Archived Release Notes

Due to documentation changes, offline copy of documentation is no longer available via the Management Console.

4.7.7

MetaDefender Kiosk 4.7.7
11 July 2025 (Kiosk 4.7.7.3922)
New Features
Kiosk Hardened Image - Auto-deploy Kiosk Out-of-Box Experience for the initial setup	Kiosk now support initial configuration files to automate the Out-of-Box Experience (OOBE) enable faster deployment at large scale.
Allow trusted files by digital signature	Kiosk now allows administrators to configure trusted files based on their digital signatures. This feature enables more precise control by allowing only files signed with specified certificates.
File search for scanning	Kiosk now allows users to search for specific files to scan, making file selection faster and more convenient.
Fallback to logged-in Windows user when retrieve files from shared directories	Kiosk now supports a fallback mechanism that attempts to access shared directories using the currently logged-in Windows user when the provided Active Directory (AD) credentials fail. This enhancement improves file retrieval reliability in environments where AD access may be restricted or inconsistent.
Option to wait for MFT scan completion	Kiosk introduces a new option that allows it to wait until all uploaded files are successfully scanned by MFT before closing the session. At the end of the session, Kiosk will also display the MFT scan result of each file.
Enhancements
Supports scanning Clonezilla images	Kiosk now supports scanning Clonezilla images
Improved permission error messages during file copy	Kiosk now provides clearer messages when file copy fails due to permission issues at the destination. This enhancement helps streamline troubleshooting.
Enhanced security with encrypted certificates in Kiosk database	Certificates and private keys used for secure connections (HTTPS) and manifest signing are now encrypted and securely stored in the Kiosk database. This enhancement strengthens security by eliminating local certificate exposure and preventing unauthorized access.
Support applying configurations to multiple Kiosk versions in Central Management 10	Kiosks instances are now capable of apply settings across mixed versions in Central Mangement 10. Kiosks with older versions skip unknown settings and retain deprecated settings to ensure consistent behavior and compatibility. Note: This feature requires Central Management 10, which is not yet released.
Improved error message for incorrect password in encrypted files	When users enter an incorrect password for encrypted files, the error message is now clearer to avoid confusion and help users understand the issue.
Removed ‘Finding files’ screen	The ‘Finding files’ screen has been removed to simplify the file scan process.
Enhanced display for mixed English and Hebrew text lines	Improved text rendering for lines containing both English and Hebrew
Show Time remaining for specific workflow	A new option has been added to allow displaying the estimated remaining time while processing files
Option to show or hide remaining time per workflow	A new option allows Kiosk to show or hide the estimated remaining time for each workflow while processing files, enhancing user visibility and experience.
Improved file listing for large USB devices with over 250 files	Improved the file listing experience for USB devices containing over 250 files. Users can now continuously scroll through the list for a smoother and intuitive experience.
Improved session ID tracking for file Scans in Central Mangement 10	Kiosk now includes the session ID with every file sent to Core, enabling better reporting in Central Management 10. This change ensures consistent tracking across all scanned files.
Exclude Manifest files when transferring files to the MFT server	Kiosk no longer copies manifest files when transferring files to the MFT server. This change helps avoid confusion in cases where manifest file transfers fail, ensuring a clearer and more consistent file transfer experience.
Supports domains containing hyphens “-” when integrating with Microsoft Entra ID (OIDC)	Kiosk now supports domains containing hyphens “-” when integrating with Microsoft Entra ID using the OpenID Connect (OIDC) protocol.
Accurate file size display for files skipped due to size	When a file is skipped by MetaDefender Core due to its size, Kiosk now accurately displays the actual file size instead of showing 0 Bytes. This improvement provides clearer scan results.
Reduced repetitive showing of “Access denied” when using with Load Balancer	When using Kiosk with the Load Balancer option, Kiosk no longer repeatedly show “Access denied” message from MetaDefender Core. This improvement helps minimize noise in the Kiosk logs
Improve display of languages when being switched	Language switching on the Kiosk user interface and question screens has been enhanced to ensure accurately display the selected language.
Language selection now managed via menu bar icon	The “Allow user to select languages” option has been removed. Language selection is now controlled through the customizable menu bar icon for a simpler configuration.
Bugs
Resolved issue with missing translation text when upgrading to Kiosk 4.7.6	Kiosk resolved issues where some language translation texts could disappear when upgrading from older versions to Kiosk 4.7.6
Resolved self-scan did not triggered at the scheduled time	Kiosk resolved an issue where the Self-Scan feature did not automatically trigger at the scheduled time.
Resolved high CPU and fan noise caused by CD/DVD drive	Kiosk resolved an issue where the CD/DVD drive could cause unusually high CPU usage, resulting in increased fan noise

4.7.6

MetaDefender Kiosk 4.7.6
14 June 2025 (Kiosk 4.7.6.3642)
Fixed Bugs
Fixed invalid Core setup and blank Core console page due to exhausted connections	Fixed an issue in Kiosk 4.7.6 where repeated checks of the embedded Core engine status may exhaust available connections in some cases. This caused the Kiosk to display an "Invalid Core Setup" message and the Core management console to appear blank.
Fixed Self-scan skipping all files when using Core 5.14.2	Fixed an issue in Kiosk 4.7.6 where the Self-scan feature skipped all files when used with Core 5.14.2
Fixed double printing in Automatic Print feature	Fixed an issue in Kiosk 4.7.6 where “Automatic Print” feature triggered printing twice instead of once.
Fixed MFT transfer failure over HTTPS	Fixed an issue where Kiosk failed to transfer files to MFT over HTTPS when SSL certificate verification was disabled. This affected Kiosk versions 4.7.5 and 4.7.6
23 May 2025 (Kiosk 4.7.6.3514)
New Features	Central Management now supports centralized importing of YARA rules and file hashes via REST API. Kiosk will seamlessly apply these items to the embedded Core engine, enabling streamlined, centralized policy enforcement across all connected Kiosk devices.
Flexible icon visibility controls	Administrators can now choose to hide interface icons entirely or tuck them under the dropdown menu (“…”). These new options give you finer control over the Kiosk UI and let you deliver a cleaner, more customized experience for end users.
Supervisor MFT approval bypass option	Kiosk introduces a new setting that allows administrators to bypass supervisor MFT approval directly from the Kiosk console. This provides greater flexibility for configuring diverse use cases and streamlining workflows.
Optional domain selection for active directory login	Kiosk now offers administrators the option to enable domain selection on the login screen when integrated with Active Directory. Enabling this feature displays a domain dropdown, helping users select the correct domain and simplifying the login experience.
Enhanced validation for predefined question responses	Administrators can now specify input formats for predefined questions, choosing from free text, number, email, or custom regular expressions (Regex). Users must enter data in the required format to proceed, improving data accuracy and consistency
New scanning engine status indicator	The Kiosk UI now displays a status indicator for scanning engines. If an engine encounters issues, a warning (exclamation mark) or critical (cross) icon will appear, signaling the severity. This enhancement improves user awareness and helps administrators quickly identify and address engine problems.
Kiosk supports integration with MetaDefender Drive	Kiosk now supports direct integration with MetaDefender Drive. When an MD Drive is connected, Kiosk automatically uploads stored scan reports to the enrolled Central Management, removing the need for separate SDK installation and configuration.
Enhancements
Enhanced media detection across all Kiosk processing screens	Kiosk now detects inserted media (e.g., USB drives) from any screen. When media is inserted, a popup notification confirms detection. If media is inserted while on the Welcome screen, Kiosk will automatically proceed to the User Agreement screen and begin the scanning process. On the Media Detection screen, the detected media is automatically selected for scanning, streamlining the user experience
Manage scanning engines from Central Management	Kiosk now supports managing scanning engines via My OPSWAT and OPSWAT Central Management, enabling easier configuration and consistent engine updates across multiple devices.
Option to disable SD Card scanning	Kiosk now provides the ability to disable SD card scanning. This allows administrators to tailor the interface for a cleaner, more streamlined user experience when SD card support is not required.
Improved display for Smart Card or RFID as primary login option	When Smart Card or RFID authentication is enabled, Kiosk will now display it as the default login method. Users can still switch to username and password login if preferred, providing flexibility while prioritizing secure access.
Additional client identifier is included when uploading files to MetaDefender Core and MFT	When uploading files to MetaDefender Core and MFT, Kiosk now sends additional client identifiers (hostname, Kiosk ID, username and timestamp) to Core and MFT. This improves My OPSWAT’s ability to correlate data and enhances traceability for each scanned file.
New ‘Scanning Configurations’ tab in Kiosk console	Kiosk now includes an additional ‘Scanning Configurations’ tab, enabling administrators to configure basic workflow settings directly within the Kiosk console. More advanced settings will be introduced in future releases to further enhance this feature.
Improved display during file scan initialization	In previous versions, Kiosk displayed “0 files found” while searching for files to process, which caused confusion for end users. This has been improved to show “Initializing...” during the search to provide clearer feedback.
Improved unsent scan report synchronization	Kiosk will now automatically synchronize any unsent scanning reports (for example, due to connectivity disruptions) to My OPSWAT once the connection is restored. Additionally, when a Kiosk instance is newly enrolled, any existing locally stored scan data will be sent to My OPSWAT, ensuring improved data consistency and completeness.
Enhanced “About” page with system details	The Kiosk “About” page has been enhanced to display additional details, including the Core version, hardened image version, hardware specifications, service tag, and more. This expanded view provides valuable information for support and troubleshooting, improving the overall customer experience.
Unified Kiosk About page in Central Management	The Kiosk About page in Central Management is now aligned with the version displayed on the Kiosk console, ensuring consistency and improving usability across platforms.
Improved CD/DVD scanning performance	Kiosk now optimized CD/DVD scanning to reduce scan time and enhance the overall user experience, ensuring faster and more efficient processing of optical media.
Support for manifest generation with Unicode characters in file names	Kiosk now fully supports generating manifest files containing Unicode characters in file names (e.g Japanese). By leveraging Unicode APIs and converting file names to UTF-16, Kiosk ensures reliable manifest creation across systems with different locale settings and code pages, enhancing compatibility and reducing encoding-related issues.
Revert customization settings to default	Kiosk now includes an option to revert customization settings, such as logo, color scheme, and other visual elements, back to their default values, making it easier to undo changes and restore the original appearance.
Secondary logo now displayed on session end screen	Kiosk now displays the secondary logo on the session end screen, aligning with branding customizations and improving visual consistency across the user experience.
Improved Hebrew translation in Kiosk UI	Kiosk UI improved Hebrew translations, providing a clearer and more accurate user experience for Hebrew-speaking users.
Enhanced support for simultaneous SharePoint and Entra ID (OIDC) integration	Kiosk now supports configuring SharePoint and Microsoft Entra ID (OIDC) simultaneously. Files are correctly transferred under the authenticated user’s credentials, ensuring accurate file handling across both MFT and SharePoint/OneDrive workflows.
Support for export and import of offline activated Core	Kiosk now supports exporting and importing configurations of MetaDefender Core instances that were activated offline or via volume license on Central Management. This will also allowed Kiosk Hardened Image to be upgraded with offline-activated Core
Enhance Kiosk Hardened Image Upgrade for greater stability and error handling	Enhanced Kiosk Hardened Image Upgrade with improved stability and bug fix. Critical failures (such as failed to backup Core license) during configuration restoration are now logged in the upgrade history, and ensure the system will automatically roll back to a stable state when needed
Security enhancements	Various security issues have been addressed to enhance the overall security of the system
Bugs
Resolved Error when saving Syslog settings	Resolved an issue that caused an “Error Saving” message when setting up a Syslog server in Kiosk. The problem was related to how log level settings were handled. With this fix, Syslog configuration now works as expected, regardless of the selected log level.
Known issues
Backup and restore fails with embedded Core using HTTPS certificate requiring passphrase	Kiosk cannot perform backup and restore when the embedded Core is configured to use HTTPS with a certificate that requires a passphrase.
Upgrade fails when Network Policy Hardening is enabled	When the Network Policy Hardening is enabled, certain network services are disabled as part of the security configuration. This prevents some components (such as firewall and network settings) from being backed up, causing the Kiosk upgrade process failed.
Self-scan skips all files	Self-scan feature in Kiosk 4.7.6 does not work as expected with Core 5.14.2. When initiated a self-scan, all files are skipped.

