Windows Agent Version 9.x Release Notes

Version 9.6.1

01/21/2025

New Features

• Added a new ThreatLocker Detect condition called 'Current Built-In Threat Level.' This condition operates independently from the computer Threat Levels that are increased by alerts created. It will be used for threat levels established by ThreatLocker Detect Built-In policies explicitly.

Version 9.6 

01/08/2025

New Features

• Added a new Configuration Manager policy to Restrict NTLM traffic and made improvements to the Audit NTLM traffic policy to improve clarity
• Added the ability to enforce PowerShell Constrained Language Mode by blocking the file named FullLanguageMode.psm1
• Added a new api endpoint to retrieve an organization's instance
• Added Configuration Manager policy to configure Windows Default Printer Management

Improvements

• Improved readability of CAPTCHA prompts displayed through the Self Approval process on the tray
• Improved processing of mapped network drives on driver side
• Improved the logic to get longer file paths for processes
• Improved performance of the driver through disabling the usage of counters by default
• Removed the requirement to input IPv4 or IPv6 as a prefix when setting IP ranges in Detect Conditions
• Made improvements to the Request window when no application information is available
• Made improvements to the driver to prevent a renamed PowerShell executable from being able to run scripts that should have been blocked
• Improved detection and enforcement of Chromium browser extensions through Application Control

Bug Fixes

• Resolved an issue with unintentional Ringfenced events being caused due to a match on the wrong policy
• Resolved an issue with getting Process Path during Elevate action on Windows Terminal
• Resolved an issue that caused unintentional application blocks due to the service restarting
• Resolved an issue in which the file path for Windows Virus and Protection Management was incorrectly displaying when elevated
• Resolved an issue in which the Tray was not communicating through the ThreatLocker Relay
• Resolved an issue with intermittent Network Ringfencing occurring by updating tags logic and processing
• Resolved an issue in which the ProxyURL registry value was not being removed when the ProxyURL was removed from the Portal
• Resolved an issue with an agent conflict between ThreatLocker and Jenkins
• Resolved an issue in which certificates were not being correctly displayed
• Resolved an issue in which the maintenance mode timer was not showing in the tray when the computer's system time was adjusted back to a time when the mode is active
• Resolved an issue in which SHA256 values were incorrectly displaying when Elevation was the only Module enabled
• Resolved an issue in which Robocopy writes from one network location to another were not being correctly logged
• Resolved an issue where computer administrator passwords were still being enforced by Configuration Manager through the TLAPS policy, despite the policy being set to "Not Configured"
• Resolved an issue where Configuration Manager policies were being processed out of order
• Resolved an issue with unintended blocks caused by rare cases of time gaps between Maintenance Modes
• Resolved an issue in which the Kill Running Process was not instantly killing the process and causing an 'Unknown' value in the Process Path
• Resolved an issue with PowerShell CMD line argument conditions not creating Detect Alerts as expected
• Resolved an issue with the Effective Action not getting set properly based on the Policy Action when viewed in the Response Center versus the Unified Audit
• Resolved an issue in which elevation logs were being incorrectly displayed as c\:\ instead of c\:

Version 9.5.2

12/26/2024

Improvements

• Added logic to cycle between attempting to reach ThreatLocker's APIs directly and the ThreatLockerRelay if an attempt to reach the ThreatLockerRelay fails

Bug Fixes

• Resolved an issue with baselining and processing key files

Version 9.5.1

12/10/2024

New Features and Improvements

• Improved Tray notifications when the Tray is unable to locate 'Store' items
• Made improvements to the Network Control Challenge performance and Auth Host processing
• Made improvements to ignore letter casing in usernames in the Elevation Control Module
• Made improvements to the way that Detect conditions using Built-In Applications are processed
• Made improvements to the 'Store' Tray popup to be more user-friendly

Bug Fixes

• Resolved an issue in which Built-In Applications were not being prioritized on a newly started Agent until after policies were deployed
• Fixed duplicate checks for global policies for parent

