Release Notes

MetaDefender Kiosk 4.7.6


14 June 2025 (Kiosk 4.7.6.3642)


Fixed Bugs


Fixed invalid Core setup and blank Core console page due to exhausted connections

Fixed an issue in Kiosk 4.7.6 where repeated checks of the embedded Core engine status may exhaust available connections in some cases. This caused the Kiosk to display an "Invalid Core Setup" message and the Core management console to appear blank.

Fixed Self-scan skipping all files when using Core 5.14.2

Fixed an issue in Kiosk 4.7.6 where the Self-scan feature skipped all files when used with Core 5.14.2

Fixed double printing in Automatic Print feature

Fixed an issue in Kiosk 4.7.6 where “Automatic Print” feature triggered printing twice instead of once.

Fixed MFT transfer failure over HTTPS

Fixed an issue where Kiosk failed to transfer files to MFT over HTTPS when SSL certificate verification was disabled. This affected Kiosk versions 4.7.5 and 4.7.6

23 May 2025 (Kiosk 4.7.6.3514)


New Features


Centralized YARA and file hash management via CM10

Central Management now supports centralized importing of YARA rules and file hashes via REST API. Kiosk will seamlessly apply these items to the embedded Core engine, enabling streamlined, centralized policy enforcement across all connected Kiosk devices.


Flexible icon visibility controls

Administrators can now choose to hide interface icons entirely or tuck them under the dropdown menu (“…”). These new options give you finer control over the Kiosk UI and let you deliver a cleaner, more customized experience for end users.


Supervisor MFT approval bypass option

Kiosk introduces a new setting that allows administrators to bypass supervisor MFT approval directly from the Kiosk console. This provides greater flexibility for configuring diverse use cases and streamlining workflows.


Optional domain selection for active directory login

Kiosk now offers administrators the option to enable domain selection on the login screen when integrated with Active Directory. Enabling this feature displays a domain dropdown, helping users select the correct domain and simplifying the login experience.


Enhanced validation for predefined question responses

Administrators can now specify input formats for predefined questions, choosing from free text, number, email, or custom regular expressions (Regex). Users must enter data in the required format to proceed, improving data accuracy and consistency.


New scanning engine status indicator

The Kiosk UI now displays a status indicator for scanning engines. If an engine encounters issues, a warning (exclamation mark) or critical (cross) icon will appear, signaling the severity. This enhancement improves user awareness and helps administrators quickly identify and address engine problems.


Kiosk supports integration with MetaDefender Drive

Kiosk now supports direct integration with MetaDefender Drive. When an MD Drive is connected, Kiosk automatically uploads stored scan reports to the enrolled Central Management, removing the need for separate SDK installation and configuration.


Enhancements


Enhanced media detection across all Kiosk processing screens

Kiosk now detects inserted media (e.g., USB drives) from any screen. When media is inserted, a popup notification confirms detection. If media is inserted while on the Welcome screen, Kiosk will automatically proceed to the User Agreement screen and begin the scanning process. On the Media Detection screen, the detected media is automatically selected for scanning, streamlining the user experience


Manage scanning engines from Central Management

Kiosk now supports managing scanning engines via My OPSWAT and OPSWAT Central Management, enabling easier configuration and consistent engine updates across multiple devices.


Option to disable SD Card scanning

Kiosk now provides the ability to disable SD card scanning. This allows administrators to tailor the interface for a cleaner, more streamlined user experience when SD card support is not required.

Improved display for Smart Card or RFID as primary login option

When Smart Card or RFID authentication is enabled, Kiosk will now display it as the default login method. Users can still switch to username and password login if preferred, providing flexibility while prioritizing secure access.


Additional client identifier is included when uploading files to MetaDefender Core and MFT

When uploading files to MetaDefender Core and MFT, Kiosk now sends additional client identifiers (hostname, Kiosk ID, username and timestamp) to Core and MFT. This improves My OPSWAT’s ability to correlate data and enhances traceability for each scanned file.

New ‘Scanning Configurations’ tab in Kiosk console

Kiosk now includes an additional ‘Scanning Configurations’ tab, enabling administrators to configure basic workflow settings directly within the Kiosk console. More advanced settings will be introduced in future releases to further enhance this feature.