4.7.5

MetaDefender Kiosk 4.7.5
10 April 2025
New Features
Sending files to specific MFT users or email addresses via Kiosk	Kiosk now enables end users to send files directly to designated MFT recipients using their username or email address, streamlining the file transfer process.
Send processed file to MFT accounts without authentication required	Kiosk introduces a new option that allows administrators to configure the Kiosk to send processed files to MFT accounts without requiring prior user authentication
Enforce user-selected file classification for file scanning and storing	Kiosk introduces file classification tags prior to scanning, ensuring compliance with data categorization policies. Classified files are seamlessly transferred to MFT along with their metadata.
Kiosk supports OpenID Connect (OIDC) protocol for SSO and Entra ID	Kiosk now supports OpenID Connect (OIDC) protocol for Single Sign-On (SSO) and Entra ID. With this new support, Kiosk allows users to transfer files without pre-logging into MFT first.
Hardening option to disable Network-related services from Kiosk WebMC	Kiosk now supports OpenID Connect (OIDC) protocol for Single Sign-On (SSO) and Entra ID. With this new support, Kiosk allows users to transfer files without pre-logging into MFT first.
Kiosk supports tombstone files on removal	Administrators can enable tombstone files to replace blocked files from both source and destination, providing traceability of removals.
Manage Network Settings from Kiosk WebMC and My OSPWAT	KKiosk now allows administrators to manage network settings directly through the Kiosk WebMC and My OPSWAT (CM7 not supported). System IP addresses and related configurations can be easily modified within the WebMC interface.
Dedicated workflow for Self-scan	Kiosk supports a dedicated Self-Scan workflow, enables administrators to configure scanning settings more effectively for user-specific needs.
Option to display question responses during file scans	Administrators can configure Kiosk to display question responses during file scans for improved usability and context awareness.
Apply background image to all Kiosk UI screens	Kiosk now allows administrators to apply a custom background image across all Kiosk UI screens, providing greater flexibility and branding opportunities for user interface customization
Support Biocryptodisk ISPX Track encrypted USB	Added support for Biocryptodisk ISPX Track encrypted USB device
Enhancements	-
Improve USB detection time in Kiosk devices with floppy drive connected	UOptimized USB detection performance in environments where floppy disk drive is present.
Enhance Kiosk Hardened Image Upgrade for greater stability and UX/UI	Enhanced Kiosk Hardened Image Upgrade with improved stability, better UX/UI, and bug fixes
Kiosk UI displays network status	The network status is now displayed directly on the Kiosk UI for better management and support.
"Upgrade Now" and "Rollback" are supported in My OPSWAT	"Upgrade Now" and "Rollback" options are now supported in My OPSWAT, allowing administrators to manage software updates more efficiently
UI enhancement in Media Selection to avoid confusion	Improve Kiosk UI in Media Selection screen to prevent certain elements from appearing as buttons to avoid confusions
Disable timeout on Kiosk UI	Administrators can disable the timeout for Kiosk UI entirely, preventing session interruptions and improving user experience.
Include file size in scan history	Processed files in scan history includes a file size column for improved visibility and tracking
Improve handling of unmountable VMDK and TIB files	Improve handling VMDK and TIB files that cannot be mounted. Kiosk will now block these files to maintain security.
Security enhancements	Various security issues have been addressed to enhance the overall security of the system.
Bugs
Resolved incorrect file assignment for non-existence MFT Users	Fixed an issue where files uploaded to a non-existent MFT user were incorrectly assigned to the admin account instead of the Guest account.
Resolved Kiosk crash during email parsing	Fixed an issue where Kiosk could crash while parsing email content.
Resolved Unexpected Return to Setup Wizard	Fixed an issue where Kiosk could unexpectedly return to the initial setup wizard.
Known issues
Files are uploaded to MFT Guest ID when uploads fail	When uploading multiple files from Kiosk to MFT, failed uploads may be incorrectly redirected to the MFT Guest account and displayed to the user
Kiosk may become unresponsive when wiping encrypted IronKey S1000 USB	When wiping an encrypted IronKey S1000 USB drive, it may cause the Kiosk to become unresponsive

4.7.4

MetaDefender Kiosk 4.7.4
7 March 2025
Fixed Bugs
Fixed issue with black screen after upgrade in-place from an older version	Fixed an issue where Kiosk got stuck on a black screen after an in-place upgrade from an older version with the "Boot Hardening" feature enabled.
21 February 2025
New Features
Enhanced Kiosk UI customization	Administrators can now update the logo and background image directly from WebMC. Additionally, you can customize the background and text colors for a more tailored user experience.
Select Blocked Files for Removal	Kiosk introduces a new option that allows users to select specific blocked files for removal, providing more control and flexibility
Kiosk-Generated Manifest File for Improved File Control	Administrators can configure to generate the manifest file directly from Kiosk system. This manifest enhances control over which files are allowed or blocked before being uploaded to MetaDefender Core, ensuring better integration with MD Endpoint and MD Firewall.
Support OAuth Email Authentication for Microsoft 365 (Graph API)	Kiosk now supports OAuth authentication for email integration with Microsoft 365 (Graph API)
SSO Integration with OIDC Support	Kiosk now supports integration with SSO Identity Providers using the OIDC protocol, verified with Manage Engine SSO
Support retrieving file from MFT with SSO OIDC	Supports retrieving files from MFT (version 3.9.0.1 or later) when configuring with SSO OIDC
Manage Core configuration directly in Kiosk WebMC	Kiosk WebMC now supports direct management of MetaDefender Core configurations, including scanning engine status and updates. Additional Core configuration options will be introduced in future updates
Option to disable screensaver while scanning files	Kiosk introduces a new option that allows administrators to disable the screensaver while scanning files and reviewing scan result.
User Questions support Multi-Language	User questions now support multiple languages. When switching to a different language, the user questions will automatically update to match the selected language
Enhancements
Enhanced Auto-Upgrade for Kiosk Hardened Image	The auto-upgrade for Kiosk Hardened image has been improved for greater stability. This release also includes refined wording and visual enhancements for a better user experience. Administrators can now upgrade Kiosk Hardened Image via OCM.
Kiosk application supports Windows 11	Kiosk application now supports Windows 11, ensuring compatibility and performance on the latest operating system
Session log file information is now recorded in the manifest generated by Kiosk	Information of Session log files is now recorded in the manifest generated by Kiosk, ensuring compatibility with OMVA when media containing session log files is used
Restructure layout of settings in Kiosk WebMC	Layout of settings have been restructured for a cleaner and more intuitive experience
Improved AD Login Format Support in Kiosk WebMC and UI	Kiosk WebMC and UI now support Active Directory login using multiple formats, including: Username Domain\Username Username@Domain This enhancement provides greater flexibility for user authentication.
Eject and Exit Button Now Visible in Kiosk UI Settings Bar	The Eject and Exit button is now displayed in the Kiosk UI settings bar, providing users with a clearer and more accessible way to exit the interface.
Support for filenames with special characters in OneDrive file transfers	Enhance file transfer to OneDrive by adding support for filenames with special characters
Bugs
Fixed Deployment ID change not reflecting in Kiosk UI	Resolved an issue where the Deployment ID change did not update correctly in the Kiosk UI, causing license activation failures. The UI now correctly reflects the Deployment ID
Fixed configuration save issue after upgrade	Kiosk version 4.7.4 fixed an issue where data fields is missing after upgrading from an older version (such as 4.6.3) prevented the Guest workflow configuration from being saved.

4.7.3

MetaDefender Kiosk 4.7.2
27 December 2024
New Features
Auto Upgrade Kiosk Hardened Image	In MetaDefender Kiosk version 4.7.3, administrators can initiate the upgrade for Kiosk Hardened Image (version 25.01.0) directly from Kiosk WebMC. The upgrade process backs up essential system and product configurations, automatically downloads the latest version of Kiosk Hardened Image, and performs the upgrade. In case of failure, Kiosk would automatically revert to the previous version to ensure continuity.
Enable RDP (Remote Desktop Protocol) from Kiosk WebMC	Administrators can enable RDP (Remote Desktop Protocol) through Kiosk WebMC. Once enabled, Kiosk will modify the necessary services and settings.
Support for RFID card authentication	Kiosk now supports RFID card authentication. The user can register and associate a new RFID card with their AD account.
Support timezone for syslog messages	Administrators can now configure timezone when integrating with the syslog server.
Support for new encrypted USB Devices	Kiosk supports the following encrypted USB devices: DataLocker Sentry 3.0 DataTraveler Vault Privacy 3.0 (DTVP30M-R)
Support MongoDB password during Kiosk installation	During the Kiosk installation process, administrator can set a password for the MongoDB database for encryption.
Enhancements
Improved Configuration Backup and Restore	Additional information included in Configuration Backup and Restore: Computer host name Custom Kiosk sound file Windows Security Certificates Configurations of MetaDefender Core
Kiosk does not automatically end the session	After the scanning session is completed, Kiosk pauses on the final screen for user acknowledgement.
Improved information in Kiosk UI startup process	The initial process of starting the Kiosk UI has been broken down into smaller steps to provide more detailed information and improve troubleshooting.
Show the created date of files when selecting files	Kiosk UI now shows the creation date of files on the selection screen for files processing.
Kiosk instance remains enrolled in My OPSWAT	Once a Kiosk instance is enrolled in My OPSWAT, it remains enrolled indefinitely and will not unenroll automatically. It can only be unenrolled if an administrator manually deletes or unenrolls the instance
Support SCSI USB devices	The Kiosk now supports copying processed files to SCSI USB devices
Improve character counting accuracy for foreign languages	Improve the character counting method to ensure greater accuracy when enforcing character limits for some foreign languages which require the use of Input Method Editor (IME), for example, Hebrew

4.7.2

MetaDefender Kiosk 4.7.2
04 November 2024
Hidden MD Core Console from KIOSK UI	In this new KIOSK version, access to the MD Core Console has been disabled in the KIOSK UI to address certain security concerns.
18 October 2024
New Features
Support for Smartcard authentication	Kiosk now supports Smartcard for user authentication. Limitation: Authentication for MFR file retrieval is not supported
Embedded Management Console within Kiosk UI for streamlined configuration	Administrators now can access and manage configurations directly from the Kiosk UI without exiting the application. A gear icon on the top right opens Kiosk Management Console for configuration.
Support copying processed files to SharePoint and OneDrive	Administrator now can configure the option to copy processed files to SharePoint or OneDrive directories. Before utilizing this feature, it is necessary to setup Microsoft Entra ID with API integration. If the destination path is left empty, Kiosk will automatically copy the files to the root folder.
Configuration backup and restore enhancement	This update includes additional configurations for backup and restore functionality. Administrators can choose the specific configurations to restore: Local Windows Certificates: Restore all trusted certificates from Certificate Microsoft Management Console (MMC) System Hosts file: Restore the custom Hosts file at C:\Windows\System32\drivers\etc\hosts License: Restore the activated Kiosk license Branding and Logo Customization: Restore logo and branding files found in C:\Program Files (x86)\OPSWAT\Metadefender Kiosk\Client\en\resources Secure connection: Restore the security certificate and enable Secure Connection option User management: Restore configured User Directories (AD, SSO and Entra ID) and accounts Known Wi-Fi network: Restore the known Wi-Fi networks (Notes**_ _ **__: this feature is only available in Kiosk version 4.7.2 or later)
Change logon password on Kiosk Hardened Image	Administrators can now change user logon password directly from Kiosk Management Console on Kiosk Hardened Image. (Notes: This feature is only available on Kiosk Hardened Image. This settings cannot configured via My OPSWAT and the Set setting of OCM)
Enhancements
Permission control on end user folders when copying files	When Kiosk is configured to copy processed files to a destination folder, the Administrator can choose to copy the files to the end user's folder with specific permissions. Inherited: Files and folders will inherit the same permissions as the parent folder Restricted: Only the file owner will have the permissions to access the files and folders
Support on-screen French (AZERTY) keyboard layout	Kiosk now supports on-screen keyboard for French (AZERTY) layout.
Support on-screen Chinese (Traditional) layout	Kiosk now supports on-screen keyboard for Chinese (Traditional) layout.
Display file progress and results for file retrieval	Kiosk now shows the file scanning progress and results when retrieving files.
Hide on-screen keyboard with physical keyboard connected	When a physical keyboard is connected, Kiosk will automatically hide the on-screen keyboard. Administrators can click the keyboard icon on the top right corner to toggle the visibility of the on-screen keyboard.
Improve stability when generating Kiosk support package	Improve stability when generating Kiosk support package.
Improve stability of database when scanning files	Improved stability of database to avoid performance impact when scanning large volumes of files
Improve AD authentication mechanism to prevent user account lockout	In the previous versions, multiple failed sign-in attempts to the Kiosk UI could cause users to be locked out due to Active Directory policies. This new version enhances the AD authentication mechanism to prevent unnecessary fallback methods, reducing the risk of user account lockouts during login attempts.
Enhanced Self-scan on all drives	All drives in the system will be scanned when using Self-scan feature, including the boot sector. When malicious files are detected in the boot sector, Kiosk will lock the system and inform the Administrator.
Support more variables in Email Session Report template	Kiosk supports more variables in Email Session Report template: session_id: Kiosk session ID start_time: Start time end_time: Finish time device_model: Media model device_serial_number: Media serial number device_media_type: Media type device_id: Media ID total_files_scanned: Total files were scanned blocked_files: Number of files were blocked allowed_files: Number of files were allowed skipped_files: Number of files were skipped scanning remediated_files: Number of files were remediated
Enable select files or process all files at workflow level	In the new version, Administrator can configure enable select files or process all on each individual workflow. Select files: User can select files for processing Process all files: User has to process all files in the media Select or process all files: User can select between ‘Select files’ or ‘Processing all files’ option Disable file processing: Kiosk does not process file Use Global Settings: Apply the Global Settings (under configurations > Kiosk UI > Choose Files Scanning Option)
Support unlocking encrypted USBs with passwords containing special characters	Kiosk supports unlocking encrypted USB devices with passwords containing special characters.
Enhanced visual appeal and engagement for Kiosk UI	Several components of the Kiosk UI have been updated with a modern design, enhancing visual appeal and user engagement.
Known Issues
Cannot apply Disclaimer via OCM or My OPSWAT Set settings	After applying a custom Disclaimer from the Set settings in OCM or My OPSWAT, the custom Disclaimer does not apply to instance within the Set. This will be addressed in the next version.