Version 9.5

12/2/2024

New Features

• Added Process Path Condition to Detect
• Added new variables in Detect reporting for Event Log DateTime and ComputerId
• Created a new Configuration Manager policy Configure VBA Macro Execution for Microsoft Office applications that will prevent the running of self-made macros
• Added support to display a clickable hyperlink in the Request window
• Added a new Agent Action to reduce the size of the Apps.db
• Added tray support for the new Store feature
• Added the ability to Scheduling and Expiring policies in Endpoint Detect
• Added the ability to schedule and expire Network Control policies
• Added the ability to schedule and expire Storage Control policies
• Added support to collect the Serial Numbers of computers
• Added support to display Python files executed from PowerShell and CMD
• Added a new Triggered Maintenance mode that can be selected in an Approval Request to hold the start of the Installation mode until the end user attempts to run the file a second time

Improvements

• Improved monitoring in the agent to include UNC paths by default
• Added incremental application downloads to the Heartbeat Check-in, at a 5 minute interval
• Improved the description on the Configuration Manager Configure TLS (transport layer security) protocols policy
• Made improvements to the Realtime Unified Audit for better useability
• Added the ability to Ringfence file access to default locations independent of Storage Control. This is supported for UNC network paths and USB interfaces at this time.
• Added support for more variables in Detect webhook, API, email and ticketing actions
• Added a new endpoint for the service to use when validating network objects
• Added support for Scheduling and Expiring policies in Endpoint Detect
• Renamed the Configuration Manager policy Configure Remote Desktop Services (RDS) (Terminal Services) to Remote Desktop Services (RDS) - Allow users to connect remotely, and improved the clarity of the settings available
• Separated out monitored Storage Control Paths and monitored paths in Detect
• Made improvement to Ringfencing so that now users will not need to first create a policy for Built-In applications before they can be blocked with Ringfencing
• Renamed the Configuration Manager policy Configure Remote Desktop Services (RDS) (Terminal Services) to Remote Desktop Services (RDS) - Allow users to connect remotely, and improved the clarity of the settings available
• Added support to display Python files executed from PowerShell and CMD
• Added a new Triggered Maintenance mode that can be selected in an Approval Request to hold the start of the Installation mode until the end user attempts to run the file a second time
• Separated out monitored Storage Control Paths and monitored paths in Detect
• Made improvement to Ringfencing so that now users will not need to first create a policy for Built-In applications before they can be blocked with Ringfencing

Bug Fixes

• Resolved an issue in which Android Storage Driver files were incorrectly being permitted
• Resolved an issue with Domain Name Parsing causing a conflict with an application
• Resolved an issue in which another security software was asking the ThreatLocker Service to shutdown via Windows Service Manager, resulting in duplicate computers being created in the ThreatLocker Portal
• Resolved an issue in which downgrading the ThreatLocker Service was not also downgrading the ThreatLocker Driver
• Resolved an issue in which the ThreatLocker Driver was incorrectly protecting the registry from itself
• Resolved an issue in which monitored paths were not being logged correctly when they contained wildcards
• Resolved an issue in which Configuration Manager policies were not being correctly set at the Entire Organization level
• Resolved an issue in which %ParentProcessSHA256% and %Parent ProcessTLHash% variables were not correctly populating in Detect alerts, emails, tickets, API or Webhook calls
• Resolved an issue in which inserting variables into the body of a Call Webhook or Call RestAPI were causing the json to be invalid
• Resolved an issue in which paths that were larger than 260 characters were unable to be monitored using Storage Control
• Resolved an issue in which Elevation Control was using the SID instead of a domain admin's username
• Resolved and improved issues with updating tag definitions
• Resolved an issue in which if the Service were restarted early on during the installation process, machines were being registered in the portal twice
• Resolved an issue in which the Detect RDC from Public IP policy was incorrectly being triggered by private IPs
• Resolved an issue in which Detect monitored paths couldn't begin with a wildcard
• Resolved an issue where the tray popup for Elevation maintenance mode was not closing properly when ending from the tray or reaching the end of the schedule
• Resolved an issue in which Event Log clearing could not be alerted on in Detect without Storage Control being enabled
• Resolved an issue in which an email address could not be used as a username in the elevation UAC
• Resolved an issue in which the maintenance mode popup message was incorrectly displaying disabled when it should have said enabled
• Resolved an issue in which the Configuration Manager policy Configure Print Spool Service (Print Nightmare) was not setting the registry key correctly
• Resolved an issue in which the Canary File Path was incorrectly displaying in Detect alerts
• Resolved an issue in which the Configuration Manager policy to Set Password Protected Screen Saver was not being correctly enforced
• Resolved an issue in which the registry values for the Configuration Manager CVE 2023-36563: MS WordPad Vulnerability policy were being incorrectly set
• Resolved an issue in which Android Storage Driver files were incorrectly being permitted
• Resolved an issue in which Self Approved items were not displaying a Run Now popup to the end user
• Resolved an issue in which inserting variables into the body of a Call Webhook or Call RestAIP were causing the json to be invalid
• Resolved an issue in which the Canary File Path was incorrectly displaying in Detect alerts
• Resolved an issue in which the Configuration Manager policy to Set Password Protected Screen Saver was not being correctly enforced
• Resolved an issue in which the registry values for the Configuration Manager CVE 2023-36563: MS WordPad Vulnerability policy were being incorrectly set