Improved display during file scan initialization

In previous versions, Kiosk displayed “0 files found” while searching for files to process, which caused confusion for end users. This has been improved to show “Initializing...” during the search to provide clearer feedback.


Improved unsent scan report synchronization

Kiosk will now automatically synchronize any unsent scanning reports (for example, due to connectivity disruptions) to My OPSWAT once the connection is restored. Additionally, when a Kiosk instance is newly enrolled, any existing locally stored scan data will be sent to My OPSWAT, ensuring improved data consistency and completeness.

Enhanced “About” page with system details

The Kiosk “About” page has been enhanced to display additional details, including the Core version, hardened image version, hardware specifications, service tag, and more. This expanded view provides valuable information for support and troubleshooting, improving the overall customer experience.


Unified Kiosk About page in Central Management

The Kiosk About page in Central Management is now aligned with the version displayed on the Kiosk console, ensuring consistency and improving usability across platforms.

Improved CD/DVD scanning performance

Kiosk now optimized CD/DVD scanning to reduce scan time and enhance the overall user experience, ensuring faster and more efficient processing of optical media.

Support for manifest generation with Unicode characters in file names

Kiosk now fully supports generating manifest files containing Unicode characters in file names (e.g Japanese). By leveraging Unicode APIs and converting file names to UTF-16, Kiosk ensures reliable manifest creation across systems with different locale settings and code pages, enhancing compatibility and reducing encoding-related issues.

Revert customization settings to default

Kiosk now includes an option to revert customization settings, such as logo, color scheme, and other visual elements, back to their default values, making it easier to undo changes and restore the original appearance.


Secondary logo now displayed on session end screen

Kiosk now displays the secondary logo on the session end screen, aligning with branding customizations and improving visual consistency across the user experience.

Improved Hebrew translation in Kiosk UI

Kiosk UI improved Hebrew translations, providing a clearer and more accurate user experience for Hebrew-speaking users.

Enhanced support for simultaneous SharePoint and Entra ID (OIDC) integration

Kiosk now supports configuring SharePoint and Microsoft Entra ID (OIDC) simultaneously. Files are correctly transferred under the authenticated user’s credentials, ensuring accurate file handling across both MFT and SharePoint/OneDrive workflows.

Support for export and import of offline activated Core

Kiosk now supports exporting and importing configurations of MetaDefender Core instances that were activated offline or via volume license on Central Management. This will also allowed Kiosk Hardened Image to be upgraded with offline-activated Core

Enhance Kiosk Hardened Image Upgrade for greater stability and error handling

Enhanced Kiosk Hardened Image Upgrade with improved stability and bug fix. Critical failures (such as failed to backup Core license) during configuration restoration are now logged in the upgrade history, and ensure the system will automatically roll back to a stable state when needed

Security enhancements

Various security issues have been addressed to enhance the overall security of the system

Bugs


Resolved Error when saving Syslog settings

Resolved an issue that caused an “Error Saving” message when setting up a Syslog server in Kiosk. The problem was related to how log level settings were handled. With this fix, Syslog configuration now works as expected, regardless of the selected log level.

Known issues


Backup and restore fails with embedded Core using HTTPS certificate requiring passphrase

Kiosk cannot perform backup and restore when the embedded Core is configured to use HTTPS with a certificate that requires a passphrase.

Upgrade fails when Network Policy Hardening is enabled

When the Network Policy Hardening is enabled, certain network services are disabled as part of the security configuration. This prevents some components (such as firewall and network settings) from being backed up, causing the Kiosk upgrade process failed.

Self-scan skips all files

Self-scan feature in Kiosk 4.7.6 does not work as expected with Core 5.14.2. When initiated a self-scan, all files are skipped.

MetaDefender KIOSK Documentation

The users can consult this web page or, alternatively, they can download the manual in pdf format from the link below:

MetaDefender KIOSK manual (SHA256: A930037A9B3EAEFAC901ED4630530C2E49FE40248E7818A992BD2DCBB07D5C8D).

OPSWAT MetaDefender AGD Documentation_v1.9 (SHA256: EEDDE2A51E95779986204CBB764878B339D2C3E15952D50A15FC8FF60BAD855C).