4.1. Cloud console

MetaAccess 3.1.1 - October 13, 2020

1. Bugs fixed:

  • Admins could not log into MetaAccess console through Okta

  • The system stopped Webhook setting even the callback API has not responded any error

  • A user couldn't add a protected app with the application type as Other

  • The system did not update MAC address of network adapters when local IP address is enabled on Privacy Settings

MetaAccess 3.1.0 - September 29, 2020

1. The MetaAccess console will be hosted in different domains. The system will auto-redirect you to the new domain when you access the old domain.


Old Domain

New Domain





US Tenant A





US Tenant B







EU Tenant





2. The console is refreshed with a new look and and user experience.

  • The system will walk you through steps to protect your applications

  • Policy management is re-organized to improve navigation and usability

  • The left navigation is re-organized

    • "Device Groups" is moved into "Inventory"

    • "Access Control" is renamed to "Secure Access" and offers more access control options to protect your applications and networks.

    • "Single sign-on" settings for admin log into the console is moved into "User Management"

    • "Event Log" is broken down to "Admin Events", "Device Events", and "Webhook Events"


3. Software Defined Perimeter (SDP) is now offered on MetaAccess platform to protect your applications and networks. The SDP approach to zero trust networking flips the traditional approach of securing access to network resources on its head. Instead of connecting then authorizing, the client is required to first authenticate, authorize, be checked for compliance, and only then is it allowed access. Check out our document for more details. SDP requires and additional license.

  • Administrators can now protect applications and networks in their critical infrastructure via SDP no matter where a user connects from. The users' devices will be checked to make sure they are complied with your organization's security policies.


  • Administrators can configure access rules to grant/deny access to applications


  • Administrators can grant users/groups access to applications.


  • Administrators can control device groups that users can use to access to protected applications and networks


  • Administrators can integrate with 3rd party single sign-on service for end-users authentication and import groups from IdP to MetaAccess.


  • Administrators can audit user sessions.


  • Administrators can also select either Private Gateway or OPSWAT Hosted Gateway to be their applications' gateway

    • Private Gateway: admins need to install SDP gateways in their datacenter or their own cloud infrastructure

    • OPSWAT Hosted Gateway: no need to install any thing, but it requires an additional license.


4. User experience enhancements

  • Users can filter vulnerabilities based on a whitelist status

  • Users can search packages on a Linux device

  • Users can select how many items shown in one page

5. Bug fixes:

  • Read-only users couldn't export device inventory

  • The system couldn't load devices when a user navigated to the last pages in some cases.

  • The Get Devices API returned error when the page parameter is set to last pages in some cases.

MetaAccess 2.8.2 - August 18, 2020

1. Administrators can now indicate what privilege OPSWAT Client should run a custom script with. By default, OPSWAT Client runs custom script as system on Windows or user on macOS.


2. Allow admins to export selected devices only instead of all devices which match to search/filter criteria.

3. Bug fixes:

  • Device export file for macOS devices didn't have correct data for some fields

  • The system false alerted to users who log into MetaAccess through 3rd-party single sign-on service that their account runs out of license.

  • The remediation page showed all vulnerable applications instead of only vulnerable applications which violates a policy's criteria.

MetaAccess 2.8.1 - July 07, 2020

1. Administrators now can audit files a user copied from local drives to a removable media by enabling the Report a copy result when a user copies files from local drives to a removable media setting under Removable Media Protection.


2. MetaAccess customers can now leverage more commercial engines for Advanced Threat Detection with MetaDefender Cloud. New engines are available for both existing and new policies. They are un-selected by default for existing policies, administrators have to update policies manually.

3. Enhanced the access control workflow to support device compliance check when a user logs into G-suite via Azure single-sign on.

4. Bug fixes:

  • Missing authentication header in the callback.

MetaAccess 2.8.0 - June 02, 2020

1. Updated Threat Detection with MetaDefender Cloud based-on MetaAccess Tiers. If an account is a Free account, MetaDefender Cloud is not available for multi-scanning feature, and a policy, that configured a scan source for Threat Detection as MetaDefender Cloud, will be considered as an invalid policy. However, you can use your own MetaDefender Core servers for this feature.

  • You need to fix invalid policies before making any changes to the policies. Otherwise, you couldn't save your changes. Check out our KB to know how to to fix invalid policies.

