5.1. Cloud console

MetaAccess 3.9.0 - July 27, 2021

1. Secure Access

  • Admins can enable SDP for all devices using an account's default gateway pool. However, an admin can still overwride this setting for specific groups, if needed, in a group's settings.

images/download/attachments/5706605/global_SDP_settings.png

  • Admins can now also audit access activities to protected apps when the apps are protected via SDP Gateways.

images/download/attachments/5706605/SDP_access_log.png

  • Admins can disconnect a session/all sessions of a user from Secure Access > Activities > Gateway Sessions Logs. The user can re-connect to SDP Gateway by re-authenticating with SDP Client again. We recommend the admins disable the user on your IdP (or IAM system) if you would like to prevent the user from reconnecting to the SDP gateways.

images/download/attachments/5706605/Terminate_SDP_sessions.png

  • Admins can turn on a daily/weekly/monthly SDP sessions report to be sent to specific emails (Settings > Reports > Email Reports). A report in CSV format is in CSV format.

images/download/attachments/5706605/SDP_report.png

  • Admins can view events related to gateways on an account at Logs > Gateway Events. The admins are also able to configure email notifications for these events.

images/download/attachments/5706605/gateway_event_logs.PNG

2. Email Notifications

  • Admins can create multiple notification groups with different recipients and event triggers

images/download/attachments/5706605/Notification_Groups.PNG

  • Admins can assign notification groups to an account notification level or a group level

images/download/attachments/5706605/Group_settings_-_Notifications.PNG

3. Policy

  • Removable Media Protection: Admins can enable an option to allow users to copy only allowed files from a local drive to a removable media in a policy (Policy > Settings > Removable Media Protection). When this setting is enabled, the OPSWAT Client will perform a scan while copying files and only files that are marked as allowed are copied.

images/download/attachments/5706605/Policy_-_copy_allow_files.png

4. OAuth API

  • A new version of Device Details API v3.4 that includes Policy Name of a policy that assigned to a device

  • A new version of Get Logs API v3.2 that supports Device Report event log type

5. Remediation page

  • Auto-convert a customized remediation package from Legacy to Modern View to help customers migrate to Modern View easier. When a user switches to Modern View from a Legacy View with a customized rebranding package, the user can download the current rebranding package in the Modern View template. The system will try to keep messages/settings that can exist on both Legacy View and Modern View; other messages/settings that are only available on the Modern View will be set with the default messages/settings. The legacy view will be deprecated in September 15, 2021.

6. Bugs Fixed

  • A device changed status to non-compliant each day if policy rule considers a device as non-compliant based on the agent version condition

  • A device was marked as a virtual machine when a device enrolled to the account and has not reported compliance data to the system

MetaAccess 3.8.1 - June 27, 2021

1. Fixed an issue where users couldn't log into protected apps via IdP workflow on mobile devices.

MetaAccess 3.8.0 - June 15, 2021

  • Introduced a new view of the remediation page.

    • Issues are now classified into 2 sections:

      1. Required - issues that users need to address to be compliant

      2. Recommended - issues that users should address to make their device fully comply with a policy

This helps users focus on required issues to get their device back to compliant state.

    • Simplify messages to help users focus on the actions they should take on each issue

images/download/attachments/5706605/image2021-6-11_16-27-2.png

  • Admins can switch to the new remediation page at a time they wish. However, the legacy view of the remediation page will be deprecated in September 15, 2021. By that time, rebranding packages that are still in Legacy mode will be switched to the modern mode automatically.

  • Enhanced the rebranding package with the modern view: messages for each category are now in an individual JSON file.

images/download/attachments/5706605/rebranding_package.png

2. Policy

  • Enhanced the Operating System policy to allow admins configure approved OSes based on versions and editions for Windows devices

images/download/attachments/5706605/OS_version.PNG

3. Other enhancements

  • The device details view shows details on why a device is compliant/non-compliant and what policy rule the device met.

images/download/attachments/5706605/Device_Details.png

4. Bugs Fixed

  • The system did not send an email notification for the event Admin Logged On if an admin logged on MetaAccess console with a customer's own IdP.

MetaAccess 3.7.1 - June 01, 2021

1. Secure Access

  • Enhanced IdP-based secure access flow related to checking the device compliance status before granting a device access to an application.

