4. Release Notes

Security Enhancement Notification

MetaAccess is scheduling a security enhancement on December 16th, 2020. Within this change, MetaAccess is changing the algorithm used to store/exchange sensitive data that secures your account. While this improves the security for all customers, those with the “Require PIN when a user uninstalls agents on a device" setting enabled will be impacted. We encourage you to take the suggested actions.

What is changing?

In adherence with best practices, MetaAccess is shifting to use SHA-2 rather than MD5 for storing/exchanging sensitive data.

What is the impact?

For most customers there is no impact, including no downtime. However, for those with “Require PIN when a user uninstalls agents on a device” (Settings > Global Settings > Device Agent) enabled, users couldn’t uninstall the client manually if the device is running an out-of-date agent, other client functions are not be impacted. To migrate this impact, we encourage you enable “Allow agents to automatically update to the latest version” setting (Settings > Global Settings > Device Agent) on your account to allow the OPSWAT Client to auto-upgrade to the latest version before December 22nd, 2020 (original date was December 16th, 2020.)

Domain Update Notification

On September 29 at 7PM PDT, The MetaAccess console will be hosted in different domains. The system will auto-redirect you to the new domain when you access the old domain.

Tenant

Old Domain

New Domain

Console

API

Console

API

US Tenant A

metaaccess-a.opswat.com

metaaccess-a.opswat.com

console.metaaccess-a.opswat.com

metaaccess-a.opswat.com

US Tenant B

gears.opswat.com

gears.opswat.com

dapi.opswat.com

console.metaaccess-b.opswat.com

gears.opswat.com

dapi.opswat.com

EU Tenant

gears-eu.opswat.com

gears-eu.opswat.com

console.metaaccess-eu.opswat.com

gears-eu.opswat.com

Release Date: December 09, 2020

Persistent OPSWAT Client for Windows: 7.6.376.0

  • Enhanced the OPSWAT Client installer for Windows to able upgrade the client itself if a device is running an out-of-date version and connecting to the same account

Release Date: November 13, 2020

Windows On-demand agent: 7.3.528.0

  • Updated built-in SDK: 4.3.1579.0 to fix an issue where OPSWAT Client couldn't detect last full scan of Windows Defender

Release Date: October 29, 2020

Console Version: 3.2.0

Agent Release Version:

  • Windows persistent agent: 7.6.350.0

  • Windows On-demand agent: 7.3.525.0

  • macOS persistent agent: 10.4.294.0

  • macOS on-demand agent: 10.5.222.0

  • Debian-based Linux persistent agent: 15.4.20.0

  • Readhat-based Linux persistent agent: 15.6.17.0

Release Updates

MetaAccess Cloud

1. User authentication for MetaAccess management console is switched to a new OPSWAT Single Sign-on (SSO) system (https://id.opswat.com) . A user has to reset his/her password on the new OPSWAT SSO system. This only impacts users who log into MetaAccess console through OPSWAT SSO, if you are logging into MetaAccess console through your own SSO, it will not be impacted.

2. Enhanced account summary report which is sent daily/weekly/monthly based on email report settings (Settings > Reports > Email Reports).

3. An admin can view access status of a device for all protected applications

4. Bugs fixed:

  • In some cases, a csv file didn't have devices' information when a user export devices

  • A user couldn't view threats detected by a local anti-malware product

  • The remediation page is slow in some regions

  • A user was switched back to his/her own account when his/her session reached timeout

  • A user couldn't download the OPSWAT On-demand Client for macOS devices sometimes

OPSWAT Client

Windows Persistent Client (7.6.350.0)

  1. Enhanced communication to MetaAccess/OPSWAT Central Management servers.

  2. Skip scanning a file based on file exception setting configured on a policy. This setting is only available on OPSWAT Central Management 7.10+.

  3. Security enhancement.

  4. Built-in SDP version: 1.1.6.3218

  5. Built-in SDK signature version: 4.3.1513.0

Known issues:

- Windows 7 and Windows Server 2008 devices must install KB2533623 and KB3033929 in order to upgrade to the latest version

- If a user exits the agent tray icon, the agent can’t popup approved actions when a user inserts a portable media

- A user needs to enable Show Notifications on the agent tray icon to see notifications about portable media

- The agent has not supported portable media feature if user 2 logs into a device while user 1 is still logged in

- OPSWAT Client does not support iTunes drive. If a user inserts an iOS device on an endpoint which has iTunes installed, the user will still have access to the phone via iTunes

- OPSWAT Client can't detect mobile devices, the user needs to unplug and plug in the mobile device again

Windows On-demand Agent (7.3.525.0)

  1. Enhanced communication to MetaAccess/OPSWAT Central Management servers.

  2. Skip scanning a file based on file exception setting configured on a policy. This setting is only available on OPSWAT Central Management 7.10+.

  3. Security enhancement.

  4. Built-in SDK signature version: 4.3.1513.0

macOS Persistent Agent (10.4.294.0)

  1. Skip scanning a file based on file exception setting configured on a policy. This setting is only available on OPSWAT Central Management 7.10+.

  2. Built-in SDK signature version: 4.3.1415.0

macOS on-demand Agent (10.5.222.0)

  1. Skip scanning a file based on file exception setting configured on a policy. This setting is only available on OPSWAT Central Management 7.10+.

  2. Built-in SDK signature version: 4.3.1415.0

Redhat-based Linux persistent Agent (15.6.17.0)

  1. Fixed: the client consumed high CPU sometimes.

  2. Built-in SDK signature version: 4.3.1210.0

Known issues:

  • To upgrade to this version from version 15.x.y.1/14.x.y.0, a user needs to uninstall old Linux agent version and reinstall this version

  • The agent doesn't have UI/tray icon, the agent only supports command line

Debian-based Linux persistent Agent (15.4.20.0)

  1. Fixed: the client consumed high CPU sometimes.

  2. Built-in SDK signature version: 4.3.1210.0

Known issues:

  • To upgrade to this version from version 15.x.y.1/14.x.y.0, a user needs to uninstall old Linux agent version and reinstall this version

  • The agent doesn't have UI/tray icon, the agent only supports command line