  • OPSWAT Client will NOT scan a device as its policy and the system will not process any threat reports from the device if the policy is invalid.

  • You will get an error when you send an on-demand threat scan from the console to devices which assigned to an invalid policy


  • Administrators will see an error banner notification that indicates what policies are invalid.


  • The Policies page also marks invalid policies with a red dot


2. Added more options to a rebranding package to allow administrators to customize the below information on remediation pages. Detailed guidelines can be found here

  • customcheck_output_message: when this element is set, an output message from a custom script will be exposed to end-users on the remediation page when a device failed the script. Otherwise ("customcheck_output_message":""), the output message will not be shown to the end-users.

  • device_info: administrators can show any device information by setting a value for an element in the device_info object or leaving it blank to hide it.

  • font_name: customize a font for text on the remediation page.

3. Minor enhancements

  • added "Device Group" into email notifications for device events

4. Bug fixes:

  • A device didn't fetch a new custom script if it is assigned to a new device group

  • Device Inventory report format was broken if a device's system information has special characters

  • Vulnerabilities assessment was wrong for Cisco Jabber product on macOS.

MetaAccess 2.7.1 - April 28, 2020

1. Administrators can now export a policy to a json file.


2. Administrators can enable/disable showing a notification when a user installs a new applications on Android phone at Settings > Global Settings > Device Agents > Notifications to users. By default, this setting is enabled. This is only applicable for Android agent version 2.55.33 or newer.


3. Minor changes

  • Add one more event to trigger a webhook call: Device changes status to Exempted. This event trigger is disabled by default.

  • Support administrators perform an on-demand compliance check for Linux devices. This action is only applicable for Linux agent version or newer.

4. Bug fixes:

  • Device name was not updated accordingly when a device reports a new hostname even no admins manually update the device name.

  • A free account couldn't enable cross-domain API setting.

MetaAccess 2.7.0 - March 25, 2020 - Hotfix

Changes in this hotfix:

MetaAccess 2.7.0 - March 24, 2020

1. Administrators can enable webhook on MetaAccess to report device status when an event is triggered to a defined callback URL. MetaAccess supports the events below:

  • Device added

  • Device deleted

  • Device changed status to compliant

  • Device changed status to non-compliant

  • Device changed status to out of license usage


This feature is disabled by default for all accounts (existing and new accounts).


  • This webhook will be disabled if MetaAccess fails to send reports to the defined callback URL in 100 times. Administrators need to log into MetaAccess console to re-enable it

  • This feature is only available for enterprise customers

2. Device reports now includes CVE-IDs associated with each device.

3. Minor changes

  • Showing the last report time as a datetime instead of a duration on the remediation page

4. Bug fixes:

  • If a user's email has an uppercase character, the user was unable to log into MetaAccess through their own IdP and received an invalid email address error

MetaAccess 2.6.0: February 11, 2020

1. Enhanced User Profile page to show usage of accounts (s)he is managing.

2. Added a new setting to notify end-users who is running outdated on-demand agent. This setting is disabled by default.

3. Administrators can now set a trigger to send an email notification to configured emails when an account runs out of license. This trigger is disabled by default.

4. Minor enhancements:

  • Added a column, Group, into a Device Event Logs report to indicate what group a device was associated to at that timestamp

  • Added more missing patch categories: definition_update, feature_pack

5. Bugs fixed:

  • Device ID is now fully shown on the remediation page instead of being shortened if its length is long

  • Device Details v3.1, v3.2, v3.3 now returns timestamp for the parameter infection.metascan .last_scan in GMT format as the API documents instead of UNIX format

  • Applications inventory couldn't be loaded sometimes

MetaAccess 2.5.0: January 07, 2020

1. MetaAccess enhanced policy configuration to allow administrators to configure more granular policies for each operating system and focus on security requirements at an organization. With this enhancement, admin can hide categories that they don't want to monitor.

2. Minor changes:

  • added "Enrolled At" information into a device report when an administrator exports devices from the MetaAccess console

MetaAccess 2.4.2: November 26, 2019

1. Administrators can monitor only OS updates in specific categories. All policies will be set with "any missing patches" as a default option when this release is rolled out.