  • Private Gateways are now available for Microsoft Azure deployment

2. SDP Private Gateways

  • Private Gateway is now available on Microsoft Azure

  • Built-in troubleshooting tools to help administrator troubleshoot gateway issues such as the SDP Client could not connect to a private gateway

3. Bugs Fixed

  • A user couldn't upload the metadata file to configure Single Sign On for admins and SDP users.

  • The system did not request the OPSWAT Client to not report patch management and other applications when the application privacy setting is turned on and those are not enabled on a policy.

MetaAccess 3.7.0 - April 21, 2021

1. Security Enhancement

2. Privacy Data

  • Added a new setting to Settings > Global > Account > Privacy Settings, Applications that are not in categories enabled in a policy, to restrict OPSWAT Client from collecting applications disabled in a policy

images/download/attachments/5706605/image2021-4-16_15-40-26.png

3.Policy

Admins can configure a device status based on

  • a device type such as virtual machine

  • a client version of each agent type

  • a device severity with a time period

images/download/attachments/5706605/policy.png

4. OAuth API

  • Add a new API, Get Logs v3.1, to allow users fetch event logs from an account.

5. Secure Access

  • With IdP Method, MetaAccess re-signs a SAML request before sending it to IdP if a Service Provider signed the SAML request for SP-Initiated SSO workflow.

6. Other enhancements

  • Show the last user who logged into a device when there is no active user on the device.

  • Record an event log when an admin makes any changes on OAuth applications on OAuth portal.

7. Bugs Fixed

  • The console showed an session extension popup even when a user was inactive on a page for a long time sometimes

  • An access token for an OAuth app was not reset even when a user reset a client key and client secret for that app.

MetaAccess 3.6.1 - April 8, 2021

Bugs fixed:

  • Fixed an issue that multiple devices may share the same device ID in some cases

MetaAccess 3.6.0 - March 16, 2021

1. Policies:

  • Added a new scan option, Boot Sectors, to Device Scan in a policy.

images/download/attachments/5706605/Boot_sectors.png

2. Secure Access:

  • Added a new setting, Visible to Users, for a SDP protected app to make the app visible or invisible to end-users

  • Allow admins to assign users/group when the admin edits an app

  • Enhance user experience when a user adds/edits a protected app

images/download/attachments/5706605/Protected_app.PNG

3. Endpoint Vulnerability

  • Admins can whitelist CVEs for specific devices

images/download/attachments/5706605/whitelist_CVE_per_devices.PNG

  • Admins can view CVEs associated to a Linux device

images/download/attachments/5706605/Linux.png

4. Settings:

  • Add a new setting " Allow agents to automatically update the agent SDK to the latest version" at an Account level (Settings > Global >Device Agents > Agent) and a Group level (a group > Settings > Agent) to allow admins to control SDK upgrade on devices

images/download/attachments/5706605/SDK_upgrade_setting.png

5. OAuth API

  • Enhance user experience for OAuth Portal

6. Other enhancements:

  • Added details on what missing patches a user should patch on their device to be complied with a policy

images/download/attachments/5706605/image2021-3-11_10-22-21.png

  • Policy Check API will return a device status as Non-compliant if it finds at least one Non-compliant device that associates with a queried MAC address

  • The system will record a log event when an admin fails to log in through OPSWAT SSO based on customers' request.

  • Allow admins to perform an on-demand compliance check on devices that run the OPSWAT On-demand Client.

  • Datetime on event logs is shown up to seconds

7. Bugs fixed:

  • The email notification when a device report malwares was not in a correct format

  • The system didn't update last login time for an admin user correctly when the admin switches to a managed account

  • The system didn't send out an email notification when an admin updates a group's settings.

MetaAccess 3.5.0 - February 02, 2021

1. Group Settings:

  • Lost Devices and Compliance Report:

    • Now admins can override these Global Device Agent settings in specific groups. When enabled and overridden by a Group, only the devices in the Group will use the overrides.

    • Disabled by default in the Groups

2. Policies:

  • Now admins can configure in a Policy which approved Patch management products are required.