4.7.1

MetaDefender Kiosk 4.7.1
24 September 2024
Enhancements
Support burning files over 2GB to DVDs and Blue-rays	Users can now burn single or multiple files larger than 2GB to DVDs and Blu-rays, removing size limitations.
Enhance logging for troubleshooting	Logs have been enhanced to include additional information, providing more context and details for troubleshooting.
Fixed Bugs
Issue with entire email displayed in Bold text when Heading was used	Resolve the issue that caused entire body of email to appear in Bold text when Heading setting was used. Only intended section will now use bold format, ensuring accurate email presentation.
Issue with failing to create backup file	Resolved issue where Kiosk failed to generate backup files when large crashdump files were present, causing the backup process to fail. This fix excludes crashdump files from the backup, including only the necessary files to ensure a smooth backup and restore process.
Unable to modify AD settings when AD server is unreachable	After upgrading Kiosk, users were unable to modify Active Directory (AD) server settings if the AD server was not reachable. If the AD server is accessible, the settings can be changed without any issues. This fix ensures settings can be changed even when the AD server is unreachable.
Empty workflow page after importing configuration backup	Resolve issue when importing a configuration backup, the workflow page appeared empty due to certain fields not being included in the backup. This fix ensures that all necessary fields are automatically included when importing a backup.
Cannot enable Boot Hardening feature	Resolve issue where users were unable to enable Boot Hardening feature. After enabling the setting and refreshing the page, the setting reverted to being disabled. This fix ensures that the Boot Hardening setting remains enabled after being applied.
Kiosk UI became unresponsive when scanning large files containing numerous encrypted archive files	Kiosk UI became unresponsive when scanning large files containing numerous encrypted archive files. This fix optimizes the scanning process to improve stability and prevent the UI from becoming unresponsive when handling large files with many encrypted archives.
High memory consumption in Kiosk service during scan results display	The Kiosk service was consuming a high amount of memory when displaying scan results for a large number of files. This fix optimized memory usage when displaying large scan results.
Kiosk UI hangs when connection to Core is lost	Resolve issue where Kiosk UI would hang when the connection to the Core was lost. This fix ensures that the Kiosk UI automatically attempts to reconnect to the Core when the connection is lost, allowing it to resume file scanning.
Security enhancements	Various security issues have been addressed to enhance the overall security of the system.
30 August 2024
New Features
Screen Brightness Controls	Users can adjust screen brightness directly on the KIOSK UI, which is particularly useful for installations in low-light environments.
Display OS Name and IP Address	The OS name and IP address of the KIOSK are now displayed on the KIOSK console, making it easier to identify and manage the OS and network configuration of the device.
Support for new encrypted USB Devices	The KIOSK supports the following encrypted USB devices: USB DataTraveller DTVP30M-R USB IronKey D300S USB IronKey D500S
Session log storage on secondary media	Administrators can now configure the KIOSK to save session logs to secondary media during file copy operations. Previously, session logs were stored on the source USB only. (Note: Session logs are currently not included in the manifest file, so the USB will not be unblocked with OMVA. You can use MetaDefender Endpoint (Standalone) to access the files on the USB.)
MFT Guest ID verification support	Administrators can now control Guest IDs rather than relying on automatic generation by the KIOSK. Before starting a scan using the Guest workflow, users must input pre-existing MFT Guest IDs generated on the Managed File Transfer (MFT) system.
Manifest storage configuration	Administrators can configure the KIOSK to store the manifest only on the secondary USB instead of both the source and secondary USBs, ensuring the integrity of the source USB data.
Log file size retention support	Enhanced logging control and optimized storage space by supporting log file size retention.
Enhancements
Windows Registry Interaction Update	To mitigate security risks flagged by some Endpoint Detection and Response (EDR) systems, functions previously relying on reg.exe to interact with the system registry have been updated to use the Windows API, improving system integrity and compliance with security standards.
Copy to Original DVD Support in Copy&Go	The KIOSK now supports copying clean data back to the original DVD during the Copy&Go process, addressing customer needs for this functionality.
Additional hash information in Manifest File	SHA-1 and MD5 hash values have been added to the manifest file, allowing customers to audit and query scan information more easily.
Support for double quote character in passwords	The KIOSK now allows the double quote character (") in passwords when adding certificates to the system.
Sanitized files list in KIOSK UI results	The KIOSK UI now shows a list of files that were sanitized, providing users with detailed scan results and a better understanding of why certain files were blocked or allowed.
Fallback Mechanisms for File Copy Operations	Implemented essential fallback mechanisms to handle exceptions during file copy operations to the secondary USB, ensuring more robust and reliable performance.
Watchdog Feature Improvement	Enhanced the Watchdog feature to ensure that the KIOSK does not restart after pressing the keyboard combination (ALT + S) when the "Reboot at the end of session" option is enabled. This improvement prevents unintended restarts and ensures a smoother user experience.
MFT Guest Code Visibility	Users can now configure the visibility of the MFT Guest Code in the KIOSK UI, allowing more time to record the code for easier file retrieval.
Security Enhancements	Various security issues have been addressed to enhance the overall security of the system.
Fixed Bugs
Issue with Custom Authentication Configuration on OCM7	Resolved an issue where administrators were unable to edit the configuration of custom authentication on OCM7. This fix restores full control over authentication settings for administrators.

4.7.0

MetaDefender Kiosk 4.7.0
09 August 2024
Webpage loading on KIOSK Console	Optimized resources on the webpage to enhance the user experience.
Fixed Bugs
Issue with Certificate Configuration	Resolved issues related to configuring certificates on the KIOSK Console, making it easier for admins to manage certificates. (Note: From this version onwards, to enhance security, KIOSK will no longer support private keys using insecure DES encryption.)
Issue with Configuring "Exit Credential"	This version addresses the issue where KIOSKs were unable to update the "Exit Credential" configuration from OCM/My OPSWAT through Set/Group settings.
29 July 2024
New Features
Innovate the KIOSK Web Management Console	The KIOSK Web Management Console has been totally revamped with a more streamlined and user-friendly design, making it easier than ever to configure your KIOSK.
Support Microsoft Entra ID Authentication on Kiosk UI and Web Management Console	Officially support to configure Microsoft Entra ID as new authentication method for both KIOSK UI and Console through the SAML 2.0 protocol. See [Microsoft Entra ID Integration](Microsoft Entra ID Integration) for more details.
Encrypted Drive Verification and Approval	The Kiosk system protection functionality will check file integrity in the unlocked partitions of encrypted peripheral media devices before decryption. The encrypted devices containing unauthorized data will be spotted and require approval before being added to the data whitelisting and usable with the Kiosk system. See [Encrypted Device Verification And Approval](Encrypted Device Verification And Approval) for more details.
Continuous support for My OPSWAT integration	The administrator can now centrally manage KIOSK(s) from My OPSWAT with the following additional product functionalities: Configuration Workflows Logs Product license activation Uploading custom disclaimer
Support UK keyboard layout	Users can now input UK characters from the Kiosk UI by using the UK keyboard.
Enhancements
Enhance stability and security of KIOSK application	Carry out database improvements and update third-party dependencies to the most recent stable version.
Enable searching through the KIOSK Console session history by submitting a large file	The user can now submit a file larger than 200MB to search for in the KIOSK Console session history.
Compatible support with the new version of CimTrak	Compatible support when integrating with CimTrak 4.1.41
Improve the printing process	Eliminate KIOSK usage or creation of PowerShell script when utilizing the printer to align with the whitelisting service.
Fixed Bugs
Issue copying the remediated file after scanning	Fixed the issue cannot copy the remediated file that was downloaded from MD Core after scanning to a shared folder with Kiosk logged-in user permission
Issue when retrieving files from the network share	Ensure that the authorized AD user can retrieve files from a network share.
Issue when unlocking Kanguru Defender 3000 with the latest firmware	Enhance KIOSK compatibility when unlocking the encrypted USB Kanguru Defender 3000 with firmware version 5.6.7.0
Known Issues
Issue wheIssue when upgrading in-place from older versionsn upgrading in-place from older versions	KIOSK has upgraded several 3rd party components in this version. Therefore, when upgrading from very old KIOSK versions, administrators should uninstall the current KIOSK version to clean up the system before reinstalling version 4.7.0. After reinstalling, configurations will be retained as they were before.
Issue with Custom Authentication on OCM7	Administrators cannot edit the configuration of custom authentication on OCM7. This will be addressed in our next versions.

4.6.8

4.6.8
16 May 2024
New Features
Support for Trellix Encrypted USB	KIOSK can now decrypt and scan Trellix encrypted USB drives using a USB password.
Post-Scan Actions for files inside disk image files	After scanning, KIOSK can copy files from within disk image files to a network share/MFT/Media. Details here: [Processing virtual disk files](Processing virtual disk files)
Support for scanning nested Disk Image Files	The KIOSK functionality enables comprehensive deep scanning of disk image files by seamlessly mounting and scanning all nested files within, ensuring thorough analysis even in the presence of multiple layers of disk image files.
Enhancements
Improved scan speed for small files	We have enhanced the scanning mechanism to speed up the processing of small files. The self-scan speed has significantly improved in this version. Detailed performance metrics are available on this page: [Performance measurement of Self Scan](Performance measurement of Self Scan)
Enhanced Scan Limits setting for file extensions	Administrator can configure file extensions that users are not allowed to select for processing in the KIOSK UI. Note: Scan limits do not apply to the Simplified Workflow.
Improved UX for scanning disk image files	KIOSK now displays the scanning progress for files inside disk image files, and users can view detailed scan results for these files after scanning (via the KIOSK UI or session logs).
Improved application log for engines status	Detailed engines information and status are now shown in the application log when issues occur.
On-Screen Keyboard on KIOSK UI for ADFS Login	An on-screen keyboard is now available for login using ADFS on the KIOSK UI.
Enhanced Authentication with Nested AD Groups	KIOSK now more accurately authenticates users within nested AD groups.
Improved detection of external CD/DVD ROM	Users can scan CD/DVD after starting a session on KIOSK and connecting an external USB CD/DVD ROM.