2. Administrators can configure OPSWAT Client to delay the collection of compliance data after it starts. This way, it gives other applications time to start before the OPSWAT Client reports compliance data to reduce false-positive detection.

3. Enhancement:

  • Device reports will be put in a queue to be processed against a policy. The OPSWAT Client will receive a compliance result in the next check-in, up to a minute.

4. Bugs fixed:

  • MetaAccess will not send an unknown devices report if there is no unknown device found

  • A device was able to enroll in an account even the account limit is reached. The system will change status of a device to Out-of-license-usage if a device was enrolled after the limit reach.

MetaAccess 2.4.2: October 22, 2019

1. Administrators can now perform an on-demand compliance check on devices from the management console

2. Added new APIs:

3. Administrators can now monitor the progress of an on-demand threat scan from the management console

4. Bugs fixed

  • Device Details API didn't return data for some categories such as Unclassified applications, detected patches, mobile apps

  • The last reboot time of a mobile device was not shown correctly

  • Installed applications on Linux devices were not listed on the Applications inventor

5. Minor enhancement

  • Remove OPSWAT Client SDK on "Add Devices" popup

MetaAccess 2.4.1: September 17, 2019

1. Administrators can now configure different encryption state requirements for additional local volumes and additional removable volumes. These settings will be set based on the "Additional volumes are not encrypted by an approved application" setting in a policy before the release

Before Release

After Release

Additional volumes are not encrypted by an approved application

Additional local volumes are not encrypted by an approved application

Additional removable volumes are not encrypted by an approved application







2. The date time on the console UI now reflects the local timezone

3. Bugs fixed

  • Device Policy Check API returned a device was not found if the MAC Address is in uppercase. The API now accepts MAC address in either lowercase or uppercase.

MetaAccess 2.4.0: August 06, 2019

1. Whitelist Vulnerabilities: Administrators can now whitelist vulnerabilities for policies or entire accounts after reviewing risks and assess impact of vulnerabilities. By whitelisting vulnerabilities, vulnerabilities associates to a device will not be counted for issues if they are whitelisted on a policy the device is assigned to.

2. Enhanced vulnerabilities view: provides administrators a better view on what applications,OS patches and CVEs are associated, and what policies it is whitelisted on

3. The system will not send a threat summary report if the system doesn't detect any threat in the last report duration.

4. Added new OAuth APIs:

  • Device Action API v3.2 supports a new action , scan_threats, to allow administrators to send an on-demand threat scan to devices

  • Get Reports API v3.1 supports administrators to retrieve a result for on-demand threat scan action.

5. Bug fixed: the system didn't send a request to the agent to open a remediation page if the device reports issues in N consecutive reports and N is greater than the non-compliant threshold.

6. Minor enhancement:

  • Added an agent type information under System Information on Device Details view

  • The system will keep MAC address information of devices which registered or reported duplicated MAC address. By this way, administrators can search for devices which reports the same MAC address

  • Added a new default rebranding package with Japanese language

MetaAccess 2.3.1: June 25, 2019

1. "Managed By" information on remediation pages will be shown with Account Name instead of an email address of the account.

2. Enhanced performance to process requests.

MetaAccess 2.3.0: June 04, 2019

1. Enhanced threat detection to allow administrators to configure how a file is considered a threat. Criteria can be based on the number of engines and trusted engines when a device scans threats against MetaDefender Cloud. Admins can configure a policy to leverage MetaDefender Core for Threat Detection, when used this way, MetaAccess respects scan results from MetaDefender Core: only files with a BLOCKED status will be considered as threat.

Scan Source

Before The Release

After The Release

MetaDefender Cloud

Threat Scan

  • Filter threats based on trusted engines. A file is detected as threat if at least one trusted engine detects it as a threat

Device Issue

  • Considered an issue if a file is detected as threat by N engines if enabled

  • Considered a critical issue if a file is detected as threat by M engines if enabled

Threat Scan

  • Filter threats based on number of trust engines. A file is detected as threat if at least N trust engines detect it as threat

Device Issue

  • Considered an issue if a device reports any threats if enabled

  • Considered a critical issue if a threat detected by M engines if enabled

MetaDefender API (Core)

Threat Scan

  • Filter threats based on trusted engines. A file is detected as threat if at least one trust engine detects it as threat