Version 8.7.5, 9.0.1, 9.1.4, 9.3.4, 9.4.4

11/15/2024

Improvements

• Resolved a datatype on SQLite-related limitation

Version 9.4.3

11/7/2024

Improvements

• Improved Insights data collection by removing hashes for network and command line parameters on execution

Version 9.4.2

11/5/2024

Improvements

• Improved collected Insight information by clearing out the cache when the API request has failed

Version 9.4.1

10/29/2024

New Features

• Added an Option called 'CoreThrottle1000' that will throttle the downloading of core files to improve performance on machine's affected by excessive download of core files on Patch Tuesday

Version 9.4

10/29/2024

New Features

• Added a new Configuration Manager policy "Reset Print Spooler ImagePath' that will reset the Print Spooler ImagePath
• Major improvements to the baseline process! Baselining will now scan for a list of Key Files to build built-in policies first, then scan a second time to create additional custom applications and policies as needed. This will help prevent duplication of policies and application files that are shared with existing built-ins, making the baseline process more efficient.
• New File History capturing in which the agent builds a Hash History database detailing how files interact with each other for better tracking of process chains and interactions in preparation for additional features
• Improved security on ThreatLocker files while Tamper Protection is enabled
• Add the capability to bypass the set Proxy on client machines so that the agent can go directly to TL APIs
• Improved the logic to get longer file paths for processes
• Added support for two new options, "AllFilesAsExecutableExSys:WScript.exe" and "AllFilesAsExecutable:Wscript.exe"
• Improved the tray used in the VDI testing environment to have a wider box, helping prevent application names from being cut off in the dropdown
• Added the ability for Detect to monitor and alert on ThreatLocker DB file size
• Added further data validation to the Request Window to help ensure a Reason is inserted when it is required
• Updated the ThreatLocker logo on all tray popups
• The option for DriverDomainNameParsing will now support wildcards (*) and/or process names
• Added logic to close the Tray QR code popup once a Maintenance Mode is started
• Resolved an issue with excessive logging from multiple Password Manager Chromium extensions