4.6.7

4.6.7
17 April 2024
Memory Optimization	Addressed an issue where the KIOSK UI experienced excessive memory usage when scanning with a high number of threads. Optimizations have been applied to the memory management processes of KIOSK UI, specifically tailored to handle large-scale thread operations more efficiently.
12 April 2024
Features	Descriptions
Customizable Disclaimer Page	Administrators can customize the disclaimer page of the KIOSK user interface. Admins can create a custom disclaimer page using an HTML file and upload this custom page for the corresponding language. (Note: Currently, there is a limitation where customized disclaimer files cannot be applied to group instances from CM7.)
Enhancements
File Limit Settings	Implemented features to limit file size, total number of files, and total file size when users choose to copy files to a network shared drive without processing through Metadefender Core. (Note: These limits do not apply to retrieving files from MFT).
Disable USB Scan	Administrators can now disable the USB scan feature on the KIOSK UI. Administrators need to disable the "Allow user to browse for files" and "Allow user to process all files" options in the KIOSK console. In this case, users will only be able to perform other actions (such as: Retreive file from MFT) on the KIOSK UI.
Improved UX for Copying Files to CD/DVD	Enhanced user experience when copying files to CD/DVD. Currently, KIOSK does not support wipe for CD/DVD. If an administrator configures wipe before copying files to CD/DVD and a user attempts to copy files to a CD/DVD with existing data, KIOSK will display an error message and allow the user to change to another blank CD/DVD to copy files.
Fixed Bugs
MFT File Retrieval Issue	Fixed an issue where files could not be retrieved from MFT when the option "Do not process files with Metadefender or MFT server" was enabled. This issue has been resolved in this version.
Login Issue for Users in AD Groups with Hebrew Characters	Fixed an issue where users couldn't log in if they belonged to an Active Directory group with Hebrew characters in the group's common name.
Known Issues
The simplified workflow with the file size limitation	The simplified workflow is currently optimized to streamline user operations. So the limits related to file size/total file are not yet supported on the simplified workflow.

4.6.6

4.6.6
26 March 2024
Security Update	Improved security measures for the KIOSK Console to enhance overall system security.
27 February 2024
Features	Descriptions
Support for ADFS Authentication in KIOSK UI and Console	Admin can configure authentication for KIOSK (Console/UI) through the SAML protocol. [More info](More info)
Password Requirements Before Copying Files to USB	User can enter a password to encrypt files retrieved from MFT before copying them to the destination USB.
File Size Limitation for Scanning	Limit the size of files that users can select for scanning. Admins can configure the maximum size of files on the KIOSK/CM console that users are allowed to scan through KIOSK UI.
Total File Size Limitation	Limit the total size of files that users can select for scanning. Admins can configure the maximum size of the total files on the KIOSK/CM console that users are allowed to scan through KIOSK UI.
Total File Quantity Limitation	Limit the total number of files that users can select for scanning. Admins can configure the total file quantity on the KIOSK/CM console that users are authorized to scan through the KIOSK UI.
File Blocking by Extension	Supports users blocking files by file name extension. Admins can configure file extensions that they want to block on the KIOSK/CM console. KIOSK will block these file extensions without uploading them to MD Core server to get scanning results.
Display Incident Detections on CM Console	Supports users tracking incident detections on the CM Console. Admins can track incidents originating from KIOSK, users, or sessions.
Support for Encrypted USB Viasat UK Freedom 100	Added support for encrypted USB Viasat UK Freedom 100.
Embedded Sandbox Engines in KIOSK	Supports scanning files with an embedded Sandbox engine in KIOSK.
Enhancements
Improved File Copy Speed	Improved file copy performance by increasing the number of threads copying files simultaneously. Admins can configure the thread count on the KIOSK/CM console. [More info](More info)
Fixed Bugs
Could not select files for scanning Issue	Fixed the issue where users could not select files for scanning when the "Email current user" option is enabled.
Issue with custom language configuration on KIOSK Console	Enhanced upgrade mechanism to ensure system configurations are updated correctly.
KIOSK UI Freezing	Addressed issue where KIOSK UI would occasionally freeze when performing tasks with encrypted USB.
Black Desktop Screen on Hardened Image	Fixed issue where the screen turns black after running KIOSK for a period of time on the hardened image.
CD/DVD Ejection Issue	Fixed issue where KIOSK would fail to perform tasks after users ejected CD/DVD while scanning with KIOSK.
Issue with Manifest File	Improved checks and handling for manifest files to ensure more accurate system operation with manifest files in the new version.
Unable to save user password at "Enter Vault server to upload files to" option	Fixed issue the users were unable to save their password after updating the password for "Enter Vault server to upload files to" previously.
Wipe Data on Bitlocker Drive	Fixed issue where users couldn't delete data on Bitlocker drive when wiping the drive with KIOSK.

4.6.5

4.6.5 Hotfix 5 Jan 2024	Major release with new features and enhancements
Failed to copy archives with large child files	A critical issue when transfering a large amount of files to MFT has been found and fixed
4.6.5 28 Dec 2023
Features
Navigate to Sub-Folders on Network Drive	Users can now navigate to sub-folders on a network drive when performing a Copy-To operation
Hidden Partition Information in Scan Report	Added information about hidden partitions in the scan report for comprehensive insights
Improved Remaining Scan Time Calculation	Enhanced the accuracy of calculating the remaining scan time
Enforce Local Login Setting	Introduced a setting to enforce local login, enhancing security measures
Stop Processing Files on Block	Added support to halt the scanning process when a specific number of files are blocked
Hide Default English Language in KIOSK UI	The administrator now has the option to hide the default English language in the KIOSK UI
Improved Scan Result Display Speed	Enhanced the speed of displaying scan results for a more efficient user experience
Anti-Tamper Feature Configuration	Enhanced the anti-tamper feature, allowing detailed configuration from the KIOSK console. (UI restart required after updating "Active Keyboard Filter" setting)
Enhancements and fixes
Improved AD User Authentication	Improved the ability to authenticate with Active Directory (AD) user credentials without requiring domain information input on the KIOSK UI
Syslog Result Log Suppression	Enhanced KIOSK to suppress result logs to syslog at the beginning of the scanning process
Enhanced Security	Implemented additional security measures for a more robust system.
Fixed Bugs
DataLocker Sentry ONE Unlock Issue	Resolved the issue where DataLocker Sentry ONE did not unlock during slow connections to its management server
UI Hang during Copy-To to Insufficient USB Capacity	Fixed the UI hang issue when performing Copy-To to a USB with insufficient capacity
KIOSK User Login Issue after Assigning to Primary AD Group	Fixed the issue where users couldn't log in with KIOSK after being assigned to the primary group in AD
Disk Management issue with OMVA	In the latest release of OMVA (version 2.0.9), we have addressed an issue where OMVA was not functioning optimally with Symantec and Disk Management.
Known Issues and limitations.
Exit Credential Feature Configuration Reset	There is a known issue where the configuration of the Exit Credential feature may be reset after upgrading to the new version
Unable to save user password at "Enter Vault server to upload files to" option	Will be addressed in the next version
Data are not deleted after wipe Bitlocker

4.6.4

14 November 2023	Major release with new features and enhancements
Features
Enhance Security with Anti-tamper Hardening OptionCopy&Go secondary media handling	When enabling the feature from WebMC, default Windows input compounds will be blocked and cannot be exploited to escape KIOSK mode. Notes: The shortcut to turn off KIOSK application is changed to ALT+S
Automatically unlock and process encrypted USBs with organization password	Organization-level alternative decryption security keys can be provided in management console and used as pre-configured password (max to 2 entries) to unlock encrypted USBs.
Simplified workflow	This new and minimal workflow is introduced to support plug-and-play media scanning with automatic decryption and result display (notes: when it is ON, the full workflows for Employee and Guest are disabled.)
Support files redaction, complete the workflows with Data Leak Prevention	Besides sanitizing infected files and detecting potential leak, KIOSK now is able to redact/substitute sensitive information and watermark files. Notes: The new term for sanitized and redacted is now Remediated
Support rescan retrieved files from Vault	Previously KIOSK allows to rescan the retrieved files from a directory, now this feature is available for an integrated Vault.
Support HCI network volume	The new version of OMVA 2.0.8 comes with new KIOSK is compatible with Cluster Shared Volumes in HCI (Hyperconverged infrastructure)
Enhancements and fixes
For Hardened image	KIOSK is compatible with Windows Defender KIOSK starts from service.
Improve the self-scan feature	It’s now possible to schedule self-scan on a certain weekday
Enhance the labeling of CD-ROM/DVD/BD-ROM in the scan result	Scan results and log now show the correct media type for CD/DVD and Blueray disc
Several defects have been addressed.
Known Issues and limitations.	Will be addressed in our next versions.
The power options in Start Menu sometimes disappear after closing KIOSK.
Sometimes, File Explorer will be triggered behind KIOSK Application.
KIOSK currently does not have the capability to retry entering the password for Kanguru Defender 3000.
Set Settings cannot apply Anti-tamper Hardening to all KIOSK instances.
Cannot trigger Self Scan by clicking SCAN NOW because Simplified workflow already starts a session.	Workaround solution: Admin can configure Schedule Self Scan and enable option Allow Self Scan to cancel any currently running scan to trigger Self Scan

4.6.3

31 August, 2023	Release focused on enhancements and bug fixes
Features
Copy&Go secondary media handling	Introduced new button to allow choosing to insert secondary media at the start or end of a Copy&Go session A new config option now exists in File Handling of a workflow to only allow inserting secondary media at the end of a session
Exit Kiosk with administrator AD credentials	Extended the configuration to allow exiting the Kiosk with AD administrator credentials
NTFS ADS detection	Added ability to detect and warn that an Alternative data stream was found in a processed file. This information can be seen in session history and in the reports.
Disable Vault ID display	Vault server configuration allows to disable showing any Vault ID information on the UI
Support for additional encrypted devices	DataLocker Sentry ONE Viasat Eclypt Viasat Freedom 600
My OPSWAT integration	Initial preparation for basic inventory & license reporting support in a future My OPSWAT release (end of September)

4.6.2

26 June, 2023	Vulnerability fixes OMVA Release: 2.0.7.174
Features
Security note	The system administrators are required to make Kiosk machine more secured by following actions: Set a BIOS password Enable TPM and Secure Boot in the Windows system Turn on BitLocker encryption
Fixes
System hardening	Disable keystrokes to maintain uninterrupted Kiosk operation and reduce interference (CVE-2023-36657) Prevent unintended executables to be ran (CVE-2023-36658) Prevent overly long input (CVE-2023-36659)

4.6.1

8 May, 2023	Security patch release - 4.6.1.9996
Fixes
System hardening	Optimized Windows system settings to maintain uninterrupted Kiosk operation and reduce interference

18 April, 2023	Release - 4.6.1.9995
Features
Preloading passwords for encrypted archives	Allows users to preload list of passwords for encrypted archives before the scanning
Enforce remote login	Administrators can disable remote login for local, AD, or SSO users
Screensaver	Kiosk can play a video after a predefined amount of idle time
SDMS MkIII AES Duoulock support	SDMS MkIII AES Duoulock can be unlocked and processed
Media types	The admin can configure Kiosk to accept encrypted USBs only
Fixes/Enhancements
SSL certificates	Certificates added in the management console are stored in the Microsoft Certificate Store
Copying to disc	Fixed issue that prevented copying from one disc to another in the same session
Password protected archive\document handling	Corrected issue where certain passwords would not unlock files and Kiosk would re-prompt for input. Improved encrypted archive handling when scanning with Vault.
Time filter in custom log display	Removed the custom time setting in Dashboard, Application Log, Windows Event Log, & Visitor Log
Verbose log compression	The support package is compressed at the highest level
Time format of [time] for Vault server	hh:mm:ss is changed to hh-mm-ss
Scanning duration	Enhancement of performance when utilizing existing process results
Copy&Go	All preparation actions need to be done prior to the scanning and the session ends without additional user actions

4.5.8

11 October, 2022
Features
Statistic information for Central Management	Added a periodic system health check and provided detail of session statistics for Central Management, for tracking purposes.
Hide Vault access ID on UI	The Vault access ID is now hidden on the UI. Users can temporarily reveal the ID for 3 seconds.
Sessions finish automatically	Enhanced the ability to complete session automatically without waiting for user actions. The session waits on pages where user input is required or results are necessary to view.
Visitor Management configuration	Specific visitor questions can now be enabled/disabled. Management or Contact persons can be configured to not receive session reports attached to visitor check-in emails. If no further questions are configured in a workflow, visitors are navigated to media detection screen immediately.
Fixes/Enhancements
UI unresponsiveness	Scanning a large amount of data may cause the Kiosk UI to hang indefinitely. Kiosk can detect this hanging, terminate and revive the UI to the state where hanging occurred.
Scanning archive files	Fixed mounting issues with TIB/VMDK/VHD archive files.
File retrieval	Encrypted devices are now supported in file retrieval.