3. Custom check enhancements:

  • Allow admins to configure the custom check as Failed/Passed if the OPSWAT Client failed to run a script or the script returns timout/errors/invalid format

  • Enhanced an event log message to include the filename of the custom script when an admin updates the filename in the Policy

4. OAuth APIs

  • Added a new API, Get CVEs, to allow users to retrieve CVEs that are associated to a device

5. Minor enhancements:

  • Trend of Risky Devices under the Compliance dashboard now shows history of devices that have issues by categories

images/download/attachments/5706605/compliance_chart.PNG

  • Enhanced user experience on the Account Summary report

  • Admins can now configure how long they want to exempt devices

  • The Devices Export file now contains separate columns for the CVE categorizes that are associated to a devices

  • The MetaAccess Entity ID is now exposed for SDP SSO configuration (navigate to: User Management > SSO > SDP)

  • Allow admins to configure IdP Start URL to protected app settings via IdP SAML method (a new setting for an IdP protected application)

6. Bugs fixed:

  • The email notification when a device report malwares was not in a correct format

  • An admin could not update/add a protected app if (s)he configures iOS and Android package schema.

  • No email was sent to a user who submitted a support ticket from MetaAccess console

MetaAccess 3.3.0 - December 22, 2020

1. Support Anti-keylogger in policies: MetaAccess prevents keyloggers and advanced malware from  accessing  sensitive data by intercepting and encrypting keystrokes. This module requires an additional license.

images/download/attachments/5706605/image2020-12-18_8-40-21.png

2. Support Screen capture protection in policies: MetaAccess prevents malicious and accidental screenshots. It prevents unauthorized or accidental screenshots and recording by users, VDI, web collaboration tools, and malicious applications. It protects against data loss issues from web collaboration tools such as Zoom, Microsoft Teams, Cisco WebEx, and others. This module requires an additional license.

images/download/attachments/5706605/image2020-12-18_8-42-5.png

3. Gateway Pools:

  • Allow admins group gateways into a pool to support a global deployment. Each gateway pool can be assigned to one or multiple groups.

  • Allow admins can leverage both OPSWAT Hosted Gateway, if licensed, and private gateway.

images/download/attachments/5706605/gateway_pool_page.png

4. Introduce Group Settings:

  • SDP settings

    • allow admins enable SDP features on devices belong to a group

    • allow admins to assign a gateway pool to a group. Devices in the group will be routed to gateways of the gateway pool assigned to the group.

  • Agent settings:

    • allow admins overwrite agent settings in Global settings in specific groups. If a group doesn't enable this section, devices belong to the group will receive agent settings from Global Settings.

    • Disable by default.

images/download/attachments/5706605/Group_settings.PNG

5. Security enhancement: change the algorithm used to store/exchange sensitive data that secures your account. This can cause devices that running an old version of OPSWAT Client couldn't uninstall the client by end-users. Admins need to delete devices from the management console in that case.

6. Custom check enhancements:

  • Support custom check for Linux devices.

  • support multiple scripts for Windows and macOS devices. Administrators can implement multiple scripts and combine them in a main script, then upload the script package to a policy.

7. Support retain the last group a device was assigned to when a device re-enrolls to an account.

images/download/attachments/5706605/retain_group.png

8. Secure Access enhancement:

  • Secure Access via SDP: Support users log into SDP via SSO from the SDP UI (SP Initiate)

  • Secure Access via IdP: support SHA-2 Signing

9. Client User Interface: Administrator can now enable client UI on the persistent OPSWAT Client for Windows. This setting is available at Global Settings and Group Settings. It's disable by default.

  • the new OPSWAT Client UI and SDP UI run parallel

  • SDP UI is always enabled when SDP feature is enabled on a device even the Client UI setting is disable.

images/download/attachments/5706605/UI_setting.png

10. Minor enhancements:

  • Add a new field, show_issues_with_severity, to the content.json file in a rebranding package to indicate what issues should be shown on the remediation page.

  • Add NPS survey

11. Bugs fixed:

  • The system was not applied specific apps conditions in access rules for SDP apps.

  • The system didn't allow users to select approved anti-malware products for macOS devices by a major version.

  • The system didn't assess device compliance status if a device reports no network adapters.

  • A user couldn't add a protected app if an URL contains two hyphen characters (--)

  • Admin event logs didn't show admin's email sometimes.

MetaAccess 3.2.0 - October 29, 2020

1. User authentication for MetaAccess management console is switched to a new OPSWAT Single Sign-on (SSO) system (https://id.opswat.com) . A user has to reset his/her password on the new OPSWAT SSO system. This only impacts users who log into MetaAccess console through OPSWAT SSO, if you are logging into MetaAccess console through your own SSO, it will not be impacted.

2. Enhanced account summary report which is sent daily/weekly/monthly based on email report settings (Settings > Reports > Email Reports).

