Release Date: April 8, 2021

Console Version: 3.6.1

Agent Release Version:

• Windows persistent agent: 7.6.446.0

• Windows On-demand agent: 7.3.606.0

• Debian-based Linux persistent agent: 15.4.23.0

• Readhat-based Linux persistent agent: 15.6.21.0

Release Updates

MetaAccess Cloud

Bugs fixed:

• Fixed an issue that multiple devices may share the same device ID in some cases

OPSWAT Client

Windows Persistent Client (7.6.446.0)

1.Enhancement

• Update blacklist for device identifier.

2. Built-in SDP version: 1.1.7.3867

3. Built-in SDK signature version: 4.3.1748.0

Windows On-demand Client (7.3.606.0)

1.Enhancement

• Update blacklist for device identifier.

2. Built-in SDK signature version: 4.3.1748.0

Redhat-based Linux persistent Client (15.6.24.0)

1. Enhancement

   • Update blacklist for device identifier.

2. Built-in SDK signature version: 4.3.1498.0

Known issues:

• To upgrade to this version from version 15.x.y.1/14.x.y.0, a user needs to uninstall old Linux agent version and reinstall this version

• The agent doesn't have UI/tray icon, the agent only supports command line

Debian-based Linux persistent Client (15.4.26.0)

1. Enhancement

   • Update blacklist for device identifier.

2. Built-in SDK signature version: 4.3.1498.0

Release Date: March 16, 2021

Console Version: 3.6.0

Agent Release Version:

• Windows persistent agent: 7.6.441.0

• Windows On-demand agent: 7.3.598.0

• macOS persistent agent: 10.4.317.0

• macOS on-demand agent: 10.5.250.0

• Debian-based Linux persistent agent: 15.4.23.0

• Readhat-based Linux persistent agent: 15.6.21.0

Release Updates

MetaAccess Cloud

1. Policies:

• Added a new scan option, Boot Sectors, to Device Scan in a policy.

2. Secure Access:

• Added a new setting, Visible to Users, for a SDP protected app to make the app visible or invisible to end-users

• Allow admins to assign users/group when the admin edits an app

• Enhance user experience when a user adds/edits a protected app

3. Endpoint Vulnerability

• Admins can whitelist CVEs for specific devices

• Admins can view CVEs associated to a Linux device

4. Settings:

• Add a new setting " Allow agents to automatically update the agent SDK to the latest version" at an Account level (Settings > Global >Device Agents > Agent) and a Group level (a group > Settings > Agent) to allow admins to control SDK upgrade on devices

5. OAuth API

• Enhance user experience for OAuth Portal

6. Other enhancements:

• Added details on what missing patches a user should patch on their device to be complied with a policy

• Policy Check API will return a device status as Non-compliant if it finds at least one Non-compliant device that associates with a queried MAC address

• The system will record a log event when an admin fails to log in through OPSWAT SSO based on customers' request.

• Allow admins to perform an on-demand compliance check on devices that run the OPSWAT On-demand Client.

• Datetime on event logs is shown up to seconds

7. Bugs fixed:

• The email notification when a device report malwares was not in a correct format

• The system didn't update last login time for an admin user correctly when the admin switches to a managed account

• The system didn't send out an email notification when an admin updates a group's settings.

OPSWAT Client

Windows Persistent Client (7.6.441.0)

1. The agent auto-upgrades SDK based on the SDK auto-upgrade setting on an account

2. Support users to scan files/folder with MetaDefender from command line

3. Support malware scan with MetaDefender on boot sectors

5. Bugs fixed:

• The client could not upgrade itself sometimes.

• The Cross-domain API didn't work well when a user have not rebooted a device for a long time.

• SDP service was auto-restarted once a day.

6. Built-in SDP version: 1.1.7.3867

7. Built-in SDK signature version: 4.3.1748.0

Known issues:

- Windows 7 and Windows Server 2008 devices must install KB2533623 and KB3033929 in order to upgrade to the latest version

- If a user exits the agent tray icon, the agent can’t popup approved actions when a user inserts a portable media

- A user needs to enable Show Notifications on the agent tray icon to see notifications about portable media

- The agent has not supported portable media feature if user 2 logs into a device while user 1 is still logged in

- OPSWAT Client does not support iTunes drive. If a user inserts an iOS device on an endpoint which has iTunes installed, the user will still have access to the phone via iTunes

- OPSWAT Client can't detect mobile devices, the user needs to unplug and plug in the mobile device again

Windows On-demand Client (7.3.598.0)

1. Add new CLI arguments

   • /compliance_check <value>: specifies which compliance check (health check, scan malware with MetaDefender, patch management) the client should do when a user runs the client with the runonce option.

   • /notrayicon: tells the client to hide the OPSWAT Client tray icon

2. Support on-demand compliance check triggered from MetaAccess/OPSWAT Central Management console.

3. Support malware scan with MetaDefender on boot sectors

4. Bugs fixed:

   • The client failed to start if a product name in the runwhile option has spaces

   • The Cross-domain API didn't work well when a user have not rebooted a device for a long time.

5. Built-in SDK signature version: 4.3.1748.0

macOS Persistent Client (10.4.317.0)

1. The agent auto-upgrades SDK based on the SDK auto-upgrade setting on an account

2. Built-in SDP version: 1.1.1.29

3. Built-in SDK signature version: 4.3.1532.0

macOS On-demand Client (10.5.250.0)

1. Add new CLI arguments

   • /compliance_check <value>: specifies which compliance check (health check, scan malware with MetaDefender, patch management) the client should do when a user runs the client with the runonce option.

   • /notrayicon: tells the client to hide the OPSWAT Client tray icon

   • /skip_request_files_permission <0|1>: tells the client to skip requesting permission from users

2. Support on-demand compliance check triggered from MetaAccess/OPSWAT Central Management console.

3. Built-in SDK signature version: 4.3.1532.0

Redhat-based Linux persistent Client (15.6.21.0)

1. The agent auto-upgrades SDK based on the SDK auto-upgrade setting on an account

2. Bugs fixed:

   • The client didn't stop custom check when the script is timeout

3. Built-in SDK signature version: 4.3.1304.0

Known issues:

• To upgrade to this version from version 15.x.y.1/14.x.y.0, a user needs to uninstall old Linux agent version and reinstall this version

• The agent doesn't have UI/tray icon, the agent only supports command line

Debian-based Linux persistent Client (15.4.23.0)

1. The agent auto-upgrades SDK based on the SDK auto-upgrade setting on an account

2. Bugs fixed:

   • The client didn't stop custom check when the script is timeout

3. Built-in SDK signature version: 4.3.1304.0

Known issues:

• To upgrade to this version from version 15.x.y.1/14.x.y.0, a user needs to uninstall old Linux agent version and reinstall this version

• The agent doesn't have UI/tray icon, the agent only supports command line

Previous Releases

• 5.1. Cloud console

• 5.2. OPSWAT Client for Windows (Persistent client)

• 5.3. OPSWAT Client for macOS (Persistent client)

• 5.4. OPSWAT Client for Windows (On-demand client)

• 5.5. OPSWAT Client for macOS (On-demand client)

• 5.6. OPSWAT Mobile App for iOS

• 5.7. OPSWAT Mobile App for Android

• 5.8. OPSWAT Client for Redhat-based Linux (Persistent client)

• 5.9. OPSWAT Client for Debian-based Linux (Persistent client)

• 5.10. Windows - Domain Controller Client

• 5.11. Client SDK