How to complete an Update of Third Wall: 

To initiate an update of Third Wall, download this file ( and ensure it is UNBLOCKED in properties before you launch it, then follow the instructions onscreen.  Since this will begin a deployment of our updated agent to all of your computers, we recommend that you perform this update in non-peak hours.

V2.2.2.2 Release Notes

  • Security Patch - important update to close a potential vulnerability.

  • We reduced the size of our remote agent by 70%, so it will have a much smaller footprint and will have much lower impact on your Automate server during update deployment.

  • In anticipation of our next release, which will include Redirected Folders as part of our Monitor for Ransomware Attacks policy, we have made a change in architecture to allow the smooth introduction of this critical upcoming feature.

  • Improved the efficiency of our capture of User Logon data.

  • Installed a version monitor to prevent mismatches between your Automate Control center(s) and your Automate Server.

  • In the “Shutdown” option for our Monitor for Ransomware Attacks and our Alert on Excessive Logon Failures policies, we added Isolate to the actions taken.

  • Added “Computer Name” to tickets generated by the self-exception rule and the Monitor for Ransomware Attacks policy.

  • For the Alert on Unencrypted Disk policy, added a condition that will trigger a ticket:  if "Protection Off" is seen in the Bitlocker discovery, you will get a ticket.

V2.2.2.0 Release Notes

  • Updated the User Logon Report in the Report Center to correct an error.  If you use this report, please update to v2.2.2.0 now.

  • Improved the "Alert on Excessive Logon Failures" policy to even better capture and stop brute force logon attempts.

  • Improved the utiliity of tickets generated by the "Monitor for Ransomware Attacks" policy.

  • Added an important contingency on the Isolate reversal function. to better handle certain environments.

  • Improved performance of logon data capture on the Automate server.

  • Several important internal improvements for the plugin itself, to enhance performance and utility.


V2.2.1.9 Release Notes

  • We’ve added both of our Reports (the User Logon Report and the Client Audit Report) to the new Automate Report Center.  You no longer need to go to the Legacy section to run Third Wall reports; you can just right-click the target client and run your report from there..  We will still maintain them in Legacy for a while longer, to ensure everyone has time to migrate.  To get the new reports, you must be on v2.0.1200 or better of the Reports.

  • Changed ticketing for both Alert on Excessive Logon Failures policy and the Alert on Event Log Clearing policy.  They will no longer “auto-close” after 5 minutes; they will remain open until you address them and close them manually.  These both need your attention, and thus we do not wish to auto-close them any longer.  Additionally, if subsequent tickets for a particular situation continue to come in before the original ticket is closed, they are added into the original ticket.

  • Updated our logic behind the Emergency Action buttons to avoid duplicate situations.

  • Added checkbox to allow Type 3 (network) Logon failures in our Logon Monitoring function.

  • Removed Logon failures from the User Logon Report; you can still see those in the Dataview.  We also added the specific decription of the Logon failure.event.

  • The Monitor for Event Log Clearing policy will now ignore certain Dell events that were causing false positives.

  • Removed WMI from being used for the Alert on Excessive Logon Failures policy, substituting a more reliable method.

V2.2.1.8 Release Notes

Here are the key improvements and fixes you’ll benefit from: 

  • Added an Assigned Alert Category selector to help ConnectWise Manage users better manage alerts / tickets.

  • Added an Assigned Alert Template selector to the Monitor for Ransomware Attacks policy, to allow you to improve notification of a ransomware attack.

  • Added a capability for you to change Third Wall permissions to “read only,” allowing you to restrict access to most Third Wall command functions for individual technicians on your staff.

  • Fixed a condition that could product excessive tickets for ransomware alerts.

  • Added a horizontal scroll bar to the AppData whitelist screen.

  • Improvements and fixes to social media policies, USB policies, Screensaver policy, Windows Store policy and Unencrypted Disk monitoring, plus improvements to the UNDO function.