3. An admin can view access status of a device for all protected applications

4. Bugs fixed:

  • In some cases, a csv file didn't have devices' information when a user export devices

  • A user couldn't view threats detected by a local anti-malware product

  • The remediation page is slow in some regions

  • A user was switched back to his/her own account when his/her session reached timeout

  • A user couldn't download the OPSWAT On-demand Client for macOS devices sometimes

MetaAccess 3.1.1 - October 13, 2020

1. Bugs fixed:

  • Admins could not log into MetaAccess console through Okta

  • The system stopped Webhook setting even the callback API has not responded any error

  • A user couldn't add a protected app with the application type as Other

  • The system did not update MAC address of network adapters when local IP address is enabled on Privacy Settings

MetaAccess 3.1.0 - September 29, 2020

1. The MetaAccess console will be hosted in different domains. The system will auto-redirect you to the new domain when you access the old domain.

Tenant

Old Domain

New Domain

Console

API

Console

API

US Tenant A

metaaccess-a.opswat.com

metaaccess-a.opswat.com

console.metaaccess-a.opswat.com

metaaccess-a.opswat.com

US Tenant B

gears.opswat.com

gears.opswat.com

dapi.opswat.com

console.metaaccess-b.opswat.com

gears.opswat.com

dapi.opswat.com

EU Tenant

gears-eu.opswat.com

gears-eu.opswat.com

console.metaaccess-eu.opswat.com

gears-eu.opswat.com

2. The console is refreshed with a new look and and user experience.

  • The system will walk you through steps to protect your applications

  • Policy management is re-organized to improve navigation and usability

  • The left navigation is re-organized

    • "Device Groups" is moved into "Inventory"

    • "Access Control" is renamed to "Secure Access" and offers more access control options to protect your applications and networks.

    • "Single sign-on" settings for admin log into the console is moved into "User Management"

    • "Event Log" is broken down to "Admin Events", "Device Events", and "Webhook Events"

images/plugins/servlet/confluence/placeholder/unknown-attachment

3. Software Defined Perimeter (SDP) is now offered on MetaAccess platform to protect your applications and networks. The SDP approach to zero trust networking flips the traditional approach of securing access to network resources on its head. Instead of connecting then authorizing, the client is required to first authenticate, authorize, be checked for compliance, and only then is it allowed access. Check out our document for more details. SDP requires and additional license.

  • Administrators can now protect applications and networks in their critical infrastructure via SDP no matter where a user connects from. The users' devices will be checked to make sure they are complied with your organization's security policies.

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
SDP.PNG

  • Administrators can configure access rules to grant/deny access to applications

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
access rules.png

  • Administrators can grant users/groups access to applications.

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
assign users.png

  • Administrators can control device groups that users can use to access to protected applications and networks

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
enable SDP.png

  • Administrators can integrate with 3rd party single sign-on service for end-users authentication and import groups from IdP to MetaAccess.

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
SSO SDP.png

  • Administrators can audit user sessions.

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
Session.PNG

  • Administrators can also select either Private Gateway or OPSWAT Hosted Gateway to be their applications' gateway

    • Private Gateway: admins need to install SDP gateways in their datacenter or their own cloud infrastructure

    • OPSWAT Hosted Gateway: no need to install any thing, but it requires an additional license.

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
gateways.png

4. User experience enhancements

  • Users can filter vulnerabilities based on a whitelist status

  • Users can search packages on a Linux device

  • Users can select how many items shown in one page

5. Bug fixes:

  • Read-only users couldn't export device inventory

  • The system couldn't load devices when a user navigated to the last pages in some cases.

  • The Get Devices API returned error when the page parameter is set to last pages in some cases.

MetaAccess 2.8.2 - August 18, 2020

1. Administrators can now indicate what privilege OPSWAT Client should run a custom script with. By default, OPSWAT Client runs custom script as system on Windows or user on macOS.

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
custom check.png

2. Allow admins to export selected devices only instead of all devices which match to search/filter criteria.

3. Bug fixes:

  • Device export file for macOS devices didn't have correct data for some fields

  • The system false alerted to users who log into MetaAccess through 3rd-party single sign-on service that their account runs out of license.

  • The remediation page showed all vulnerable applications instead of only vulnerable applications which violates a policy's criteria.

MetaAccess 2.8.1 - July 07, 2020

1. Administrators now can audit files a user copied from local drives to a removable media by enabling the Report a copy result when a user copies files from local drives to a removable media setting under Removable Media Protection.

