Latest (v7)

We will cover a running list of new features and releases with the latest always placed at the top.


Please upgrade your Linked Account Roles to v1.12 or later BEFORE upgrading your console/agent to v7.

If you do not upgrade your Linked Account Roles then you could experience problems when using EventBridge. Click here to learn more about Linked Account Updates.

Please also note, you'll also need to upgrade your console/agent to the latest current version you're currently on before you can upgrade to the next major version.

For example, if you are on v5, you'll need to upgrade to the latest version of v5, then upgrade to the latest of v6, then finally upgrade to v7.

If you are deployed using public subnets then you are most likely using our subdomain to connect to your Management Console. The SSL Certificate associated with that domain name was renewed as of v7.08.000. Please upgrade to this console version or later to avoid any SSL browser errors.

June 2024 - Console: V7.09.000, Agent: V7.09.000

In this release:

Private Deployment CloudFormation Template

  • If you need a way to deploy privately but aren't sure which subnets to use from your current VPCs, you can use our private deployment CFT to create a new VPC with all of the resources (subnets, VPC endpoints, etc.) needed to deploy your Management Console and scanning agents in a fully private environment

Ability to disable classification through the Management Console

  • You can now disable Data Classification through the License Management page of your Management Console

CXMail findings are now marked as suspicious instead of infected

  • The Sophos scanning engine has a CXMail identity that is specific to files sent over email channels. This finding while useful, does not fully apply to cloud storage mediums. Because of this, we are re-categorizing all findings under the CXMail identity to be found as suspicious. If you come across a CXMail finding we recommend you run a static or dynamic analysis to see if the file is legitimately malicious

Various Improvements and Bug Fixes

  • Large File Scanning EC2 instances are labeled with names identifying them as instances stood up by Cloud Storage Security

  • Job Networking selection of us-west-1 fixed

  • Improvement to Notifications Filters

  • Data Classification error fixed for EFS volumes

v7.09.000 CloudFormation Template


v7.09.000 Private

May 2024 - Console: V7.08.002, Agent: V7.08.002

In this release:

  • A fix for page errors when the Management Console is trying to display 100+ linked accounts

  • Broken linked account Management Console API functions

  • Scheduled job bug fixes

v7.08.002 CloudFormation Template


May 2024 - Console: V7.08.001, Agent: V7.08.001

In this release:

  • A fix for EBS volumes that were failing scanning

v7.08.001 CloudFormation Template


April 2024 - Console: V7.08.000, Agent: V7.08.000

In this release:

Ability to use S3 Inventory Reports for crawling

  • Users now have the option to leverage existing S3 Inventory Reports to collect the list of objects when initiating a retro scan of S3 buckets. Note: If chosen buckets are not included within the S3 Inventory Report selected, those buckets will not be scanned during the job.

EFS: Scan Existing AV & DC

  • We've added the ability to scan pre-existing EFS Volumes for malware or against user-selected classification rule sets.

FSx: Scan Existing AV & DC

  • We've added the ability to scan pre-existing FSx Volumes for malware or against user-selected classification rule sets.

Controls to determine whether to upload files matched by the Classification API

  • When using the Classification API, you can now control whether all files are uploaded upon scan, or only those that have not been matched by your chosen Classification Rule Set.

Various Improvements and Bug Fixes

  • Display subnet in Job Details

  • No longer show resources from inactive linked accounts

  • Storage Breakdown data consistency

  • Permission issue preventing Console Logs from being tagged properly

  • Fixed issue preventing Large File Scans being triggered via API

v7.08.000 CloudFormation Template


IMPORTANT to get the SSL Cert up to date, and keep your DNS secure.

April 2024 - Console: V7.07.001, Agent: V7.07.001

In this release:

  • Improved handling for EBS scanning quotas

  • A fix for EBS volume scanning in GovCloud

v7.07.001 CloudFormation Template


March 2024 - Console: V7.07.000, Agent: V7.07.000

In this release:

Scan Stability Improvements

  • Handling of S3 rate limiting when scanning a large number of S3 objects

  • Handling of EBS Service Quotas, ensuring we don’t use all of the customer’s quota, or try to run jobs when we don’t have the space required

Trial Notification Improvements

  • Data remaining notification 100, 50, 25, 0GB left of free trial data

  • Expiration notification: 7, 3, 1, 0 days left on free trial

Added support for FSx Lustre volumes

  • We now support schedule-based virus scanning and data classification for FSx Lustre volumes

Added support for EBS Scan Existing - DC

  • You can now classify pre-existing data in EBS volumes.

