ThreatLocker Update January 15th 2019

ThreatLocker is pleased to announce the following updates. Updates will be automatically downloaded and will apply next time you restart your computer.

New Features

DUO Dual Factor Authentication Added to the ThreatLocker Portal

You can now configure your organization so that logins require DUO dual factor authentication. To configure dual factor authentication with DUO:-

  1. Select Organizations from the navigation menu;

  2. Select the Organization you wish to enable dual factor authentication on;

  3. Select Edit;

  4. Enter the DUO Details.

For more information on how to configure DUO. https://www.threatlocker.com/organizations-dual-factor-authentication-with-duo/

Added the ability to prevent the ThreatLocker service from being stopped.

You can configure a registry key to prevent an administrator from stopping the ThreatLocker service. When adding the PreventStop DWORD into the HKLM\Software\ThreatLocker with a value of 1. An administrator will not be able to stop the ThreatLocker service. If you rename the MSI from to nostoptl_xxxxxx.msi, the registry will automatically be added on deployment.

Added the Ability to Configure Excluded Processes for a Computer Group.

You may want to exclude certain applications from ThreatLocker Storage Control. For example, if you have an antivirus program that is scanning multiple files, you can exclude it from being blocked or processed by ThreatLocker. To add an exclusion to ThreatLocker:-

  1. Select Computer Groups from the navigation menu;

  2. Select the edit icon next to a group.

  3. Scroll down to the excluded processes section. You can add process names, such as c:\program files\myavprogram\app.exe

Added the ability to configure a Splunk instance in the policy page.

Previously Splunk integration must be configured by ThreatLocker Service team. We have now added the ability to configure Splunk right from the edit Policy page.

Improvements

  • Changed default configuration of ThreatLocker Service to restart on termination.

  • Changed the Application Policies page to display a loading indicator when refreshing policies.

The following fixes have been applied.

  • Fixed issue where the service would terminate if a write of the baseline is denied to the disk by an antivirus product.

  • Fixed issue where some updates on Windows Server 2008 (Release 1 only), causes a BSOD.

  • Fixed issue where a folder with no name could cause the ThreatLockerService to crash when scanning the baseline.

  • Fixed issue where some files are missed when scanning the baseline.

How to get the latest update

Updates will automatically be deployed when a computer is restarted. If you do not wish to restart your computer you can run the follow script to download the update immediately.

Note: Make sure your download the latest MSI for future deployments.

net stop threatlockerdriver

net start threatlockerdriver

net stop threatlockerservice

net start threatlockerservice