Release notes

New Features, Improvements and Enhancements

New Technology: OPSWAT AI Content Inspector

OPSWAT AI Content Inspector is a new technology introduced in MetaDefender Core. It is an AI-driven content authenticity and document fraud detection engine designed to help organizations identify suspicious or manipulated content before review, approval, or payout processes.

It analyzes visual, textual, and structural signals across documents and images to detect potential fraud in invoices, insurance claims, accident photos, and other high-risk content.

Automated support package generation and transfer to My OPSWAT Central Management

MetaDefender Core’s support packages can now be generated on demand from MOCM and automatically uploaded to MOCM for centralized retrieval. This is particularly valuable for instances in remote or restricted environments where Support previously had to coordinate with the local administrator to collect logs.

Differentiated verdict for RMS-protected Office documents

Password-protected and RMS-protected (label-protected) Office documents were previously classified under a single verdict, "Password Protected Document." Both file types are now reported separately as Password Protected Document and RMS Protected Document. The new verdict is recognized end-to-end in verdict filtering on Processing History, the verdict result highlighter, scheduled report emails, and email notifications for processing activity.

Further Enhancements

1) Faster processing result retrieval during engine updates

Processing result API calls could previously stall behind an in-progress engine update, occasionally exceeding the 150-second NGINX timeout for customers with large workloads. The internal lookup of engine configuration last-modified time is now served from a cache, so result retrieval no longer waits on engine updates to complete and returns results promptly even while engines are mid-update.

2) Verdict origin indicator for scan categories and errors

The management console now indicates whether a scan category or error (for example, "Calculate Hash Error") was determined by MetaDefender Core itself or by the underlying scan engine. A visual indicator clarifies the origin so administrators and Support can more quickly route and triage issues.

3) Adaptive Sandbox skip handling for unsupported file types

Adaptive Sandbox previously sent files with the Metascan verdict Unsupported File Type for sandbox analysis because that verdict was missing from the skip-evaluation list. This verdict is now recognized, ensuring unsupported file types are skipped from sandbox processing as intended and reducing unnecessary sandbox resource consumption.

4) A clearer blocked reason for scans interrupted by the MetaDefender Core restart

When the MD Core service restarts mid-scan, in-process scans are now reported with an explicit failed block reason rather than an empty reason. This makes interrupted scans easier to identify in processing history and downstream reporting, improving auditability after unexpected restarts.

5) Deep CDR output filename exception by filename and extension

Deep CDR users can now define output filename exceptions based on filename or extension, in addition to the existing exceptions based on detected true type. This enables, for example, converting one extension to .txt while preserving another extension's original suffix in the sanitized output filename, even when both files share the same detected true type.

6) Engine package compatibility flag

The stat/packages API now includes a boolean-supported field on each engine and database package entry, making it clearly visible whether a package is compatible with the currently running MetaDefender Core version. This simplifies inventory and compatibility validation for administrators and integrators.

7) Delayed start for the MetaDefender Core service on Windows

On Windows, the MD Core service is now configured with the "Automatic (Delayed Start)" startup type. This ensures the operating system has finished initializing dependent services — particularly network interfaces — before MD Core starts, preventing a few unexpected behaviors.

8) Additional SBOM fields in the PDF report

The Software Bill of Materials (SBOM) PDF report has been expanded with additional fields requested for compliance frameworks such as CERT-in. Customers benefit from a richer SBOM artifact that more closely aligns with regulatory and industry reporting requirements.

9) Additional Metascan engine information in the Export Result

The Export Result option for processing details now includes per-engine information for Metascan engines. The "AV Engines" column in Advanced Export has been renamed to "Engine Name," and two new fields — "Engine Version" and "Database Version" — are now exported alongside it. These values are also preserved for results that were originally scanned on a previous MetaDefender Core version after the upgrade.

10) Reorganized workflow configuration tabs

The Workflow configuration tabs have been reorganized by functional group, making settings easier to discover and configure.

11) Improved tab display for long engine names in Advanced Export

Engine names in the Advanced Export tab are now properly fitted within their containers, eliminating overflow that occurred for engines with long display names.

12) Disk space monitoring in health check policies

Health check policies can now monitor the free disk space on the MetaDefender Core installation drive. If available space falls below the configured threshold, the instance is flagged as not ready for file processing.

13) Outdated engine detection in health check policies

Health check policies can now flag engines whose definitions have not been updated within a configurable number of days. Administrators can specify which engines are required and how many days old their definitions can be before the health check fails.

14) Email notifications based on final scan status

Email notifications can now be triggered by a file's final status, such as when a file is blocked, in addition to the existing scan-result triggers (Infected, Suspicious, and so on). This is useful when you care more about enforcement outcomes than the specific findings behind them.

15) Prevent engine downgrade

MetaDefender Core now includes a setting that blocks downgrades of engine and database packages, protecting deployments from accidental rollbacks to outdated threat definitions. This setting is disabled by default.

16) Proxy connectivity test

Administrators can now validate proxy settings before saving them. The test verifies connectivity to the updater and activation server, helping avoid misconfigurations that would otherwise only surface when updates silently fail.

17) Out-of-date engine notification banner

The system banner now includes a setting to notify administrators when scan engines are out of date. A global threshold can be configured in days, with the option to override it per engine.

18) Configuration History — Collapsed Diff View

The Configuration History page now displays only the changed lines in a collapsed diff view, making it easier for administrators to identify what was modified in configuration or workflow policy changes.

Security Enhancements

Upgraded 3rd party libraries:

• NGINX v1.30.1
• PostgreSQL v14.23

Bug Fixes

• Fixed an issue where some My OPSWAT Central Management-related configuration screens reported a successful save while the underlying value failed validation.
• Fixed an issue where the Adaptive Sandbox verdict was reported as "System Error" in the PDF export when the scan was cancelled mid-processing.
• Fixed an issue where archive scan results displayed an "Exceeded Archive File Number" extraction issue without an associated count of affected files. The count is now correctly populated for the root archive.
• Fixed an issue where the workflow rule name filter in Executive Reports did not reflect renamed rules, leaving the old name in the filter. The filter now correctly reflects the current rule name.

Known Limitations