Bug Fixes

• Resolved an issue in which the service was incorrectly discarding leading wildcards in monitored storage paths
• Resolved an issue where the tray popup for Elevation maintenance mode was not closing properly when ending from the tray or reaching the end of the schedule
• Resolved an issue with Elevation control where administrators were being removed using the 'Remove All Except' that are included in the exception list
• Resolved an issue in which CMD line arguments were not being displayed in the full path in the Unified Audit
• Resolved an issue in which changing a computer's date/time via PowerShell resulted in a temporary pause in the ThreatLocker Service
• Resolved an issue in which Deploying Policies was not clearing the deny cache for Ringfencing
• Resolved an issue in which unknown Chromium extension names were being incorrectly displayed
• Resolved an issue in which unwanted file blocks were occurring due to a recent change in defender atp
• Resolved an issue in which creating or editing a Tag was not forcing a full check-in, resulting in a delay in endpoints receiving the changes
• Resolved an issue where administrators were being removed through Elevation control but not verified to have login privileges, causing the account to not be accessible
• Resolved an issue in which Isolate mode was not disconnecting active network connections
• Resolved an issue in which .py scripts were being logged as executes when being moved using Robocopy
• Resolved an issue in which Network Shares were still accessible when a machine was Isolated
• Resolved an issue in which the Full Path was not showing command line args
• Resolved an issue in which Organization and Group level Exclusions were not working as expected
• Resolved an issue in which the Configuration Manager policy "Delivery Optimization Service" was causing Windows updates to fail
• Resolved an issue where hashes containing only zeros were being reported in installation and elevation logs
• Resolved an issue in which Network Control was interfering with applications being run from a dev drive
• Resolved an issue in which Detect was not alerting when a registry key was changed when a condition to monitor registry keys was set
• Resolved an issue in which Network Control policies set to block access to specified locations were not working as expected until the Browser cache was cleared
• Resolved an issue in which inserting variables into the body of a Call Webhook or Call RestAIP were causing the json to be invalid
• Resolved an issue in which Detect policies would not alert on apps that didn't exist in the apps.db, even when a condition explicitly called out the application
• Resolved an issue in which end users were receiving both the ThreatLocker UAC and the Windows UAC when attempting to run an application as Administrator
• Resolved an issue with removing domain users from the Local Administrators group when using Elevation control. They will be placed in the local users group, if not already, on removal.
• Resolved an issue in which file paths were incorrectly being monitored, causing unexpected Ringfencing denies
• Resolved an issue in which Elevation Control > Remove Selected was unable to removed Domain Users from the local Administrator group if the Domain User was already in the local Users group

Version 9.3.3

9/30/2024

Improvements

• Updated configuration changes when using the DisableLSAProtection option for improved stability across Windows devices running builds 2200 and below
• Built a new MSI installer for 9.3.3

Version 9.3.2

09/19/2024

Bug Fixes

• Implemented security enhancements and fixes

Version 9.3.1

09/10/2024

Improvements

• Improved the tray used in the VDI testing environment to have a wider box, helping prevent application names from being cut off in the dropdown
• Added a new variable to the body section of a Detect Policy to allow the insert of the Detect Policy name
• The option for EnableDriverDomainNameParsing will now support wildcards (*) and/or process names
• Improved the driver to prevent a renamed PowerShell executable from being able to run scripts that should have been blocked
• Resolved an issue from 8.7.2 and 8.8 where a malformed apps.db would not automatically rebuild 
• For ThreatLocker Detect Alerts, the Action Log will show both Policy Action and Effective Action
• The Configuration Manager policy for User Logon Reporting has been depreciated indefinitely. Please speak to a Cyber Hero for an alternative solution using ThreatLocker Detect
• Improved the checkin process, where if the full check-in fails on service start up then it will keep trying every 5 seconds until it is successful prior to sending a heartbeat checkin
• Improved the check for Disable Tamper Protection Mode, where now, if the scheduled time expires or is ended from the portal, the endpoint will be updated within 5 seconds
• When enabling the ThreatLocker Detect module, required settings will now be included for the impacted organizations. We have added 2 new options to disable these default settings: 'DisableArgumentsForElevation' and 'DisableArgumentsForExecution'
• Added the Schedule Free Space Delete policy into new Configuration Manager
• Made minor UI improvements to the QR code popup in the tray
• Added the ability to intercept network traffic from virtual adapters

