MetaDefender Aether 3.0.0 & Threat Detection 2.0.0 Release Notes

Every day, organizations are exposed to cyberattacks that no one has ever seen before. These zero-day threats are designed to bypass antivirus signatures, reputation feeds, and static defenses by hiding inside files that appear harmless—documents, installers, scripts, patch files, and archives.

The challenge is no longer just detecting known malware. It is detecting what is unknown, evasive, and deliberately engineered to avoid detection, without slowing business operations or overwhelming security teams with alerts.

Watch the MetaDefender Aether product overview video below:

MetaDefender Aether™ 3.0.0 is OPSWAT’s next-generation unified zero-day detection solution, combining the proven capabilities of MetaDefender Sandbox with built-in threat intelligence, threat scoring, and threat hunting—all delivered as a single adaptive detection pipeline.

With this release, the MetaDefender Sandbox dynamic analysis engine is fully integrated into MetaDefender Aether as Layer 2, strengthening Aether’s four-layer architecture and transforming sandboxing from a standalone tool into part of a self-learning detection system.

This marks a strategic shift:

• From sandboxing in isolation
• To zero-day detection at the perimeter, where every file entering an organization can be inspected before it reaches users or systems

MetaDefender Aether answers four critical questions for every file:

1. Does the file contain a known threat?
2. Does it contain an unknown or zero-day threat?
3. What is the risk level of that threat?
4. Is it related to a broader malware family or campaign?

Real-time and offline reputation checks for files, URLs, IPs, and domains filter out known threats instantly using global intelligence from billions of indicators.

Unknown and suspicious files are executed in an emulation-based sandbox that bypasses anti-VM and timing-based evasion. Runtime behaviors, loader chains, scripts, and artifacts are exposed even when malware tries to stay dormant.

Behavioral indicators, reputation context, and detection logic are correlated to assign a confidence-based risk score—helping SOC teams prioritize what truly matters.

After implementing MetaDefender Aether, organizations move:

• From reactive detection → to proactive resilience
• From isolated tools → to unified intelligence
• From slow file queues → to near-real-time verdicts
  

Up to 99.9% zero-day detection efficacy, validated across large-scale analysis.

Emulation-based analysis delivers results in seconds, not minutes.

Receive a single trusted verdict with rich behavioral context, reducing manual investigation time.

Leverage ML-based similarity search to uncover related samples, campaigns, and infrastructure.

Integrate zero-day detection directly into MetaDefender Core, Email, MFT, ICAP, Storage, and Cross-Domain workflows.

A complete zero-day detection platform with sandboxing, threat intelligence, scoring, and hunting for SOC workflows. 

A fully managed, SaaS-based sandbox and threat intelligence service for cloud-native environments and CI/CD pipelines.

Recent key enhancements delivered through the MetaDefender Aether include:

• High-confidence zero-day malware tagging
• Deep analysis of Windows installer formats
• AI/ML model security scanning
• Detection for recent zero-day exploits and phishing campaigns
• Improved brand spoofing detection and reduced false positives
• Enhanced encrypted document analysis

These updates are deployed independently of infrastructure upgrades, enabling faster response to emerging threats. Discover each one in depth below.

• Zero-Day Malware Tagging - Now you can identify high-confidence zero-day malware and hunt previously unseen threats that bypass reputation checks and up-to-date AV signatures. This gives clearer visibility into new malware campaigns before they spread. This feature requires MetaDefender Core or MetaDefender Cloud integration to submit files for AV multiscanning.

• Admin Creation for Admins - Added functionality for Admins to create users with initial passwords and group assignments via the User Management tab.

MetaDefender Aether supports independent updates to detection logic and threat intelligence, enabling faster deployment of new protections and a more rapid response to emerging threats. The following updates have been delivered over the past several months.

• Significant Enhancements to PE Installer Analysis - Added deep static extraction and analysis for Windows installers: NSIS, Inno, InstallShield, Advanced Installer, Wise, WiX, InstallAnywhere, and Actual Installer. It now extracts prioritized embedded files, analyzes installer scripts, and scores custom installers heuristically.

• AI / ML Model Security Scanning - Introduced security analysis for Machine Learning models, including multi-serialization parsing and deep static inspection to detect hidden malicious payloads before they impact AI workflows.

• Zero-Day Exploit Detection - Added detection for recent Windows Explorer LNK vulnerabilities (CVE-2025-50154, CVE-2025-59214) that leak NTLM credentials without user interaction. Also, introduced detection for critical XXE exploitation in Apache Tika (CVE-2025-66516).

• Phishing Campaign Intelligence - Introduced indicators for seasonal / opportunistic lures (holidays, global events). Improves campaign clustering and early phishing detection.

• Encrypted Documents - Enhanced decryption for protected Office and PDF documents by introducing a multi-step password recovery with fallback logic for phishing-delivered encrypted files.