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
copy result.PNG

2. MetaAccess customers can now leverage more commercial engines for Advanced Threat Detection with MetaDefender Cloud. New engines are available for both existing and new policies. They are un-selected by default for existing policies, administrators have to update policies manually.

3. Enhanced the access control workflow to support device compliance check when a user logs into G-suite via Azure single-sign on.

4. Bug fixes:

  • Missing authentication header in the callback.

MetaAccess 2.8.0 - June 02, 2020

1. Updated Threat Detection with MetaDefender Cloud based-on MetaAccess Tiers. If an account is a Free account, MetaDefender Cloud is not available for multi-scanning feature, and a policy, that configured a scan source for Threat Detection as MetaDefender Cloud, will be considered as an invalid policy. However, you can use your own MetaDefender Core servers for this feature.

  • You need to fix invalid policies before making any changes to the policies. Otherwise, you couldn't save your changes. Check out our KB to know how to to fix invalid policies.

  • OPSWAT Client will NOT scan a device as its policy and the system will not process any threat reports from the device if the policy is invalid.

  • You will get an error when you send an on-demand threat scan from the console to devices which assigned to an invalid policy

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
device action.PNG

  • Administrators will see an error banner notification that indicates what policies are invalid.

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
banner notifications.png

  • The Policies page also marks invalid policies with a red dot

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
Policies.PNG

2. Added more options to a rebranding package to allow administrators to customize the below information on remediation pages. Detailed guidelines can be found here

  • customcheck_output_message: when this element is set, an output message from a custom script will be exposed to end-users on the remediation page when a device failed the script. Otherwise ("customcheck_output_message":""), the output message will not be shown to the end-users.

  • device_info: administrators can show any device information by setting a value for an element in the device_info object or leaving it blank to hide it.

  • font_name: customize a font for text on the remediation page.

3. Minor enhancements

  • added "Device Group" into email notifications for device events

4. Bug fixes:

  • A device didn't fetch a new custom script if it is assigned to a new device group

  • Device Inventory report format was broken if a device's system information has special characters

  • Vulnerabilities assessment was wrong for Cisco Jabber product on macOS.

MetaAccess 2.7.1 - April 28, 2020

1. Administrators can now export a policy to a json file.

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
export policy.png

2. Administrators can enable/disable showing a notification when a user installs a new applications on Android phone at Settings > Global Settings > Device Agents > Notifications to users. By default, this setting is enabled. This is only applicable for Android agent version 2.55.33 or newer.

images/plugins/servlet/confluence/placeholder/unknown-attachment0.
android notification.png

3. Minor changes

  • Add one more event to trigger a webhook call: Device changes status to Exempted. This event trigger is disabled by default.

  • Support administrators perform an on-demand compliance check for Linux devices. This action is only applicable for Linux agent version 15.4.11.0/15.6.9.0 or newer.

4. Bug fixes:

  • Device name was not updated accordingly when a device reports a new hostname even no admins manually update the device name.

  • A free account couldn't enable cross-domain API setting.

MetaAccess 2.7.0 - March 25, 2020 - Hotfix

Changes in this hotfix:

MetaAccess 2.7.0 - March 24, 2020

1. Administrators can enable webhook on MetaAccess to report device status when an event is triggered to a defined callback URL. MetaAccess supports the events below:

  • Device added

  • Device deleted

  • Device changed status to compliant

  • Device changed status to non-compliant

  • Device changed status to out of license usage

This feature is disabled by default for all accounts (existing and new accounts).

Notes:

  • This webhook will be disabled if MetaAccess fails to send reports to the defined callback URL in 100 times. Administrators need to log into MetaAccess console to re-enable it

  • This feature is only available for enterprise customers

2. Device reports now includes CVE-IDs associated with each device.

3. Minor changes

  • Showing the last report time as a datetime instead of a duration on the remediation page

4. Bug fixes:

  • If a user's email has an uppercase character, the user was unable to log into MetaAccess through their own IdP and received an invalid email address error

MetaAccess 2.6.0: February 11, 2020

1. Enhanced User Profile page to show usage of accounts (s)he is managing.

2. Added a new setting to notify end-users who is running outdated on-demand agent. This setting is disabled by default.

3. Administrators can now set a trigger to send an email notification to configured emails when an account runs out of license. This trigger is disabled by default.