Device Issue

  • Considered an issue if a file is detected as threat by N engines if enabled

  • Considered a critical issue if a file is detected as threat by M engines if enabled

Threat Scan

  • A file is detected as threat if MetaDefender API (Core) scan result is BLOCKED

Device Issue

  • Considered an issue if a device reports any threats if enabled

  • Considered an issue if a device reports any threats if enabled

2. Administrators can now enable OPSWAT Client to auto-block mobile PTP/MTP devices when a user inserts a mobile PTP/MTP devices to an endpoint. This option is disabled by default. If you wish to enable it, please log into MetaAccess console and update policies.

3. If OPSWAT Client reports free hard disk space as not supported, MetaAccess does not consider this as an issue. This affects macOS 10.13+ devices

MetaAccess 2.2.1: May 24, 2019

  • Fixed issues

    • couldn't download agents from the download pages

    • couldn't fetch agent log

MetaAccess 2.2.0: May 14, 2019

1. Administrators can now configure agents to upload allowed/blocked files to a MetaDefender Vault when a user unblocks or copies files from portable media drives. This setting is disabled by default.

2. Administrators now have an option to exclude CD/DVD from auto-blocking portable media drives. This setting is disabled by default.

3. Administrators can see a timestamp when a device is enrolled to an account

4. MetaAccess adds a Live Chat snippet on the console to help users reach out to our support for help in less time

5. Add new APIs, Get Devices v3.3 and Device Details v3.3, to return a timestamp, enrolled_at, when a device is enrolled to an account,

6. Minor changes:

  • Increased Nickname length limit to 100 characters

  • Re-organized the left navigation menu: moved the "Group" menu out of the "Inventory" menu

MetaAccess 2.1.1: April 17, 2019

1. Fixed: when a user downloads an installer from a download link that contains a tag name/group id, the Cloud does not generate the installer with the tag name/group id

2. Fixed: the link to go to the OPSWAT support portal on Help Center

MetaAccess 2.1.0: April 02, 2019

1. MetaAccess now enables administrators to detect advanced threats within file systems in addition to active running processes powered by MetaDefender technologies. Administrators can schedule scans with multiple options such as a Full System Scan or a Custom Scan (memory, system volume, additional volumes, a specific path).

2. Administrators can also perform an on-demand scan on selected devices and obtain a threat report remotely.

3. Added oAuth API Device Information v3.0 to return pre-processing data for a device

MetaAccess February 26, 2019

1. Enhanced dashboard to provide a consolidated view of your security and device landscape across your organization . Beside an overview dashboard, administrators now can access detailed security view for Secure Access, Vulnerabilities, Compliance, and Threat Detection.

2. Administrators can do localization and globalization for each device group by customizing the remediation page for groups. Administrators can add a customized package for remediation pages at Settings > Rebranding and assign it in Group details

MetaAccess January 22, 2019

1. MetaAccess now returns parameters in the response header to indicate API rate limits (X-RateLimit-Limit), how many calls left (X-RateLimit-Remaining), when the rate limit is reset (X-RateLimit-Reset-Time)

2. Added new OAuth APIs:

  • Account Details v3.1: return details about device status, device with vulnerabilities by severity, devices with issues by severity

  • Device Action v3.1: support more actions to allow administrators retrieve OPSWAT Client log on devices

  • Get Reports v3.0: support download OPSWAT Client log if available

3. Bugs fixed

  • A co-administrator could not invite another user to manage the co-admin account

MetaAccess December 26, 2018

1. Administrators can configure policies to grant users following actions for portable media devices:

  • Block all access

  • Allow one-way access

  • Allow bi-directional access

2. Administrators can enable Media Manifest validation to expedite portable media file processing

3. Administrators can monitor portable media activities on devices from the MetaAccess console management

4. Administrators can configure policies to scan files on Windows and macOS agent against their own MetaDefender API servers

MetaAccess November 27, 2018

1. Added support to integrate with 3rd party SSO service: an account can provision users through their own SSO service

2. Enhanced user management with search/filter and update abilities

3. Enhanced the remediation page to show end-users an overview about the device’s issues.

4. Added number of vulnerabilities of a device into an Inventory report

5. Added a new OAuth API Account Details v3.0: added the license key to the API response

MetaAccess October 23, 2018

1. Added the number of vulnerabilities of each device into an export result when a user exports device inventory

2. Removed options to download Infected Devices, Exempted Devices, Unknown Devices on Download Reports section on Reports and Notifications page. Now administrators can download these reports on the Devices page