Bug Fixes

• Resolved an issue in which Detect Conditions were not working as expected when using the Contains and Does Not Contain operators
• Resolved an issue in which having an OS in a language other than English was preventing Local Admins from being removed via the Elevation Control page
• Resolved an issue in which Configuration Manager policies set at the Global level were not being assigned as expected
• Resolved an issue in which Lockdown and Isolate modes were not being displayed in the Notes section of the Unified Audit
• Resolved an issue in which multiple Trays were being opened per user on a terminal server
• Resolved an issue in which Detect conditions that used a full path with starts with or ends with were not operating as expected
• Resolved an issue in which the 'Configure downloaded Office macros" Configuration Manager policy was not setting the registry setting correctly
• Resolved an issue in which Tamper Protection was disabled while an apps.db was being rebuilt
• Resolved an issue in which disabling the Config Manager 'Allow local system to use computer identity for NTLM (NetBios)' policy was not disabling the registry key
• Resolved an issue in which users were unable to re-add admins to the local admin group when using the Removing Selected Local Admins and removing them from the list until the machine was rebooted
• Resolved an issue in which inserting variables into the body of a Call Webhook or Call RestAIP were causing the JSON to be invalid
• Resolved an issue in which Detect policies would not alert on apps that didn't exist in the apps.db, even when a condition explicitly called out the application
• Resolved an issue in which the ThreatLocker Elevation Request Popup was not launching, preventing the user from requesting Elevation
• Resolved an issue in which Domain Name Parsing settings were not taking effect when set at the Global level
• Resolved an issue in which other services that start before ThreatLocker could potentially lock the ThreatLocker files, preventing it from running
• Resolved ain issue with wording on a button on the tray
• Resolved an issue where the Threatlocker Tray was causing a timeout for machines in Kiosk Mode
• Resolved an issue where Control Panel would launch via a shortcut once the user had done a full restart on the endpoint
• Resolved an issue with ThreatLocker Detect Exclusions where Exclusions would fail unless they has an expiration date set
• Resolved an issue from the Windows Agent version 9.1.2 where baselining would loop and cause high ram usage
• Resolved an issue with IPv4 Ringfencing exclusions where exclusions were not allowed as expected
• Resolved an issue with Self-Approvals where using this option would cause unintended blocks in Monitor Only mode
• Resolved an issue the Monitor File Paths issue where including Detect policy monitored paths would cause issues when processing Storage Control policies
• Resolved an issue with the Detect Exclusions when moving a computer to a new group or organization. Detect exlusions will now be removed when computers are moved
• Resolved an issue where using a custom MSI would redownload the core
• Resolved an issue where Approval Request\Requestor Reason with Spaces or Digits would cause a 500 error
• Resolved an issue with ThreatLocker Detect, where the policy to monitor Registry Key Changes was not alerting when changed
• Resolved an issue with the ThreatLocker Relay Service on Service build 9.1 with downloading built-in applications. For clients utilizing the ThreatLocker Relay Service, please upgrade to agent version 9.1.1
• Resolved an issue in which the HealthService wasn't being started after the Windows Service was installed using an MSI
• Resolved an issue where hashes that contain only zeros are being seen on Baseline, Install, and Elevation Logs
• Resolved an issue in which IPv4 Conditions in Detect policies were not being honored
• Resolved an issue in which .exe was being added to the end of CMD line parameters and causing Detect policies using CMD line parameter conditions to not be honored
• Resolved an issue in which Master Detect policies weren't being added to the database for new installs and DB rebuilds on version 9.1
• Resolved an issue in Configuration Manager where the Configure TLS (transport layer security) Protocols policy was setting the TLS setting incorrectly
• Resolved an issue wherethe policy in Configuration Manager for PowerShell Constrained Language was not on when PowerShell was started
• Resolved an issue in which Network Control Objects used in Inbound policies were working intermittently
• Resolved an issue in which the Log in as Admin button in the tray was not directing to the specified Storage Control Policy
• Resolved an issue with the Configuration Manager policy for Configure Defender Virus & Protection Settings not updating configurations properly on endpoints
• Resolved an issue in which CMD line Arguments were being logged inconsistently on Windows 10
• Resolved an issue in which NVME drives were incorrectly displaying as SCSI drives in ThreatLocker
• Resolved an issue in which .msix files were not being flagged as executables
• Resolved an issue in which Network Control Objects were not being applied correctly for devices on the same subnet
• Resolved an issue in which users logging in with valid admin credentials using the TL UAC were incorrectly receiving an invalid credentials error
• Resolved an issue in which disabling Network Control from the portal was not disabling on the endpoint without restarting the ThreatLocker Service
• Resolved an issue in which the ThreatLocker Service processes Right-to-Left Unicode incorrectly in the Request pop-up
• Resolved an issue in which port 8811 was incorrectly being used by ThreatLocker when Network Control was disabled
• Fixed incorrect detection of parent process. Implemented additional mechanisms to pass through file operations from svchost and for tracking actual process start with correct parent process set
• Resolved an issue in which Ringfence exclusions for files were not correctly being observed
• Resolved an issue in which users were not receiving a blocked item prompt from ThreatLocker when the iPhone Storage Driver (Built-In) policy was being matched, even though they were being blocked
• Resolved an issue in which users in the Network Configuration Operators group were unable to use their credentials with the ThreatLocker UAC