4. Minor enhancements:

  • Added a column, Group, into a Device Event Logs report to indicate what group a device was associated to at that timestamp

  • Added more missing patch categories: definition_update, feature_pack

5. Bugs fixed:

  • Device ID is now fully shown on the remediation page instead of being shortened if its length is long

  • Device Details v3.1, v3.2, v3.3 now returns timestamp for the parameter infection.metascan .last_scan in GMT format as the API documents instead of UNIX format

  • Applications inventory couldn't be loaded sometimes

MetaAccess 2.5.0: January 07, 2020

1. MetaAccess enhanced policy configuration to allow administrators to configure more granular policies for each operating system and focus on security requirements at an organization. With this enhancement, admin can hide categories that they don't want to monitor.

2. Minor changes:

  • added "Enrolled At" information into a device report when an administrator exports devices from the MetaAccess console

MetaAccess 2.4.2: November 26, 2019

1. Administrators can monitor only OS updates in specific categories. All policies will be set with "any missing patches" as a default option when this release is rolled out.

2. Administrators can configure OPSWAT Client to delay the collection of compliance data after it starts. This way, it gives other applications time to start before the OPSWAT Client reports compliance data to reduce false-positive detection.

3. Enhancement:

  • Device reports will be put in a queue to be processed against a policy. The OPSWAT Client will receive a compliance result in the next check-in, up to a minute.

4. Bugs fixed:

  • MetaAccess will not send an unknown devices report if there is no unknown device found

  • A device was able to enroll in an account even the account limit is reached. The system will change status of a device to Out-of-license-usage if a device was enrolled after the limit reach.

MetaAccess 2.4.2: October 22, 2019

1. Administrators can now perform an on-demand compliance check on devices from the management console

2. Added new APIs:

3. Administrators can now monitor the progress of an on-demand threat scan from the management console

4. Bugs fixed

  • Device Details API didn't return data for some categories such as Unclassified applications, detected patches, mobile apps

  • The last reboot time of a mobile device was not shown correctly

  • Installed applications on Linux devices were not listed on the Applications inventor

5. Minor enhancement

  • Remove OPSWAT Client SDK on "Add Devices" popup

MetaAccess 2.4.1: September 17, 2019

1. Administrators can now configure different encryption state requirements for additional local volumes and additional removable volumes. These settings will be set based on the "Additional volumes are not encrypted by an approved application" setting in a policy before the release

Before Release

After Release

Additional volumes are not encrypted by an approved application

Additional local volumes are not encrypted by an approved application

Additional removable volumes are not encrypted by an approved application

Enable

Enable

Enable

Disable

Disable

Disable

2. The date time on the console UI now reflects the local timezone

3. Bugs fixed

  • Device Policy Check API returned a device was not found if the MAC Address is in uppercase. The API now accepts MAC address in either lowercase or uppercase.

MetaAccess 2.4.0: August 06, 2019

1. Whitelist Vulnerabilities: Administrators can now whitelist vulnerabilities for policies or entire accounts after reviewing risks and assess impact of vulnerabilities. By whitelisting vulnerabilities, vulnerabilities associates to a device will not be counted for issues if they are whitelisted on a policy the device is assigned to.

2. Enhanced vulnerabilities view: provides administrators a better view on what applications,OS patches and CVEs are associated, and what policies it is whitelisted on

3. The system will not send a threat summary report if the system doesn't detect any threat in the last report duration.

4. Added new OAuth APIs:

  • Device Action API v3.2 supports a new action , scan_threats, to allow administrators to send an on-demand threat scan to devices

  • Get Reports API v3.1 supports administrators to retrieve a result for on-demand threat scan action.

5. Bug fixed: the system didn't send a request to the agent to open a remediation page if the device reports issues in N consecutive reports and N is greater than the non-compliant threshold.

6. Minor enhancement:

  • Added an agent type information under System Information on Device Details view

  • The system will keep MAC address information of devices which registered or reported duplicated MAC address. By this way, administrators can search for devices which reports the same MAC address

  • Added a new default rebranding package with Japanese language

MetaAccess 2.3.1: June 25, 2019

1. "Managed By" information on remediation pages will be shown with Account Name instead of an email address of the account.

2. Enhanced performance to process requests.

MetaAccess 2.3.0: June 04, 2019

1. Enhanced threat detection to allow administrators to configure how a file is considered a threat. Criteria can be based on the number of engines and trusted engines when a device scans threats against MetaDefender Cloud. Admins can configure a policy to leverage MetaDefender Core for Threat Detection, when used this way, MetaAccess respects scan results from MetaDefender Core: only files with a BLOCKED status will be considered as threat.