4.5.7

30 August, 2022
Features
SMTP configuration	Sender input is mandatory for email settings (e.g., From field). The configured user for SMTP access needs to have permission to send as a configured email sender.
Email improvements	Session reports can be emailed to multiple recipients. Pre-defined variables can be inserted into the body of the email to show some select data from a session.
Password change required on first login	Newly created users are required to change their password on their first login to the Management Console
Active Directory configuration in Visitor Management	Administrators can configure both AD users and groups as Contacts for Guests
Auto-selection of workflow	Administrators can either let employees select a workflow or automatically move forward with the first matched workflow an employee can use
Fixes/Enhancements
Custom command script	The syntax now works the same as on a DOS terminal
Scanning Pause/Resume	Pausing a scan requires additional confirmation
User authentication	Corrected the display for custom authentication on changes of Display disclaimer screen. Authentication performance was also improved.
Performance enhancement for AD queries	Sped up the performance when connecting/querying to AD server

4.5.6

24 May, 2022	This release focused on new features OMVA Release: 2.0.6.167
Features
Non-authenticated workflows	Kiosk administrator can create multiple workflows for guests to select on demand.
Email template	Emails can now be customized with logos, text colors, and font sizes for workflows.
Fixes/Enhancements
Visitor configuration	Corrected issue where loading a large amount Active Directory users would take a long time for Visitor Contact configuration.
Retrieval page	Direct navigation to the Vault retrieval page occurs when only one retrieval option is enabled.
syslog data	Expanded session data in json format for syslog messages.

4.5.5

28 March, 2022	This release focused on new features and bug fixes/enhancements
Features
Upgrade in-place	Upgrade of Kiosk no longer requires uninstallation of the previous version. This allows for history logs to be maintained in between version upgrades. The original upgrade method still operates the same.
Copy empty folder	Empty folders from scanning sources are copied to local/network destination after scanning
Fixes/Enhancements
Skipped file reporting	Files not able to send to Core for scanning are now considered as Skipped files. Customer can configure to show/hide skipped files in their workflow printing options.
Trust self-signed certificates	Administrators can add self-signed certificates to trust directly in the Management console
File integrity monitoring	Corrected issue where Kiosk would be disabled by file monitoring when the feature was disabled
Stale processing results	Any change to a Core workflow will require a file to be analyzed to ensure results reflect the latest policy configured
Self Scan	Inaccessible system files are skipped during a Self Scan to avoid indefinite retries to scan

4.5.4

20 December, 2021	This release focused on new features and bug fixes/enhancements
Features
Country of Origin	The Country of Origin feature helps administrators add more restrictions on the scanning result by specifying which countries a publisher resides in as forbidden. Files published from forbidden countries are considered blocked.
Configurable printing per session type	Allows printing to be enabled/disabled separately for each action Scan/Retrieve/Wipe
Fixes/Enhancements
Scan result for encrypted archives in Copy&Go mode	Fixed issue that showed both Allowed and Blocked status on the same file
Slow processing time for a large dataset	Improved performance in processing large datasets

4.5.3

2 November, 2021	This release focused on bug fixes and enhancements
Features \ Enhancement
Skip Print button displayed for all session flows	Added Skip Print button when Print button is displayed
Editing workflow with many AD members assigned	Optimized performance with workflow loading to allow workflows with a large amount of members assigned to be edited
Support for updated encrypted device software versions and retrieving files	Added support for updated versions of some encrypted device software and corrected instances where retrieved files were download to incorrect volumes leading to failures
Fixed
Reports being stripped from emails	Modified content type in email reports to prevent specific email policies from blocking attachments
Retrieve files to disc	Fixed issue that prevented files to be retrieved and copied to a disc
Session history failing to load in certain cases	Corrected background sorting of session history that caused for sessions to not be displayed in the Management Console

4.5.2

16 September, 2021	This release focused on support for nested group login, archive file selection, session report sent for Visitor Management and bug fixes
Features
Nested group support for login	Active Directory with nested group supported for login in Kiosk UI
Archive file selection	Support multiple selection of password protected archives to scan
Visitor Management	Session report is sent to Manager, Contact, and Guest
Fixed
Phone detection	Fixed issue with phones not being detected
Central Mgmt config push affecting SSL settings	Prevented export/upgrade of certificate settings
Mismatch file result display in Session History	Corrected the display of mismatch result in session report
Configuration import	Fixed issue where certain settings were not maintained on a configuration import
Email session report	Correct cases where email was sent without a sender
Browse window	Refined UI browsing page

4.5.1

27 July, 2021	This release focused on blank disc detection, CM set settings, and OMVA logging enhancements. OMVA Release: 2.0.5.137
Features
OMVA Logging	Accessible logging in json format generated when plugging & validating media into a machine with OMVA installed
Printer Status	New icon on UI to show current printer status
Session history username filtering	Able to filter Session History in the Management Console by username
Fixed
Copy file to disc	Corrected detection of a blank disc as destination media to copy files to
"Set Settings" applied to all instances	Fixed issues causing Central Management failing to "set settings" to other Kiosks. Extending timeout settings in CM may be necessary
Workflow selection	Adjusted workflow selection for better usability
Session log saved to network share	Fixed case where the session log was not properly saved to a network shared folder
Management Console login	Modified Management Console behavior to only allow a user to be logged in from a single browser
USB whitelisting	Serial number to include vendor name and model

4.5.0

Management Console support for Internet Explorer has been dropped

15 June, 2021	This release focused on User workflow selection, adding Spanish translation and other bug fixes. OMVA Release: 2.0.4.130
Features
User workflow selection	A user may now be assigned to multiple workflows either by direct assignment or group assignment. When logging in to a Kiosk session, users will be presented with their assigned workflows to choose.
Spanish translation	Added support for default Spanish translation
Mail configuration test	When configuring SMTP settings, administrators may now test their settings within the mgmt console
Fixed
OMVA failing to validate media after a reboot	Fixed issue where media validation no longer worked after reboot in certain domain environments
Saving session logs to network shares	Corrected issue that prevented session logs from saving to networks shares due to permission issues
Allow sessions to end automatically	Modified session flow to adhere to UI timeout settings when the session is done
Active Directory load when editing workflows	Further enhancements to speed up the AD user & group loading when a workflow is edited
Local user password restrictions	Removed extra restrictions on passwords for local users and increased the minimum length to 12 characters

4.4.12

6 May, 2021	This release focused on file limit configuration with Vault processing, correcting VMDK with Linux file systems and other bug fixes.
Features
Vault processing - File size limit	File sizes can now be limited to dictate what is uploaded to Vault for processing
Vault processing - File count limit	The amount of files can now be limited when processing files with Vault
Copy-to media device info in logging	When files are copied to secondary media, the device information of this media is now included in the session logging
Fixed
Processing VMDKs with Linux file systems	Fixed issue with failing to process contents in a VMDK with Linux file systems
Processing discs with CDFS file system	Corrected detection error the prevented processing discs with CDFS file system
Hebrew language display	Restored Hebrew display when browsing for files and selecting copy-to directories
Management Console login case insensitivity	Modified mgmt console login to not require case sensitive username input
Retrieve available files from Vault	Enhanced Vault file retrieval to not display files that are not approved by a supervisor
Email reports	Fixed issue where email reports were sent to incorrect recipients with similar names

4.4.11

6 April, 2021	This release focused on syslog support for TLS over TCP and other features & bug fixes.
Features
syslog support for TLS over TCP	syslog can now be configured to send messages using TLS
USB Copying Whitelist and Retrieving files	The whitelist to allow USBs to copy files to now also applies to retrieving files from Vault or directory
Battery percentage display	If MetaDefender Kiosk is deployed on a battery powered system (i.e. tablet\laptop) a battery power indicator will be displayed on the user interface in the bottom right corner
Disable hash calculation for non-processing session	For workflows where no processing is configured, the hash calculation of files can be disabled to allow for a faster session completion time
Fallback to OS logged in user when copying files to a directory	File handling to copy files to a directory now has the ability to enable copying files as the OS logged-in user if copying using the Kiosk user session credentials fails
Fixed
Media detection	Corrected further issues with media detection: encrypted devices being detected as CDROM media insertion not being detected after a wipe event
Wipe functionality	Corrected further issues with wiping media: encrypted device handling attempting to wipe the un-encrypted disc partition wiping hanging on completion device detection not operating after a wipe event
AD User & Group load in workflows	Improved the mechanism to load the list of AD users & groups to better handle large amounts
Retrieve files from Vault	Fixed a case where authenticating a user to Vault for retrieving files was failing
Send email only when blocked files are found	Restored the expected behavior of the workflow email setting to only send a session report email when a blocked file is found in a session

Added a survey in the Management Console to collect feedback

4.4.10

4 February, 2021	This release focused on Digital session log signing and bug fixes.
Features
Digital signing of session logs	Session logs can now be digitally signed with a configured certificate to ensure logs have not been tampered with
Supported browsers for the Management Console	The Management Console supports Chrome, Firefox, and Edge browsers. Internet Explorer and others are not officially supported
Fixed
Media detection	Enhanced media detection logic to reduce inconsistent issues with misdetection or improper identification of media
Copy & Go and copying to user media destination	Copying files to a secondary media is now supported when Copy & Go processing is enabled
SSO Management console login from a remote system	Fixed a redirection issue that caused users to not be navigated into the mgmt console after a successful SSO login
Guest workflow file retrieval	Corrected issue where Guests were not allowed to retrieve files if certain user authentication settings were set

4.4.9

12 January, 2021	This release focused on user experience enhancements & bug fixes. OMVA Release: 2.0.3.96
Features
Estimated time remaining display during processing	Processing progress indicator now shows current time elapsed and estimated time remaining
Retrieve files from Vault as a Guest	Guests can retrieve files from Vault using a Guest ID
Multiple copy-to directory support	Multiple copy-to directories can be configured in file handling. Users can select which directory to copy to when the user copy selection is enabled.
Browse file selection totals	Options for browsing files can now be set to display the number of files selected and the total size of the selection
Fixed
File\Session history export	Corrected issues with the export taking too long to generate and timing out connections
Retrieve files from Vault as an AD user	Fixed problems with retrieving files from Vault for certain AD user configurations
OMVA multiple media manifest support	Adjusted OMVA support for handling multiple media manifests on a device

4.4.8

8 December, 2020	This release focused on Single Sign On user login to the Management Console & bug fixes. OMVA Release: 2.0.2.94
Features
SSO authentication for the Management Console	Management Console login settings have been expanded to allow connecting an Identity Provider via SAML 2.0
Fixed
Custom workflow editor load time for a large AD	Reduced the amount of time it takes to load the AD user\group list when editing a custom workflow
Periodic Core test	Fixed eicar test string generation that was affecting the detection rate
OMVA non-ascii path support	Corrected OMVA support for handling file paths with non-ascii characters which would result in blocking media

4.4.7

10 November, 2020	This release focused on Active Directory user login to the Management Console & bug fixes.
Features
Allow AD users to log in to the Management Console	Management Console login settings have been expanded to allow connecting Active Directories to allow users/groups to login
Fixed
Session log directory in Central Management	Fixed validation error that prevented setting the session log directory from Central Mgmt
Automatic export	Corrected non-ascii errors with automatic export and added Scanning System information to the csv

4.4.6

13 October, 2020	This release is focused on bug fixes.
Features
Configurable result for un-processed large files	Management Console administrators can now specify if a file should be allowed or blocked if it exceeds the file size limit for sending a file to MetaDefender Core.
Fixed
Floppy drives consistently spinning	Fixed issue where certain floppy drive models would spin up consistently while Kiosk was running
Workflow login selection	Corrected instances where mapping a logged in user to a workflow did not follow the configured order
File size process limit	Adjusted file size calculation to prevent errors with setting file size limit for processing files
Core URL validation	Repaired error detection that would prevent connecting a Core via hostname