Version 9.1.3

08/16/2024

• Resolved an issue where the Challenge Listener was receiving a (400) Bad Request from client services

Version 9.1.2

08/01/2024 - updated

• Resolved an issue with the Source and Destination IPs not working as expected as conditions on Endpoint Detect
• Resolved an issue that did not properly update the endpoint's public IP address in the portal when it changed

Version 9.1.1

7/16/2024

Improvements

• Added Service support for module-specific maintenance modes
• Added a forced full Service check-in once the ThreatLocker Driver is bound and once an Override Code is used
• Added Service support for the ability to Deploy Policies to a single endpoint
• Added the Schedule Free Space Delete policy into the new Configuration Manager
• Added CVE-2023-36563 MS WordPad Vulnerability, CVE-2013-3900 WinVerifyTrust Signature Validation, and Disable Local LM Hash Storage policies to the new Configuration Manager
• Changed the Unified Audit to only log denied Registry actions to improve performance
• Added a new option, DebugNetworkChallenge to be used when troubleshooting Network Challenges
• Made improvements to Detect alert cache logic so that only one alert per check-in period will be sent if all conditions are met.
• Made changes to the ThreatLocker Tray to accommodate more characters in branding
• Added checkboxes in the Tray Options to force end-users to include an email and/or message with an approval request
• Added support for two new options, "AllFilesAsExecutableExSys:WScript.exe" and "AllFilesAsExecutable:Wscript.exe"
• Improved the HealthService update to happen when the update file downloads and not on ThreatLockerService restarts

Bug Fixes

• Resolved an issue with the ThreatLocker Relay Service on agent build 9.1 by downloading built-in applications. For clients utilizing the ThreatLocker Relay Service, please upgrade to agent version 9.1.1
• Resolved an issue with the Rebuild Core process. Moving forward, the Rebuild Core action will only function on Windows version 9.1 or newer versions
• Resolved an issue in which the registry values for the Configuration Manager CVE 2023-36563: MS WordPad Vulnerability policy were being incorrectly set
• Resolved an issue with the Configuration Manager policy for 'Configure Defender Virus & Protection Settings' not updating configurations properly on endpoints
• Resolved an issue in which Detect policies monitoring Event Log ID 4732 were not alerting as expected
• Resolved an issue in which the Configuration Manager policy 'Password Must Meet Complexity Requirements' was not correctly enforcing password complexity
• Resolved an issue in which UNC paths were being incorrectly displayed as \device\lanmanredirector
•  Resolved an issue in which .msix files were not being flagged as executables
• Resolved an issue in which the Health Service was hanging due to a failed API call
• Resolved an issue in which Detect policy exclusions were not being downloaded consistently
• Resolved an issue in which Network Control Objects were not being applied correctly for devices on the same subnet
• Resolved an issue in which closing an approval request popup without sending a request was causing the popup to not be showed again
• Resolved an issue where some software would require users to be located in an administrator group and would not allow installation with Elevation Mode
• Resolved an issue in which other services that start before ThreatLocker could potentially lock the ThreatLocker files, preventing it from running
• Resolved an issue in which a Storage Control policy was remaining enforced once disabled
• Resolved an issue in which Detect exclusions were not being honored as intended
• Resolved an issue in which accessing/transferring shared files was slowed down while ThreatLocker was running
• Resolved an issue in which the UAC was showing an invalid credentials message instead of informing the user that the requested operation requires Elevation
• Resolved an issue in which UDP traffic was not being logged correctly
• Resolved an issue in which Override Codes were not overriding Network Ringfencing
• Resolved an issue with Leap Software where installing with Elevation Mode would cause excessive CMD popups
• Resolved an issue from 8.2 where the Configuration Manager policy Monitor PowerShell would cause a PowerShell crash
• Resolved an issue where Control Panel would launch via a shortcut once the user had done a full restart on the endpoint if using the 'EnforceCPL' option
• Resolved an issue with the service getting a null exception when processing keywords in Network Control configurations that was preventing a task from starting