Scan Source

Before The Release

After The Release

MetaDefender Cloud

Threat Scan

  • Filter threats based on trusted engines. A file is detected as threat if at least one trusted engine detects it as a threat

Device Issue

  • Considered an issue if a file is detected as threat by N engines if enabled

  • Considered a critical issue if a file is detected as threat by M engines if enabled

Threat Scan

  • Filter threats based on number of trust engines. A file is detected as threat if at least N trust engines detect it as threat

Device Issue

  • Considered an issue if a device reports any threats if enabled

  • Considered a critical issue if a threat detected by M engines if enabled

MetaDefender API (Core)

Threat Scan

  • Filter threats based on trusted engines. A file is detected as threat if at least one trust engine detects it as threat

Device Issue

  • Considered an issue if a file is detected as threat by N engines if enabled

  • Considered a critical issue if a file is detected as threat by M engines if enabled

Threat Scan

  • A file is detected as threat if MetaDefender API (Core) scan result is BLOCKED

Device Issue

  • Considered an issue if a device reports any threats if enabled

  • Considered an issue if a device reports any threats if enabled

2. Administrators can now enable OPSWAT Client to auto-block mobile PTP/MTP devices when a user inserts a mobile PTP/MTP devices to an endpoint. This option is disabled by default. If you wish to enable it, please log into MetaAccess console and update policies.

3. If OPSWAT Client reports free hard disk space as not supported, MetaAccess does not consider this as an issue. This affects macOS 10.13+ devices

MetaAccess 2.2.1: May 24, 2019

  • Fixed issues

    • couldn't download agents from the download pages

    • couldn't fetch agent log

MetaAccess 2.2.0: May 14, 2019

1. Administrators can now configure agents to upload allowed/blocked files to a MetaDefender Vault when a user unblocks or copies files from portable media drives. This setting is disabled by default.

2. Administrators now have an option to exclude CD/DVD from auto-blocking portable media drives. This setting is disabled by default.

3. Administrators can see a timestamp when a device is enrolled to an account

4. MetaAccess adds a Live Chat snippet on the console to help users reach out to our support for help in less time

5. Add new APIs, Get Devices v3.3 and Device Details v3.3, to return a timestamp, enrolled_at, when a device is enrolled to an account,

6. Minor changes:

  • Increased Nickname length limit to 100 characters

  • Re-organized the left navigation menu: moved the "Group" menu out of the "Inventory" menu

MetaAccess 2.1.1: April 17, 2019

1. Fixed: when a user downloads an installer from a download link that contains a tag name/group id, the Cloud does not generate the installer with the tag name/group id

2. Fixed: the link to go to the OPSWAT support portal on Help Center

MetaAccess 2.1.0: April 02, 2019

1. MetaAccess now enables administrators to detect advanced threats within file systems in addition to active running processes powered by MetaDefender technologies. Administrators can schedule scans with multiple options such as a Full System Scan or a Custom Scan (memory, system volume, additional volumes, a specific path).

2. Administrators can also perform an on-demand scan on selected devices and obtain a threat report remotely.

3. Added oAuth API Device Information v3.0 to return pre-processing data for a device

MetaAccess 1.3.3.0: February 26, 2019

1. Enhanced dashboard to provide a consolidated view of your security and device landscape across your organization . Beside an overview dashboard, administrators now can access detailed security view for Secure Access, Vulnerabilities, Compliance, and Threat Detection.

2. Administrators can do localization and globalization for each device group by customizing the remediation page for groups. Administrators can add a customized package for remediation pages at Settings > Rebranding and assign it in Group details

MetaAccess 1.3.2.0: January 22, 2019

1. MetaAccess now returns parameters in the response header to indicate API rate limits (X-RateLimit-Limit), how many calls left (X-RateLimit-Remaining), when the rate limit is reset (X-RateLimit-Reset-Time)

2. Added new OAuth APIs:

  • Account Details v3.1: return details about device status, device with vulnerabilities by severity, devices with issues by severity

  • Device Action v3.1: support more actions to allow administrators retrieve OPSWAT Client log on devices

  • Get Reports v3.0: support download OPSWAT Client log if available

3. Bugs fixed

  • A co-administrator could not invite another user to manage the co-admin account