4.4.5

15 September, 2020	This release is focused on simplifying HTTPS configuration within the Management Console and bug fixes.
Features
Configure HTTPS from the Management Console	Management Console administrators can now configure listening port and HTTPS settings from within the Management Console
Configurable boot sector processing	Boot sector files can now be disabled from appearing in browsing for files to process and not included when processing all contents of media
Fixed
UNC file path support for retrieving files	Fixed issues where retrieving files from a UNC path would fail
User question display in session export	Session export data now displays the user question and answer to the question in order
Copying files to disc	Corrected instances where long file paths were failing to be copied to discs

4.4.4

18 August, 2020	This release is focused on Configuring the order workflow profiles are used to map a user to, periodic testing of Core servers and bug fixes.
Features
Configure order of workflow profiles	Custom workflow profiles can now be manually adjusted to indicate the order in which users are identified to belong to
Periodic Core test	Kiosk can be configured to periodically send an EICAR file to ensure Core's detection is functioning
Fixed
Email session report	Corrected issues with connecting to SMTP, sending emails to the logged in user and guest users
Authentication failure when Remote AD SSL is enabled	Fixed active directory communication to not attempt the default LDAP port when SSL is enabled
Automatic export of session\file history logs	Export log path configuration was failing to save and the file history export was lacking information, this has all been corrected
UNC path support for session logs	Fixed issue that prevented configuring a UNC path for specifying where session logs were written out to

4.4.3

16 July, 2020	This release is focused on Copy & Go processing, ability to retrieve files from a directory and configuring the install password for OMVA OMVA Release: 2.0.1.92
Features
Copy & Go processing	New Core processing option that allows copying files to the system and removing media before file processing begins
Retrieving files from a directory	Ability to retrieve files from a local or network share and run the files through Core before copying to the inserted media
OMVA configurable uninstall password	The uninstall password can now be modified for deployments to endpoints
Whitelist for secondary media	Whitelist can now be specified for copy-to media
Fixed
Language import	Corrected issue where languages were not allowed to be edited after importing configuration of a previous release
IP support for SMTP host configuration	Fixed issue where connecting to an SMTP host configured by IP would fail
Hostname for syslog	syslog server can now be configured by either IP address or hostname
Users and Groups synced in workflows on Central Mgmt	The users and groups re-assigned to other workflows on Central Mgmt now updates as expected and syncs to the Kiosk instance's settings

4.4.2

5 June, 2020	This release is focused on fixing issues with remote Active Directory support
Fixed
Remote Active Directory connection and assigning users and groups to a workflow	Fixed domain identification issues that would block adding an AD server. Corrected problems where displaying the users and groups of a server would fail.
Usability of selecting groups to assign to a workflow	Added the ability to search the groups list to find specific entries

4.4.1

15 May, 2020	This release is focused on adding support for multiple AD servers and log retention
Features
Multiple Active Directory support	Multiple active directories can now be added to expand the coverage of users allowed to use Kiosk
Automated log retention	Application logs and session history can now be set to automatically clean up records older than a configured time span
Fixed
Issues with user authentication and foreign language passwords	Fixed issues where users could not authenticate when their passwords contained foreign characters
Username & user response variables for the copy-to directory	Copy-to directory validation has been fixed to allow the user name and user response variables
UI exit password setting	Fixed an issue where the exit password was changed when user authentication settings were modified
Offline systems could not locally access the mgmt console	Updated internal management console settings to allow offline systems to access the console locally
Selecting groups to add to a workflow	Only allowed groups are displayed to assign to a workflow
Central Management v7 configuration sync	Corrected many issues where settings disappeared from the Central Management view or were applied incorrectly

4.4.0

16 April, 2020	This release is focused on adding NGINX to serve the Management Console, allowing Guests to receive summary reports via email, and providing passwords with encrypted archives when processing with Vault
Features
NGINX serving the Management Console	IIS Express has been replaced with NGINX to power the Management Console
Guests can email session reports	Guests are now prompted to enter an email to session reports, when emailing reports is enabled
Send passwords with encrypted archives when processing with Vault	When an encrypted archive is identified, a password can be input to submit the file to Vault for processing
Support for Kanguru Defender Elite 200	Added support for processing Kanguru Defender Elite 200 USB
Fixed
Setting custom export date range	Fixed the date selection to allow setting a custom date range to export session or file history
OMVA install via automated deployments	Modified OMVA installation to work successfully in remote deployments
Hash verification copy failure with extension-less files	Corrected an issue with hash verification failing on files without an extension
Copying files to a network share as Guest	Copying to a network share now utilizes the credentials of the user logged in to the system to copy files in the Guest workflow

4.3.11

13 March, 2020	This release is focused on the flexibility with the Vault copy-to directory structure, file deletion confirmation for users and other bug fixes
Features
Specify Vault copy-to directory structure	Administrators can now indicate the directory structure of how files are uploaded to Vault when configuring a Vault server
Allow users to confirm to delete all blocked files	When blocked file handling is set to delete files, an Administrator can now allow users to confirm whether the blocked files should be deleted or not
Fixed
Copy-to media blocked with OMVA	Copying all allowed files to a secondary media that was wiped would still cause OMVA to block the media. This workflow has been modified to allow OMVA to unblock the media as expected.
Configure syslog settings from Central Management	A managed instance's syslog settings can now be configured via Central Management v7
Single password use to unlock multiple encrypted archives	Fixed an issue where the checkbox to supply a single password to multiple encrypted archives was not being respected
AD groups are only allowed to be added to a workflow profile	Only AD group objects will be allowed to be added to a workflow profile to reduce confusion with authentication issues
Sanitized file handling with the custom command line script	Corrected an issue where sanitized files were not handled in a configured script

4.3.10

11 February, 2020	This release is focused on bug fixes
Fixed
Detection of multiple Linux partitions	A device with multiple non-Windows partitions can now be browsed through and processed
Vault entry changes applied automatically to selections	Any changes made to an entry in the Vault server list are automatically applied across all configured selections of that specific server
Windows XP+ support for OPSWAT Media Validation Agent	OMVA now supports Windows XP and above
Report files quarantined by Core	Files quarantined by Core are now reported on the session summary without having to configure to have the files removed
Language menu button on the on-screen keyboard	Corrected button behavior where the keyboard language button would remain open despite clicking away from it

4.3.9

14 January, 2020	This release is focused on Vault upload to user configuration and bug fixes
Features
Specify Vault user to upload files to	New configuration option allows for specifying a Vault user to upload files to in addition to the previous settings of uploading to the user logged into Kiosk or a guest account
Fixed
Retrieve files from Vault	Fixed issues with downloading files from Vault among multiple users
File sizes displayed in browse	Corrected the file size display when browsing for files

4.3.8

10 December, 2019	This release is focused on Imaging Media and bug fixes
Features
Image Media	New process flow allows for an image to be created of the inserted media and uploaded to a specified location (e.g. Vault or directory)
Fixed
IIS Express 10 support	Kiosk REST service now runs uninterrupted if the underlying IIS Express is upgraded to version 10
Updated German language strings	German language strings are now up-to-date
Blocked sound playback	Fixed an issue where the sound byte to alert for blocked files would not play at times

4.3.7

12 November, 2019	This release is focused on Visitor Management and bug fixes
Features
Visitor Management	Visitor management allows the ability for guest users to check-in to an organization via the Kiosk. During the check-in process the guest user accepts any agreements specified by the organization, a badge for the visitor can be printed and contact\admin personnel are automatically notified when a guest has arrived.
Fixed
Korean keyboard character composition	Onscreen Korean keyboard has been fixed to correctly combine Hangul characters
Device whitelisting applies to destination media	Device whitelisting is now applied to destination media, in addition to the source media used for processing
Copy files to IronKey USB	Corrected behavior where files were copied to the wrong volume for specific IronKey USBs

4.3.6

8 October, 2019	This release is focused on Management Console enhancements when Kiosk is managed and bug fixes
Features
Management Console settings locked when instance is managed	The Management Console now has the ability to show details when it is managed. If managed, changes to settings are disabled. Currently supported for Central Management v5, v7 in the future.
Configure the length of time a Vault guest account is valid	Administrators can now specify how long a created Vault guest account can remain valid
Fixed
Processing system files	Enhancements made in attempting to process system files that may be potentially locked
File integrity monitor event	Upgraded the visibility of a file integrity monitor event to be included in the syslog application events

4.3.5

10 September, 2019	This release is primarily focused on bug fixes
Features
Delete after retrieving files	Retrieving files from Vault can now be configured to delete the files from the server after download
Fixed
Copy to disc folder structure	Copying to disc no longer creates a Session ID directory when the no subfolders option is enabled
Settings display on Central Mgmt v7	Fixed issues with some fields being improperly displayed in Central Mgmt
LDAP groups workflow profile assignment	Corrected an error where a users logging in to Kiosk were not identified under a user group assigned to a workflow profile

4.3.4

13 August, 2019	Release focused on adding Kiosk high availability, Layer 7 load balancer support and bug fixes
Features
Ability for Kiosk to use multiple backup servers during a session	Multiple backup servers can now be configured in the global configuration. Within a workflow profile, it can be designated for Kiosk to attempt processing a file among any available MetaDefender server during a session.
Support for Layer 7 Load Balancer with MetaDefender	A Load Balancer can now be selected as the primary server for processing files
Regular expression support for media whitelisting	Media whitelisting can accept regular expression rules for more flexibility in configuring allowed devices
Option to disable SSL verification	Certain offline environments cannot successfully verify SSL certificates due to the network structure. Kiosks in these special instances can be configured to workaround these limitations.
Fixed
Issue with MetaDefender verification only working through TLS 1.0	MetaDefender connection testing in the Management Console has been fixed to utilize the latest security protocols when available (e.g. TLS 1.2)
Virtual keyboard input	Corrected ability to insert/delete characters within an input text box rather than only at the ends of the input
Unlock for IronKey D300 Managed devices	Updated ability to handle different versions of IronKey D300 Managed devices
Interface timeout not triggered while waiting for media to be inserted	Fixed the interface timeout to apply while waiting for media to be inserted
Updated Custom Authentication Module template	Custom Authentication Module template & tester have been updated to 64bit

4.3.3

9 July, 2019	Release focused on adding Kiosk self scan and bug fixes
Features
Kiosk self scan	Allows the user to periodically or on demand utilize the MetaDefender Kiosk to scan its file system for possible infection
File handling option to copy allowed files to the original media	New copy-to route will wipe the original media and copy all allowed files back to it
Select to not submit special archive files, mounted by Kiosk, to Core	Only applicable to Acronis backups, virtual hard disks and/or VMware virtual machines. Can now choose to withhold these files from Core if its contents have already been processed.
Prompt users for the password to password protected documents	When password protected documents are encountered (Word, PDF, Excel), they will now be prompted for passwords for processing their contents.
Generate a log message and warn the user when disk capacity reaches 80%	To help our customers ensure that the Kiosk has sufficient space to operate, it will generate a log message when disk capacity has reached 80% or higher.
Updated Custom Authentication Module sample code to include 64-bit	To better facilitate CAM users in upgrading from V3 to V4, the CAM sample code has been cleaned up and generated in 64-bit
Fixed
Kiosk failing to quarantine read-only files	Read-only files are now supported for quarantining
Fixed VHD mounting that was broken by recent Windows 10 updates	Windows 10 updates changed the case of the name of the drive being attached. Fixed parsing to handle variable case string.