Version 9.0

05/29/2024

Improvements

• Improvements to the Network Challenge to always challenge if the IP address is private, regardless of subnet
• Added a new feature to Enable Domain Name Parsing per Process for Outbound Network Control and Ringfencing entries in the Unified Audit
• Added new Configuration Manager options for Windows Defender to control Cloud-delivered protection, Automatic Sample Submission, and Tamper Protection
• Reduced the memory footprint of the Tray by 25-50%
• Text for Outbound Network Contol, when using a VM, will need the EnableDriverDomainNameParsing option enabled

Bug Fixes

• Resolved an issue in which an empty FTP folder was unable to be read due to domain name parsing
• Resolved an issue where the Unified Audit would show logs for Outbound Network control without a policy
• Resolved an issue in which choosing to 'Log in as Admin' from a storage block was redirecting to a legacy page
• Resolved an issue in which the 32-bit Windows agent was incorrectly learning hashes
• Resolved an issue in which utilizing FTP over TLS resulted in file access being denied
• Resolved an issue in which the UAC was showing an invalid credentials message instead of informing the user that the requested operation requires Elevation
• Resolved an alignment issue for text on the ThreatLocker Tray
• Resolved an issue in which the option EnableDriverDomainNameParsing was causing certain applications to experience slowness
• Resolved an issue where certain Chromium Extensions were causing excessive logging
• Resolved an incorrect detection of parent processes
• Resolved an issue in which the service would not restart after Windows 2012R2 / 2008R2 was rebooted
• Resolved an issue where returning the Print Nightmare Configuration Manager policy to "not configured" was not returning the Registry value to the Windows default setting
• Resolved an issue in which disabling Network Control was causing Ringfencing Internet to sometimes fail
• Resolved an issue in which the Configuration Manager policy CVE-2013-3900 WinVerifyTrust Signature Validation was incorrectly setting a DWORD instead of a REG-SZ String
• Resolved an issue in which AzureAD user accounts were not being removed from the local Administrator group
• Resolved an issue with Tags not working as expected on Network Control policies
• Resolved an issue where some locked-down endpoints were not able to reboot while locked down
• Resolved an issue with file deletion related to terminating a running process, which caused a false positive
• Resolved an issue with ThreatLocker Ops where Occurrences were not being incremented if the TL Ops/Detect policy condition contains an Occurrences condition
• Resolved an issue with DomainNameParsing, where the option was causing slowness on the driver
• Resolved an issue where email formatting was not enforced on elevation policies
• Resolved an issue with Ringfencing when utilizing a Bitglass Proxy
• Resolved an issue with excessive logging from multiple Password Manager Chromium extensions
• Resolved an issue with the processing of .exe exclusions
• Resolved an issue with the redirect to the Chrome or Edge store from an approval request for an extension
• Resolved an issue from 8.2 where the Configuration Manager policy Monitor PowerShell would cause a PowerShell crash
• Resolved an issue with conflicting serial number lengths based on differences in Windows 7 and Windows 10

Version 8.7.4

05/13/2024

Bug Fixes

• Resolved an issue that caused a repeated error multiple times an hour on some machines, starting with threatlockerservice.CleanPath... 
• Resolved an issue with ThreatLocker Detect that caused the Detect database to grow larger than intended
• Resolved an issue with ThreatLocker Detect related to the logic around handling errors
• Resolved an issue with Network Control, which prevented Objects from working as intended on startup with local IP addresses in the same subnet

Version 8.7.3

04/23/2024

Improvements

• Added a new Option that disables network traffic monitoring for Network Control called 'DisableInterceptNetworkAccessForAll'

To view older release notes for 8.x, click here