Release notes

New Features, Improvements and Enhancements

Support for CIS Level 2

MetaDefender Core now aligns with CIS Level 2 benchmarks for Windows Server 2022. This enhancement supports organizations that require stricter security controls.

Access History Screen, tracking Session Activities

A dedicated interface under the History menu displays a comprehensive log of user session activities, including:

• Sign-in and sign-out events with timestamps and IP addresses.
• Session timeout occurrences.
• Password change events.
• Role and permission modifications, with details of the initiating user.

Administrators can filter logs by date range, action type, IP or user to streamline investigations and reporting.

New Exportable SBOM Report

This version introduces a new PDF report specifically for Software Bill of Materials (SBOM) processing results. This dedicated report provides detailed library information including:

• Library metadata and versions
• Associated CVE (Common Vulnerabilities and Exposures) information
• License information and compliance details
• Component dependency relationships

This new report type enables users to receive complete SBOM analysis results in a shareable PDF format, addressing enterprise workflows where detailed library information should be distributed and verified for security assessment, vulnerability remediation, and compliance review.

Full Report of Remote Adaptive Sandbox in HTML and PDF Formats

Previously, users had to retrieve the full report from Adaptive Sandbox interface. Now, the life is easier when users can directly download complete reports in PDF or HTML from MetaDefender Core web console with a single click.

SSL Certificate Expiration Notification

Administrators can now configure alerts for SSL certificates that are approaching expiration. The notification window is customizable. This helps prevent service disruptions and ensures secure communication remains uninterrupted.

These options can be found under Email Notification tab in Settings.

Better Experience for Deep CDR File Type Selection

A new search textbox enables users to quickly locate specific file types, such as JPG, by typing keywords and Enter. Info section and option to select all All File Types are also arranged.

Multi-Password Input Interface

Users can now specify a list of passwords during file upload processes on Web Console, allowing the system to iteratively attempt decryption against each provided password.

Blocklist All Except Child File Type, Extending Capability to more File Type Groups

The option Allow child files under Blocklist All Except feature allows users to define predefined child file types for further processing while instantly blocklisting others.

This update now, besides Archive Files, is covering more file type groups: Disk Image Files, Email Files, Encrypted Archive Files, Executable Files, and Office Documents.

For example, with the following settings, XML and RELS child files of DOCX file will be processed, meanwhile, other file types else will be blocklisted.

Logging Enhancements

1) When available disk space is low (< 10%), there will be a log message filed in core.log.

2) Additional fields in msgid 82 for same-level extracted files and total extracted files.

• files_extracted_count: number of extracted files in the DIRECT level.
• total_extracted_files: total number of extracted files in ALL level.

REST API Enhancements

1) APIs $link[ref,7558,GET - Fetch a list of blocked leaf files inside archive,retrieveblockedleaffile] and $link[ref,7558,Fetch a list of blocked leaf files inside archive by hash,retrieveblockedleaffilebyhash] include

Hash-related fields:

• md5
• sha1
• sha256
• sha512
• is_skip_hash

And YARA rule fields: yara_info

2) Begin tracking Proactive DLP wait time: dlp_wait_time . This new field is included in $link[ref,7558,Fetch Analysis Result,fileanalysisget] and other result fetching APIs.

Further Enhancements

1) Improved workflow configuration handling to prevent save errors and validation issues while scanning engines are being updated.

2) Quarantine feature now hides or grays out the option Check with when the respective module is inactive or unlicensed.

3) Quarantine feature offers options for searching for Technology results like SBOM, Adaptive Sandbox and sorting by Date Added.

4) Administrators may enable SSL connection for bundle PostgreSQL. More details at $link[page,384948,How to setup SSL connection for PG].

5) Session cookie sent or not sent with cross-site requests is configurable on web console under Security tab in Settings.

6) Ability to export results of all single files (non-archive) files within an archive file as JSON.

Security Enhancements

Upgraded libraries for vulnerability fixes:

• Libxml2 v2.14.6
• OpenSSL v3.5.2
• ng2-file-upload, ngx-bootstrap, ngx-infinite-scroll

YARA rules using HTTP are now subject to the following restrictions:

• Archive size limit: Maximum of 50 MB.
• File count limit: Maximum of 1,000 files.
• Folder depth limit: Maximum of 50 nested levels.
• Path length limit: Maximum of 255 characters, excluding the engine database folder path length.
• Extracted size limit: Maximum of 50 MB total after extraction.

Bug Fixes

• Addressed an issue that negated data type in the option Allow child files of Block All Except in Blocklist.
• Addressed a rare crash issue in the product that occurred after enrolled with MOCM.
• Addressed an issue that did not set correct customized IP and port to Desktop shortcut.
• Addressed an issue that caused a failure to Email Server authentication mode None.
• Addressed a UI issue that displayed an incorrect number of supported file types of Adaptive Sandbox in workflow configuration.
• Addressed an issue that incorrectly prohibited certain accepted special characters (e.g., underscores and hyphens) in usernames within the Email Server configuration settings.

Known Limitations