4.3.2

11 June, 2019	Release focused on adding the OPSWAT Media Validation Agent, support for Avira-Iron-Drive, and bug fixes
Features
Added the OPSWAT Media Validation Agent	The OPSWAT Media Validation Agent can be downloaded from the Management Console Resources section. This agent can be used to ensure media is processed by a Kiosk before it can be mounted on an endpoint.
Support for Avira-Iron-Drive	Files can now be processed within or copied to an Avira-Iron-Drive.
Fixed
Changes made to the disclaimer not being updated	Corrected issue where making changes to the disclaimer content were not reflected in the UI
Sentry 3 FIPS unlock enhancement	Enhanced the unlock mechanism for Sentry 3 FIPS to correctly unlock versions with different behavior
Disabling boot hardening may hang	Fixed disabling the boot hardening to not cause a hang and fail to update the correct status on the mgmt console for some cases
Central Mgmt synchronization error	Added more protection to avoid issues with Central Mgmt configuration pushes failing

4.3.1

15 May, 2019	Release focused on fixing Management Console logins for all timezones
Fixed
Login to the Management Console	Corrected issue where login to the Management Console would fail on certain systems

4.3.0

14 May, 2019	Feature release focused on adding user support for the Management Console, support for Non-Windows file systems and minor bug fixes
Features
User login for the Management Console	User login is now required to access the Management Console *In keeping parity with MetaDefender, custom integrations to the REST API with passwords will no longer function. You must set up an API key per user. When installing, you must use the creation wizard to create your first admin user. Admin credentials are no longer created automatically.
Support for Non-Windows file systems	Processing media content in Ext2/3/4, HFS Plus, HFSX, and APFS file systems is supported
Discs allowed to retrieve files from Vault	Retrieving files from Vault can now be downloaded to a disc
Fixed
Enabling boot hardening	Security enhancements made to allow boot hardening for all systems
File handling count display	A count of the current file progress is now displayed when files are copied/moved to a destination
Product activation through a proxy	Online activation can now complete successfully via a proxy server

4.2.15

18 April, 2019	Feature release focused on internal enhancements for Central Management
Fixed
Improvements for Central Management	Under the hood enhancements to allow the management of Kiosk instances to be smoother

4.2.14

9 April, 2019	Feature release focused on adding support for VMware virtual machines and bug fixes
Features
Mount and scan VMware virtual machines	Added support for processing within VMDK files
French translation	French language can now be selected as one of the default languages
Upload files to Vault	Vault upload in the file handling of a workflow can now be specified to upload files singularly (with the addition of file scan results) or all packaged within a zip
Password prompt for nested encrypted archives	Password prompt will be displayed for encrypted archives found within encrypted archives
Integral Courier encrypted USB support	Integral Courier can be unlocked and processed
Kingston IronKey D300 Managed support	Kingston IronKey D300M can be unlocked and processed
Fixed
CEF Extension field format	The Extension field in the CEF messages have been fixed to conform to correct CEF standard
German language	German language strings have been expanded upon

4.2.13

12 March, 2019	Feature release focused on processing contents within virtual hard disks and minor fixes
Features
Mount and scan VHD & VHDX	Added support for processing within virtual hard disk files
Fixed
Copying sanitized files would fail for certain users logged into a Kiosk session	All users are now able to copy sanitized files to the desired destination
LDAPS connection	Connecting to a directory server via LDAPS has been improved

4.2.12

12 February, 2019	Feature release focused on system boot hardening, folder navigation on Vault and allowing copying original with sanitized files
Features
System boot hardening	With boot hardening enabled the taskbar on the desktop will be not be loaded, thereby disallowing any PC functionality to a user until the Kiosk starts.
Folder navigation when retrieving files from Vault	When browsing for files to download from Vault, folders can be accessed and downloaded to the desired media.
Copy the original file along with the sanitized version	New configuration option added for Copy-To actions that will allow an administrator to specify copying the original file along with the sanitized version.
Fixed
Emails not being sent to the user logged into the Kiosk session	Kiosk can now identify the email address of the logged in user from a remote AD server.
LDAPS authentication failure	Users can authenticate using LDAPS functionality with improved routing.
Handling sanitized file naming convention	Now an incremental number is only appended to the file name during copy to avoid file collisions.

4.2.11

8 January, 2019	Feature release focused on allowing multiple devices to be wiped in one session and stability enhancements
Features
Wipe multiple devices in one session	Multiple devices can be inserted at the wipe option selection screen for the wipe to be performed on all devices
Warning message is displayed if a file is not processed by MetaDefender	A warning message is displayed before the session results screen if any file is not processed by MetaDefender
Fixed
Backup server selection when the primary MetaDefender instance is unable to process files	The decision to use a backup MetaDefender server has been enhanced to ensure a primary MetaDefender instance is not used when it is unable to process files. Any MetaDefender instance that reports problematic issues will be noted on the Mgmt Console and the issue logged in the application log.
syslog message format for TCP	Some syslog messages were missing line breaks which caused parsing issues for some syslog management systems when receiving data over TCP
Enhanced retry mechanism for files that are unable to be opened	Certain files have some permissions that block Kiosk from accessing them to upload the file to MetaDefender for processing. The ability to retry on these files and allow for successful upload has been enhanced. This does not apply to locked system files.
Processing an iPhone with iTunes installed	After installing iTunes and then selecting files from an iPhone to process, the selected files would not be processed. Functionality has been restored.

4.2.10

11 December, 2018	Feature release focused on expanding support for processing non-Windows file systems and simplifying blocked files reported in session reports.
Features
Blocked results directly reported from MetaDefender	Beforehand, Kiosk would group specific blocked reasons under special categories (e.g. Encrypted Archive & Password Protected Document → Password Protected). This would result in confusion when reading session summary reports and verifying specific file counts against the MetaDefender processing history. Blocked results are no longer grouped under special categories, they are grouped according to the result returned from MetaDefender.
Fixed
Blocked results directly reported from MetaDefender	Beforehand, Kiosk would group specific blocked reasons under special categories (e.g. Encrypted Archive & Password Protected Document → Password Protected). This would result in confusion when reading session summary reports and verifying specific file counts against the MetaDefender processing history. Blocked results are no longer grouped under special categories, they are grouped according to the result returned from MetaDefender.
Custom command line script not running	There was an issue with the component that runs custom command line script - failing to start and complete the configured actions. This has been fixed.
syslog CEF format	syslog messages sent in CEF were not formatted according to specifications which caused parsing issues in SIEM servers. The main body of the message is now sent in the Extension section and the log type is sent in the Name section. The severity level has also been corrected to meet the CEF specification.
Processing mobile phones with Vault	Fixed upload failures when attempting to process a mobile phone with MetaDefender Vault.

4.2.9

13 November, 2018	Feature release focused on email, user selection of copy-to directories and stability improvements
Features
Configuration to only send an email report when a blocked file is detected	The email report can now be specified to be sent only when a blocked file in a session is found, rather than sending an email after every session.
Allow users to select the folder structure of copied files	Users can now be allowed to select whether to create a high level directory for files to be copied to or maintain the same folder structure as the original processed media.
Fixed
Enhanced progress display for processing TIB files	Modified TIB processing experience to follow the archive processing flow. Files within a TIB are displayed during progress, the TIB itself is counted as one file & an indicator in the right hand corner will notify the user that an archive is being processed.
UI will remain responsive when processing large datasets	Processing large datasets would cause the UI to stop showing updated progress from being displayed near the completion of a session, giving the impression that the UI was hanging. Progress reporting has been modified to allow the UI to be responsive under large datasets for the duration of a session.
Finding users in groups assigned to workflow profiles	With a group assigned to a workflow profile, when a user would log in to Kiosk, there were instances where a user that is a member of the group was not correctly associated not provided the expected workflow profile. This has been fixed.
SD card detection failure	Certain SD card readers present information of the media differently, which caused the Kiosk to not detect it. Media detection has been updated to handle this case.
Hash verification when copying to a network share	Hash verification has been fixed to work with verifying files were copied correctly to a network share.
Translated strings not updating on the UI	A few translatable strings were not being updated for display in the UI. These have been identified and fixed. The default Japanese language strings have also been updated.

4.2.8

22 October, 2018	Maintenance release focused on Central Management compatibility
Fixed
Tab selection in Central Management	Scrolling through configuration sections has been removed in the latest Central Management 5.2.3. Overflow sections are now selectable from a dropdown menu.
Vault server configuration import from Central Management	Due to the change in how Vault server settings are saved in Kiosk, only partial Vault settings were being imported over. This has been rectified.

4.2.7

11 October, 2018	Feature release focused on media manifest validation and improvements for stabilized processing
Features
Media Manifest Validation	Previously, Kiosk only saved signed manifests to the media that had been processed. Kiosk can now be configured to validate and utilize results from a manifest found on the media to process.
Logo and Intro Text on Receipt Printout	A logo and introduction text can be configured to print onto a session receipt.
Fixed
Process failure logging is now more transparent	If Kiosk fails to send a file to the MetaDefender server, the reason will be displayed in the UI and session result log & printout. Any network connection errors contributing to failures or MetaDefender failures reported to Kiosk will be logged in the Application Log in the Kiosk Management Console. Messages will contain HTTP codes, description and network error messages to enable admins to take proactive action.
Updated bundled 7z component to version 18.05	Due to vulnerability issues with older versions, the bundled 7z binaries were updated to the latest version.
Retry logic improved when retrieving results from MetaDefender	In previous versions, if an error from MetaDefender prevented Kiosk from obtaining results, it would fail quickly and show that the file failed to process. Kiosk will now try harder to receive correct results from MetaDefender if a file has been successfully sent for processing.
Removed curl error logging when a session is canceled	Canceling a session can result in canceling active connections between the MetaDefender server & Kiosk. This would result in an unnecessary large amount of curl error logs that are now removed under this specific condition.

4.2.6

Release Date: 11 September, 2018

Features

• Added support for processing iPhones
• Ability for users to select which file handling actions to take
• Added support for DataLocker Sentry 3 FIPS
• syslog messages can output in CEF format

Fixed

• Files sizes are displayed when browsing files to process

• Added more display data to the session log & printout

  • File attributes, partition information, symbolic links found

• Fixed issues with session log generation

• Added ability to navigate through user questions

• Enhanced loading process upon startup

• Core quarantine results are now reflected in the Kiosk results

4.2.5

Release Date: 14 August, 2018

Features

• Offload processing to a Vault server connected to MetaDefender
• Ability to Pause and Resume file processing
• Enable/disable the Default workflow to restrict user login

Fixed

• Adjustments to automatic printing at the end of a session
• Fixed copying to a network share when a Remote Active Directory is configured
• Support copying between encrypted media of the same type
• Configurable footer printing for the session receipt

4.2.4

Release Date: 10 July, 2018

Features

• Added support for processing android phones
• Added support for processing within Acronis TIB files
• Ability to view and assign user groups to a workflow profile

Fixed

• Syslog messages can be configured to send over TCP
• Defined more event codes for syslog messages
• Enhanced ability to handle large nested directories
• WebMC session history will display if a result is from a hash lookup

4.2.3

Release Date: 12 June, 2018

Features

• Added LDAPS support for Remote AD servers
• Ability to set the apikey during installation
• Display file names of files in a large archive during processing

Fixed

• Extended syslog support to multiple servers
• Fixed login issue with users assigned to a workflow profile
• Corrected browsing for files in nested directories with similar names
• Improved the speed for copying files

4.2.2

Release Date: 21 May 2018

Features

• Functionality to alert if a popup is open on the underlying system
• Events can be configured to broadcast to a syslog server

Fixed

• File browse window can handle large number of files in a directory
• Fixed issue with querying users from a remote AD
• Ensuring a session ID is always generated for reports
• Updated Central Mgmt integration to further validate configuration settings
• Added ability to view the MetaDefender Privacy Policy from the Management Console

4.2.1

Release Date: 16 April, 2018

Features

• Ability to download files from Vault
• Configure session and file history CSV export run automatically
• Added support for Kingston DataTraveler 400 G2
• Email session reports to the logged in Kiosk session user

Fixed

• Modified font display with foreign languages
• Fixed issue with Central Mgmt settings import
• Enhanced various logging with more specific information

4.2.0

Release Date: 20 February, 2018

Features

• Rebranded Kiosk
• Ability to be managed by Central Management
• Added support for Kanguru Defender Elite 300
• Session and file history can be exported to CSV
• Kiosk can be configured to allow file handling to run automatically

Fixed

• Fixed issue with reporting wipe progress for large devices

• Improved media handling

• Added new configuration

  • allow users to skip entering passwords for McAfee drives
  • disable warning of network errors

• Enhanced license activation

4.1.1

Release Date: 30 November, 2017

Features

• None

Fixed

• Fixed issue in uploading files to SFT accounts when authentication is done by a custom authentication module
• Sanitized files are copied to temporary storage instead of original media
• Fixed issue in creating a new language
• Fixed issue where session finish time was reported incorrectly in Kiosk logs

4.1.0

Release Date: 26 October, 2017

Features

• Support for additional models of encrypted USB drives

  • Ironkey S1000
  • Ironkey D300
  • Kingston DataTraveler Vault Privacy 3.0
  • Kingston DataTraveler 2000
  • Kingston DataTraveler 4000

• Answers to user questions can be used in the path specified for post scan file handling

