5. Release Notes

Release Date: December 22, 2020

Console Version: 3.3.0

Agent Release Version:

  • Windows persistent agent: 7.6.389.0

  • Windows On-demand agent: 7.3.552.0

  • macOS persistent agent: 10.4.306.0

  • Debian-based Linux persistent agent: 15.4.21.0

  • Readhat-based Linux persistent agent: 15.6.19.0

Release Updates

MetaAccess Cloud

1. Support Anti-keylogger in policies: MetaAccess prevents keyloggers and advanced malware from  accessing  sensitive data by intercepting and encrypting keystrokes. This module requires an additional license.

images/download/attachments/2575626/image2020-12-18_8-40-21.png

2. Support Screen capture protection in policies: MetaAccess prevents malicious and accidental screenshots. It prevents unauthorized or accidental screenshots and recording by users, VDI, web collaboration tools, and malicious applications. It protects against data loss issues from web collaboration tools such as Zoom, Microsoft Teams, Cisco WebEx, and others. This module requires an additional license.

images/download/attachments/2575626/image2020-12-18_8-42-5.png

3. Gateway Pools:

  • Allow admins group gateways into a pool to support a global deployment. Each gateway pool can be assigned to one or multiple groups.

  • Allow admins can leverage both OPSWAT Hosted Gateway, if licensed, and private gateway.

images/download/attachments/2575626/image2020-12-18_8-45-13.png

4. Introduce Group Settings:

  • SDP settings

    • allow admins enable SDP features on devices belong to a group

    • allow admins to assign a gateway pool to a group. Devices in the group will be routed to gateways of the gateway pool assigned to the group.

  • Agent settings:

    • allow admins overwrite agent settings in Global settings in specific groups. If a group doesn't enable this section, devices belong to the group will receive agent settings from Global Settings.

    • Disable by default.

images/download/attachments/2575626/image2020-12-18_8-54-58.png

5. Security enhancement: change the algorithm used to store/exchange sensitive data that secures your account. This can cause devices that running an old version of OPSWAT Client couldn't uninstall the client by end-users. Admins need to delete devices from the management console in that case.

6. Custom check enhancements:

  • Support custom check for Linux devices.

  • support multiple scripts for Windows and macOS devices. Administrators can implement multiple scripts and combine them in a main script, then upload the script package to a policy.

7. Support retain the last group a device was assigned to when a device re-enrolls to an account.

images/download/attachments/2575626/image2020-12-18_8-58-49.png

8. Secure Access enhancement:

  • Secure Access via SDP: Support users log into SDP via SSO from the SDP UI (SP Initiate)

  • Secure Access via IdP: support SHA-2 Signing

9. Client User Interface: Administrator can now enable client UI on the persistent OPSWAT Client for Windows. This setting is available at Global Settings and Group Settings. It's disable by default.

  • the new OPSWAT Client UI and SDP UI run parallel

  • SDP UI is always enabled when SDP feature is enabled on a device even the Client UI setting is disable.

images/download/attachments/2575626/image2020-12-18_9-1-44.png

10. Minor enhancements:

  • Add a new field, show_issues_with_severity, to the content.json file in a rebranding package to indicate what issues should be shown on the remediation page.

  • Add NPS survey

11. Bugs fixed:

  • The system was not applied specific apps conditions in access rules for SDP apps.

  • The system didn't allow users to select approved anti-malware products for macOS devices by a major version.

  • The system didn't assess device compliance status if a device reports no network adapters.

  • A user couldn't add a protected app if an URL contains two hyphen characters (--)

  • Admin event logs didn't show admin's email sometimes.

OPSWAT Client

Windows Persistent Client (7.6.389.0)

1. Support anti-keylogger and screen capture protection on a device based on a policy. When a user takes a screenshot, the user will see a message that (s)he is not allowed to take a screen shot.

2. Introduce OPSWAT Client User Interface to allow users interact with

  • Malware Detection:

    • users can on-demand scan a device based on the policy settings or other options, such as Full scan, Memory scan, custom scan

    • user can view history scan

  • Removable Media:

    • users can view what media OPSWAT Client is blocking and perform allowed actions on a media

    • users can view action history

  • App management:

    1. users can view all applications installed on a device. The OPSWAT Client lets users know status of each app (out of date, vulnerable status)

    2. users can upgrade or uninstall an application in one single pane of glass.

images/download/attachments/2575626/image2020-12-18_10-38-32.png

3. Support retain the last group the device was assigned to for next time it enrolls to an account.

4. Security enhancement: change the algorithm used to store/exchange sensitive data that secures your account.

5. Minor enhancements:

  • support ignore_raw_media to allow users burn CD/DVD

6. Bugs fixed:

  • the client reported wrong version

  • the client was not signed properly. This caused a user gets a popup when the client runs sometime.

  • the client didn't send report if it's failed to get configuration from MetaAccess/OCM.

  • the client couldn't deploy or upgrade SDP component if the logged in user is a standard user.

7. Built-in SDP version: 1.1.6.3405

8. Built-in SDK signature version: 4.3.1614.0

Known issues:

- Windows 7 and Windows Server 2008 devices must install KB2533623 and KB3033929 in order to upgrade to the latest version

- If a user exits the agent tray icon, the agent can’t popup approved actions when a user inserts a portable media

- A user needs to enable Show Notifications on the agent tray icon to see notifications about portable media

- The agent has not supported portable media feature if user 2 logs into a device while user 1 is still logged in

- OPSWAT Client does not support iTunes drive. If a user inserts an iOS device on an endpoint which has iTunes installed, the user will still have access to the phone via iTunes

- OPSWAT Client can't detect mobile devices, the user needs to unplug and plug in the mobile device again

Windows On-demand Client (7.3.551.0)

  1. Security enhancement: change the algorithm used to store/exchange sensitive data that secures your account.

  2. Minor enhancement:

    1. support /groupid option in the command line.

  3. Bugs fixed:

    1. the client didn't send report if it's failed to get configuration from MetaAccess/OCM.

  4. Built-in SDK signature version: 4.3.1614.0

macOS Persistent Client (10.4.306.0)

  1. Support SDP feature without user interface. Users need to log into SDP through IdP.

  2. Support retain the last group the device was assigned to for next time it enrolls to an account.

  3. Security enhancement: change the algorithm used to store/exchange sensitive data that secures your account.

  4. Built-in SDP version: 1.1.1.29

  5. Built-in SDK signature version: 4.3.1501.0

Redhat-based Linux persistent Client (15.6.19.0)

  1. Support custom check based on a policy

  2. Built-in SDK signature version: 4.3.1304.0

Known issues:

  • To upgrade to this version from version 15.x.y.1/14.x.y.0, a user needs to uninstall old Linux agent version and reinstall this version

  • The agent doesn't have UI/tray icon, the agent only supports command line

Debian-based Linux persistent Client (15.4.21.0)

  1. Support custom check based on a policy

  2. Built-in SDK signature version: 4.3.1304.0

Known issues:

  • To upgrade to this version from version 15.x.y.1/14.x.y.0, a user needs to uninstall old Linux agent version and reinstall this version

  • The agent doesn't have UI/tray icon, the agent only supports command line

Domain Controller Client (8.0.55.0)

  1. Security enhancement: change the algorithm used to store/exchange sensitive data that secures your account.