by ThreatLocker as a normal user 
• Resolved an issue with the Created By Process and custom rules 
• Resolved an issue with Network Control and unnecessary logging of ThreatLocker domains 

Version 8.0.2

7/15/2023

Bugs and Fixes

•  Resolved a minor issue with RoboCopy which was causing high CPU usage

Version 8.0.1

07/07/2023

Improvements

• Improved the way hostname is populated to show more than 15 characters  

Version 8.0

6/16/2023

Bugs and Fixes

• Resolved an issue with Tamper Protection not disabling when an Override would be applied
• Resolved several issues with the tray, including crashing and missing attachments 
• Resolved an issue with devices being blocked due to language settings 
• Resolved an issue with corrupt pk.dat files  
• Resolved several issues with Network Control, including authorization host timeouts, objects not applying to IPv6, and issues with keywords 
• Resolved an issue where Tamper Protection would set prior to a successful checkin 
• Resolved an issue with the ThreatLocker service not honoring DNS changes  
• Resolved an issue in 7.10 where Created by Custom rules would not apply 
• Resolved an issue where the Run Now button would not close when running a .dll file 
• Resolved an issue where users got a BSOD from a single IP address 
• Resolved an issue where Bypass I/O was not supported by the ThreatLocker Driver. This will now work for new installs of 8.0 but not updates to 8.0
• Resolved an issue where corrupted tags.json would not recover 
• Resolved an issue where Administrators would not get correctly redirected to their approvals after logging into the portal 
• Resolved an issue where system32 paths would be stopped when killing all running processes 
• Resolved an issue where VirtualBox virtual machines would get stuck on service restarts 
• Resolved an issue where deployment could have caused duplicate machines 
• Resolved an issue when a workstation freshly boots up and wants to authenticate but the server does not know this workstation yet 
• Resolved an issue where storage approvals would not generate a popup after an approval had been actioned 

New Features

• New Microsoft© Azure Service integration with Ringfencing 
• Configuration Manager! This feature will allow you to quickly design policies that help mitigate the most common threat vectors.

Improvements

• Improvements to security by only allowing one instance of ThreatLocker service to run at a time 
• When the user is System, files run by powershell.exe or rundll32.exe to not be processed as executing 
• Improved how deny actions are recorded

 Find older release notes here: Windows Agent Version 7.x Release Notes