• When copying blocked files, administrators have the option of only copying files that have been sanitized

Fixed

• The Metadefender Kiosk Management Console now has a default password ('admin') after installation
• Cancelling a scan will cancel scans in progress on the Metadefender Core server
• Kiosk will retry scans that initially fail on the Metadefender Core server
• Improvements in the Japanese language keyboard
• Language keyboards can be disabled from the Kiosk UI

4.0.2

Release Date: 18 September, 2017

Features

• Metadefender Kiosk can be configured to check for existing scan results before sending a file to Metadefender Core

Fixed

• The Browse and Scan All options will not be displayed in the Kiosk UI if they are disabled
• Media wipes are now logged as sessions
• Media manifests are uploaded with files that are copied to a Metadefender SFT server
• Vulnerability details are displayed if Metadefender Core has the Metadefender Vulnerability engine enabled

4.0.1

Release Date: 28 July, 2017

Features

• Signed scan manifests can be written to processed media (requires Metadefender Core 4.8.0 or later)

Fixed

• Improvements in uploading files to a Metadefender SFT server
• Session scan logs are included in a configuration export

4.0.0

Release Date: 5 July, 2017

Features

• New Kiosk user interface
• Optional 'Disclaimer' Screen in Kiosk workflow
• Support for user selected language

Fixed

• Re-implementation of drive wipe functionality
• Move to new licensing mechanism
• 32-bit operating systems are no longer supported
• Minimum required version of Metadefender Core is 4.7.2
• Configuration can not be imported from versions prior to 4.0.0

3.4.6

Release Date: 25 July, 2017

Features

• None

Fixed

• Fixed issue where Kiosk sometimes didn't launch after system restart
• Minor bug fixes

3.4.5

Release Date: 25 April, 2017

Features

• Alert dialog shown to the user when a non-memory USB device is inserted
• Devices can be limited to those whitelisted by device ID

Fixed

• The only Metadefender Kiosk workflows included by default will be the 'Default' and 'Guest' workflows
• Mechanism to retrieve device serial IDs has been improved

3.4.4

Release Date: 14 March, 2017

Features

• None

Fixed

• Metadefender Kiosk will now attempt to detect a second media if the first one detected fails
• Error message shown when files can not be removed by Metadefender Kiosk

3.4.3

Release Date: 7 February, 2017

Features

• Support for USB Flash Security encrypted drives
• Option to whitelist files larger than a specified size
• Allow administrator to disable 'Process All' option

Fixed

• Addressed issue in using Kiosk over HTTPS
• Better handling of scan results from Metadefender Core 4.x
• System files on Bitlocker encrypted devices can optionally be excluded from scanning

3.4.2

Release Date: 13 December, 2016

Features

• Metadefender Kiosk can now be configured to abort scans as soon as a blocked file is found
• Multiple Metadefender Core servers can be defined for redundancy
• Support for wiping encrypted USBs
• Alert sound can be customized

Fixed

• Better reporting of mismatched files that are found within archives
• SMTP settings for emailed session reports are now configured globally
• Estonian keyboard layout is now supported for the onscreen keyboard
• Options for handling multiple partitions have been simplified to either block devices with multiple partitions or scan all available partitions

3.4.1

Release Date: 9 November, 2016

Features

• None

Fixed

• Kiosk user will now be prompted to confirm before destination media is wiped before files are copied to it

3.4.0

Release Date: 27 October, 2016

Features

• Each Metadefender Kiosk workflow specifies a specific Metadefender Core workflow or rule to use
• Files identified as potentially vulnerable by Metadefender Core's vulnerability engine are shown in the scan results
• Metadefender Kiosk will now scan the boot sector of any media

Fixed

• The Metadefender Kiosk session log page user interface has been updated
• Potential security vulnerability with Ctrl-L key combination has been closed
• Better handling of McAfee encrypted USB devices
• Requires Metadefender Core 3.12.4 or later

3.3.6

Release Date: 30 September, 2016

Features

• Built in user authentication now supports remote Active Directory authentication.
  • Note that for remote Active Directory authentication provided user credentials are not used when files are copied as a post action.

Fixed

• Metadefender Kiosk will validate SSL certificates when using HTTPS to communicate to the Metadefender Core server. If Metadefender Core is using a self-signed certificate, this certificate must be installed on the Metadefender Kiosk machine, otherwise validation will fail.
• The Metadefender Kiosk UI will reset after the scanned media has been removed when at the scan results page

3.3.5

Release Date: 1 September, 2016

Features

• Encrypted drives can now be used as the "Copy To" destination
• Drives that are being copied to can now be wiped before files are copied

Fixed

• Server settings for e-mail notifications are now configured in Metadefender Kiosk instead of in Metadefender Core

3.3.4

Release Date: 8 July, 2016

Features

• Compatible with Metadefender Core 4.4 and later versions
• Support for Kanguru 2000 and 3000 encrypted USBs
• More flexibility allowed in the destination directory when "Copy To" post action is enabled
• Scan session log can be saved as a PDF

Fixed

• High security workflow included by default in installation
• Kiosk UI now scales to higher resolutions
• Count of files sent to a Metadefender Secure File Transfer server added to Management Console dashboard

3.3.3

Release Date: 31 May, 2016

Features

• Non-guest Metadefender Kiosk profiles can now upload to Metadefender SFT guest accounts

Fixed

• Updated onscreen Japanese keyboard
• Metadefender Kiosk can now be used with a Metadefender Core server that has an API key set
• Fixed bug where files on read-only media that are sanitized were not getting copied as part of the file handling part of the workflow
• Several hotkeys are now automatically disabled when the UI is running
• Additional minor bug fixes

3.3.2

Release Date: 19 April, 2016

Features

• Scan reports can now be sent by e-mail after the scanning session is complete
• The file upload chunk size for uploading files to a Metadefender SFT server is now configurable.

Fixed

• The sender e-mail address is no longer required when uploading files to a Metadefender SFT server
• Additional strings have been added to the Kiosk UI and can be modified through the Management Console
• The encryption method for passwords saved in the Metadefender Kiosk configuration has changed. Importing configuration from versions prior to Metadefender Kiosk 3.3.2 will not import passwords.

3.3.1

Release Date: 15 March, 2016

Features

• None

Fixed

• Better cancellation of a scan in progress
• Fixed issue when browsing blank media
• Correct detection of unencrypted Kanguru devices
• Database and Windows events can be viewed through the Management Console

3.3.0

Release Date: 30 January, 2016

Features

• The name of the product is now Metadefender Kiosk
• Administrators have the option to restrict access to domain users when Windows authentication is enabled

Fixed

• Fixed bug in importing saved configuration
• IIS Express component has been upgraded to version 8.0

3.2.0

Release Date: 23 December, 2015

Features

• Metadefender now uses Metascan workflows (Metascan versions 3.10.1 and later)
• Custom authentication modules are supported
• Windows 10 support

Fixed

• None

3.1.0

Release Date: 31 October, 2015

Features

• Metascan functionality can now be configured within the Metadefender Management Console. This is only supported for Metascan servers version 3.9.5 or later.
• Support for floppy disks as the copy destination in post-actions

Fixed

• Custom time periods can be set for the statistics displayed on the Metadefender dashboard

3.0.12

Release Date: 30 September, 2015

Features

• Upload to Policy Patrol Secure File Transfer (Requires version 2.2 or later of SFT) is now available as a post action
• The Metadefender Management Console has an updated look and feel, matching the Metascan Management Console

Fixed

• The security and compatibility of the Metadefender Management Console has been improved by replacing the PHP component with JavaScript
• Stability of the data sanitization post-action has been improved
• Fixed issue where floppy disk drives on non-English operating systems were not being recognized
• Fixed issue where in certain circumstances Metadefender might not start automatically upon system restart

3.0.11

Release Date: 31 August, 2015

Features

• None

Fixed

• Updated kiosk UI strings for non-English languages

• Improved support for

  • Ironkey D250 encrypted USBs
  • Kanguru Elite Defender 30 USBs
  • Kingston encrypted USBs

• If Windows authentication is enabled, non-local (i.e. domain) users are now required to specify their domain

3.0.10

Release Date: 30 July, 2015

Features

• None

Fixed

• Resolved issue where files would fail to copy to network locations when SHA-256 hash verification was enabled
• Resolved issue in displaying large number of files in Metadefender's browse dialog
• Support for file type conversion from image files has been removed. Conversion from PDF is now only supported to sanitized PDF. For customers that will be exporting Metadefender workflows that used this functionality OPSWAT recommends that these conversions are disabled before exporting.

3.0.9

Release Date: 30 June, 2015

Features

• None

Fixed

• Reduced the latency in loading workflow configuration when there are many user accounts on the associated active directory server
• Resolved race condition where Metadefender occasionally did not start upon system startup when installed on Windows 8 or newer operating systems
• Improved behavior when multiple instances of Metadefender are running on the same system

3.0.8

Release Date: 22 May, 2015

Features

• Windows 8.1 and 2012 R2 are now supported
• Buffalo RUF2-hsc-2gt Encrypted USBs are now supported
• McAfee Complete Data Protection Encrypted USBs are now supported
• EncryptDisc media is now supported
• Kanguru Defender Elite 30 USB devices are now supported
• Metadefender Idle Screen can be customized
• German and Korean translations of the Metadefender kiosk UI

Fixed

• Hashes of files are re-verified when the 'Copy To' post action command is used
• Better handling of network failures when scanning with a remote Metascan server

3.0.7

Release Date: 22 December, 2014

Features

• Scan logs can be saved to the media being scanned
• Recent sessions now listed in the Metadefender Management Console logs page
• Support for Buffalo SecureLock encrypted devices
• Receipt can be configured to print automatically

Fixed

• More details available in the scan result screen for files that failed to scan
• Kiosk user can be alerted when Metadefender license is close to expiration
• New HTML documentation available through the Management Console
• Romaji input supported on Japanese keyboard
• More robust support for Kingston DataTraveler encrypted USBs
• Bitlocker encrypted drives are now supported on Windows 8.1
• Other minor changes

3.0.6

Release Date: 4 November, 2014

Features

• Support for Ironkey D250 encrypted USBs
• Support for BitLocker (password) encrypted devices
• Vietnamese and Japanese user interface available by default

Fixed

• User account credentials used for post actions when Windows authentication is enabled
• Better indication when potential threats are found
• Additional scan result details included in text log file
• Debug log package available for download in Management Console
• Additional printout configuration options

3.0.5

Release Date: 1 August, 2014

Features

• Added Support of KIOSK UI localization
• Added predefined KIOSK UI Localization for Hebrew & Arabic
• Added additional predefined profiles
• More configuration for printouts

Fixed

• Fixed error when scanning empty media
• Improved accuracy of timestamps in logs
• Improved error handling and logging for errors
• Updated logs to include scan failure reason
• Clearer notification when a threat is found
• Add ability to set password in Metadefender Management Console
• Various bug fixes

3.0.4

Release Date: 8 May, 2014

Features

• Copy to user provided media as post-action
• Username is available as a variable in post-actions when Windows login is enabled

Fixed

• Improved archive handling
• Improved physical keyboard support
• Scan is aborted if connection with Metascan server is interrupted (when Metascan is on separate machine)
• Improved handling when Metascan server is operating at maximum capacity
• Fixed potential issue where Metadefender failed to launch due to latency of Windows desktop preparation
• Better logging for interruptions during post processing
• Minor bug fixes
• UI improvements

3.0.3

Release Date: 8 November, 2013

Features

• None

Fixed

• Fixed print formatting issues

3.0.2

Release Date: 27 September, 2013

Features

• Search for processing result by file upload
• Ability to export processing logs
• Allow search results to be bookmarked for later reference
• Display more detailed progress during file enumeration
• Improved Metadefender Management Console
• Improved formatting for built-in kiosk printers

Fixed

• Fixed bug that was preventing restoration of default and guest profiles
• Prevent users from being added to more than one workflow profile

3.0.1

Release Date: 5 July, 2013

Features

• User Authentication
• Customizable User Profiles
• Configurable User Questions
• Filtering by File Type
• Web-Based Metadefender Management Console
• System Restore with Deep Freeze
• File Type Conversions
• Enhanced Post-Processing Options
• New End User Workflow
• Option to Restart After Each Session
• Comprehensive Logging for all Processed Files
• Support for Kingston encrypted USB drives
• Handling USB with partially corrupted file system