3. Enhanced remediation guidelines to resolve vulnerability issues which were associated with missing patches

4. Added a new OAuth API Get Threats v3.0 to return detected threats on a device

5. Bug Fixed:
- On Android devices: The cloud showed the last time IP connections had scanned as the last report even when the agent had not scanned IP connections

MetaAccess September 25, 2018

1. Enhance Linux policies

2. Vulnerabilities: add a policy to consider a device issue based on vulnerability severity

3. Enhanced operating system policy: allow administrators define approved OS versions

MetaAccess August 28, 2018

1. Vulnerabilities enhancement

  • Detect vulnerabilities at operating system level

  • A central view for all vulnerabilities on an account

2. Added an option to automatically delete and uninstall the OPSWAT Client on devices which have not accessed to cloud applications in a certain amount of time.

Known issues

  • if an application is deleted, and a device only accessed to that application in last X days, the device will be automatically deleted and the agent will be uninstalled.

3. Added OAuth APIs:

  • Get Applications v3.0 API: support filter application installed on endpoints on an account

MetaAccess July 31, 2018

1. Added support to enforce access rule for mobile devices to cloud applications

2. Introduced OPSWAT Client SDK for OEM customers

3. Vulnerabilities: enhanced dashboard to show vulnerable devices by severity level

4. Enhanced Privacy Settings to enforce agent not transfer configured privacy information to MetaAccess servers

5. Added OAuth APIs:

  • Get CVEs 3.0 API: support filter CVEs on an account

  • Get Devices 3.2 API: added filters to filter devices which install specific apps or have specific CVEs

  • Get Device Details v3.2 API: added last time a device scaned running processes against with MetaDefender Cloud and a field to indicate if a file still exists on the system for repeated threats

6. Enhanced Upgrade Account process on console to make it more convenience for customers

7. Lockscreen timeout is shown as "not supported" instead of "not set" on OS platforms OPSWAT Client doesn't have ability to check lock screen timeout

MetaAccess June 26, 2018

1. Application Inventory: provide visibility on applications installed on endpoints.

2. Vulnerability: scan for vulnerabilities on the endpoint system and installed applications to detect vulnerable applications installed organization-wide as well as per device

3. Compliance Assessment: use a scoring system based on OPSWAT and CVSS scores to consider an issue if a device has CVEs

4. Added OAuth APIs:

    • Device Details v3.2: support query device details with a custom ID

    • Get Applications v3.0: get applications install on endpoints

    • Application Details v3.0: get application details along with CVEs

    MetaAccess May 22, 2018

    1. Updated Terms and Conditions, Privacy Policy, and Cookie Policy

    2. Cloud Access Control: record a user who is using a device to access a SaaS application if requested

    MetaAccess May 08, 2018

    1. Added a new OAuth API, "Get Groups" v3.0, to return managed groups in an account

    2. Enhanced to show encryption state as “not supported” instead of “unencrypted” if a product is not supported to detect encryption state.

    3. Changed the text "antivirus" to "anti-malware" on console, not on API parameters/keywords

    4. Bugs fixed

    • Get Devices API v3.1, v3.0: Returns all devices in an account instead of devices assigned to a filtered group

    MetaAccess April 10, 2018

    1.Added an action to fetch agagent's logs

    2. Added a setting to skip threats in local malware log if the file no longer exists
    on the system

    3. Added a OAuth APIs, Get Devices v3.1 and Device Details v3.1, to return the last timestamp a device is rebooted

    4. Enforced rate limit for OAuth APIs

    5. Changed the text "antivirus" to "anti-malware" on console, not on API parameters/keywords

    6. Bugs fixed

    • Get Devices API v3: Got HTTP 200 in response instead of 413 when the page parameter exceeds a page limit

    • Device Action API v3: Got HTTP 400 when group id doesn't exist on an account with assign to group action

    • Device Status Change API v3: Got HTTP 400 instead of 406 if the limit parameter is greater than 50