Windows Agent Version 9.x Release Notes

7 min. readlast update: 07.12.2024

Version 9.1.1.2188 - Beta

7/12/2024

Bugs and Fixes

  • Resolved an issue with the ThreatLocker Relay Service on agent build 9.1 with downloading built-in applications. For clients utilizing the ThreatLocker Relay Service, please upgrade to agent version 9.1.1

 

Version 9.1 - Live

7/10/2024

Improvements

  • Added Service support for module-specific maintenance modes
  • Added a forced full service check in once the ThreatLocker Driver is bound and once an Override Code is used
  • Added Service support for the ability to Deploy Policies to a single endpoint
  • Added the Schedule Free Space Delete policy into new Configuration Manager
  • Added CVE-2023-36563 MS WordPad Vulnerability, CVE-2013-3900 WinVerifyTrust Signature Validation, and Disable Local LM Hash Storage policies to the new Configuration Manager
  • Changed the Unified Audit to only log denied Registry actions to improve performance
  • Added a new option, DebugNetworkChallenge to be used when troubleshooting Network Challenges
  • Made improvements to Detect alert cache logic so that only one alert per check-in period will be sent if all conditions are met.
  • Made changes to the ThreatLocker Tray to accommodate more characters in branding
  • Added checkboxes in the Tray Options to force end-users to include an email and/or message with an approval request
  • Added support for two new options, "AllFilesAsExecutableExSys:WScript.exe" and "AllFilesAsExecutable:Wscript.exe"
  • Improved the HealthService update to happen during when the update file downloads and not on ThreatLockerService restarts

Bugs and Fixes

  • Resolved an issue with the Rebuild Core process. Moving forward, the Rebuild Core action will only function on Windows version 9.1 or newer versions
  • Resolved an issue in which the registry values for the Configuration Manager CVE 2023-36563: MS WordPad Vulnerability policy were being incorrectly set
  • Resolved an issue with the Configuration Manager policy for 'Configure Defender Virus & Protection Settings' not updating configurations properly on endpoints
  • Resolved an issue in which Detect policies monitoring Event Log ID 4732 were not alerting as expected
  • Resolved an issue in which the Configuration Manager policy 'Password Must Meet Complexity Requirements' was not correctly enforcing password complexity
  • Resolved an issue in which UNC paths were being incorrectly displayed as \device\lanmanredirector
  •  Resolved an issue in which .msix files were not being flagged as executables
  • Resolved an issue in which the Health Service was hanging due to a failed API call
  • Resolved an issue in which Detect policy exclusions were not being downloaded consistently
  • Resolved an issue in which Network Control Objects were not being applied correctly for devices on the same subnet
  • Resolved an issue in which closing an approval request popup without sending a request was causing the popup to not be showed again
  • Resolved an issue where some software would require users to be located in an administrator group and would not allow installation with Elevation Mode
  • Resolved an issue in which other services that start before ThreatLocker could potentially lock the ThreatLocker files, preventing it from running
  • Resolved an issue in which a Storage Control policy was remaining enforced once disabled
  • Resolved an issue in which Detect exclusions were not being honored as intended
  • Resolved an issue in which accessing/transferring shared files was slowed down while ThreatLocker was running
  • Resolved an issue in which the UAC was showing an invalid credentials message instead of informing the user that the requested operation requires Elevation
  • Resolved an issue in which UDP traffic was not being logged correctly
  • Resolved an issue in which Override Codes were not overriding Network Ringfencing
  • Resolved an issue with Leap Software where installing with Elevation Mode would cause excessive CMD popups
  • Resolved an issue from 8.2 where the Configuration Manager policy Monitor PowerShell would cause a PowerShell crash
  • Resolved an issue where Control Panel would launch via a shortcut once the user had done a full restart on the endpoint if using the 'EnforceCPL' option
  • Resolved an issue with the service getting a null exception when processing keywords in Network Control configurations that was preventing a task from starting

 

Version 9.0 - Live

05/29/2024

Improvements

  • Improvements to the Network Challenge to always challenge if the IP address is private, regardless of subnet
  • Added a new feature to Enable Domain Name Parsing per Process for Outbound Network Control and Ringfencing entries in the Unified Audit
  • Added new Configuration Manager options for Windows Defender to control Cloud-delivered protection, Automatic Sample Submission, and Tamper Protection
  • Reduced the memory footprint of the Tray by 25-50%
  • Text for Outbound Network Contol, when using a VM, will need the EnableDriverDomainNameParsing option enabled

Bugs and Fixes

  • Resolved an issue in which an empty FTP folder was unable to be read due to domain name parsing
  • Resolved an issue where the Unified Audit would show logs for Outbound Network control without a policy
  • Resolved an issue in which choosing to 'Log in as Admin' from a storage block was redirecting to a legacy page
  • Resolved an issue in which the 32-bit Windows agent was incorrectly learning hashes
  • Resolved an issue in which utilizing FTP over TLS resulted in file access being denied
  • Resolved an issue in which the UAC was showing an invalid credentials message instead of informing the user that the requested operation requires Elevation
  • Resolved an alignment issue for text on the ThreatLocker Tray
  • Resolved an issue in which the option EnableDriverDomainNameParsing was causing certain applications to experience slowness
  • Resolved an issue where certain Chromium Extensions were causing excessive logging
  • Resolved an incorrect detection of parent processes
  • Resolved an issue in which the service would not restart after Windows 2012R2 / 2008R2 was rebooted
  • Resolved an issue where returning the Print Nightmare Configuration Manager policy to "not configured" was not returning the Registry value to the Windows default setting
  • Resolved an issue in which disabling Network Control was causing Ringfencing Internet to sometimes fail
  • Resolved an issue in which the Configuration Manager policy CVE-2013-3900 WinVerifyTrust Signature Validation was incorrectly setting a DWORD instead of a REG-SZ String
  • Resolved an issue in which AzureAD user accounts were not being removed from the local Administrator group
  • Resolved an issue with Tags not working as expected on Network Control policies
  • Resolved an issue where some locked-down endpoints were not able to reboot while locked down
  • Resolved an issue with file deletion related to terminating a running process, which caused a false positive
  • Resolved an issue with ThreatLocker Ops where Occurrences were not being incremented if the TL Ops/Detect policy condition contains an Occurrences condition
  • Resolved an issue with DomainNameParsing, where the option was causing slowness on the driver
  • Resolved an issue where email formatting was not enforced on elevation policies
  • Resolved an issue with Ringfencing when utilizing a Bitglass Proxy
  • Resolved an issue with excessive logging from multiple Password Manager Chromium extensions
  • Resolved an issue with the processing of .exe exclusions
  • Resolved an issue with the redirect to the Chrome or Edge store from an approval request for an extension
  • Resolved an issue from 8.2 where the Configuration Manager policy Monitor PowerShell would cause a PowerShell crash
  • Resolved an issue with conflicting serial number lengths based on differences in Windows 7 and Windows 10

 

Version 8.7.4 - Live

05/13/2024

Bugs and Fixes

  • Resolved an issue that caused a repeated error multiple times an hour on some machines, starting with threatlockerservice.CleanPath... 
  • Resolved an issue with ThreatLocker Detect that caused the Detect database to grow larger than intended
  • Resolved an issue with ThreatLocker Detect related to the logic around handling errors
  • Resolved an issue with Network Control, which prevented Objects from working as intended on startup with local IP addresses in the same subnet

 

Version 8.7.3 - Beta

04/23/2024

Improvements

  • Added a new Option that disables network traffic monitoring for Network Control called 'DisableInterceptNetworkAccessForAll'

 

To view older release notes for 8.x, click here

Was this article helpful?