EBS and LFS Scanning Improvements

  • We've migrated both EBS Scanning and LFS Scanning to leverage the new EBS on Fargate integration

Central Job Networking Configuration page

V7.07.000 CloudFormation Template


March 2024 - Console: V7.06.004, Agent: V7.06.004

In this release:

  • A patch to fix an issue related to scanning of FSx volumes

  • A patch to fix an issue related to deployment of our solution using a private environment with a proxy

v7.06.004 CloudFormation Template


March 2024 - Console: V7.06.003, Agent: NA

In this release:

  • A patch to fix an issue with SSO functionality communicating with integrated IDPs.

v7.06.003 CloudFormation Template

v7.06.003 CFT

February 2024 - Console: V7.06.002, Agent: NA

In this release:

  • A patch to fix an issue with FSx volumes being retrieved and displayed in your AV Console.

v7.06.002 CloudFormation Template

v7.06.002 CFT

February 2024 - Console: V7.06.001, Agent: V7.06.001

In this release:

  • A patch to surface logs related to FSx volumes and scanning for those volume types.

v7.06.001 CloudFormation Template

v7.06.001 CFT

February 2024 - Console: V7.06.000, Agent: V7.06.000

In this release:

API Scanning for Data Classification

  • You now have the ability to classify text-based documents and scan for PII using API agents.

  • All you need to do is enable the Configure Classification toggle and select the rule set(s) you want to use for classification. After this anytime a file is sent to your API endpoint we will classify it and provide information on whether it contains PII against the rule set(s) you've selected.

FSx OpenZFS volume types

  • We now support schedule-based virus scanning and data classification for FSx OpenZFS volumes

  • We will add support for additional FSx file systems in future releases. If you need a specific file system supported sooner please Contact Us.

Console Checker Tool

  • During deployment of our Management Console we will now perform a series of checks of your environment to ensure that the VPC, Subnets, CIDR range, etc. have been set properly and are compatible with our deployment.

Proactive Notifications for Data Consumed

We have added a Proactive Notification Type which you can use to notify when you are running low on prepaid data.

Scan using multiple engines via API

  • You can now use multiple engines to perform API scans either by using the default configuration you've set on the Scan Settings page or by setting API specific engines.

Use pre-existing Load Balancers for Management Console

  • If you would like to use a Load Balancer for your Management Console you can now assign a pre-existing LB that you have stood up instead of creating a new one from scratch through the CFT.

  • Our CloudFormation Template now allows specifying the existing target group ARN. If the ARN value is specified, the CFT will register the ECS Console Service with that Target Group instead of creating a new LB.

v7.06.000 CloudFormation Template

v7.06.000 CFT

January 2024 - Console: V7.05.000, Agent: V7.05.000

In this release:

Classify pre-existing objects in S3 buckets

We've added the ability to scan pre-existing objects stored in S3 buckets against user-selected classification rule sets by selecting Scan Existing - DC through the Actions menu on the Bucket Protection page.

Advanced Scan Setting: Files to process in parallel

This setting controls how many files are scanned at the same time by your scanning agent(s), when using Sophos or CrowdStrike. It is designed to be used in scenarios where small, compressed files are unexpectedly triggering Large File Scans.

We recommend that you do not modify this setting, and use the default value. It should only be changed in the scenario where you are scanning small, compressed files resulting in unnecessary Large File Scans being initiated.

Various Bug Fixes:

  • Improvements to Unhealthy Event Agent SNS Topic Proactive Monitor

  • Eliminated false-positives when detecting unhealthy Event Agent topics, and improved the message body when delivering notifications

  • Resolved issue with Smart Scan sometimes deleting the SNS subscription

  • Resolved an issue where S3 buckets in linked accounts were not showing the proper protection status in the console

v7.05.000 CloudFormation Template

v7.05.000 CFT

December 2023 - Console: V7.04.004, Agent: V7.04.002

**VERY IMPORTANT** Critical to update your Console If you are running a previous version of v7.04 we recommed that you upgrade to this latest patch immediately.

In this release:

  • A patch to resolve an AWS Marketplace billing issue we identified that may affect a small number of customers running previous versions of v7.04.

v7.04.004 CloudFormation Template

v7.04.004 CFT

December 2023 - Console: V7.04.002, Agent: V7.04.001

The Scan Existing function for our API scanning model was not metered correctly through AWS Marketplace and you may not have been previously charged for retro data scanning. We introduced a fix in this version to resolve this so you may see your scanning bill increase depending on if you are using the Scan Existing function through our API scanning model.

In this release:

Scheduled Scanning for FSx Volumes

  • We now support schedule-based virus scanning and data classification for FSx volumes.

  • Currently we only support the NetApp ONTAP file system, however we will add support for additional file systems in future releases. If you need a specific file system supported please Contact Us.

Universal Gigabyte Scanning

  • Soon you will be able to purchase data for any scan type (new data, pre-existing data) without having to worry about what type of data you are scanning.

Job Monitoring Insights

  • We now show additional details for each scan job you start including account, container, results, and job logs directly in your Management Console.

Various Bug Fixes:

  • Fixed EFS job networking

  • Resolved issue with schedules if Data Classification custom rule sets have been deleted

November 2023 - Console: V7.03.000, Agent: V7.03.001

In this release:

AV Two-Bucket System Configuration

  • The Two-Bucket System allows moving objects to a different bucket and/or prefix after being successfully scanned as Clean. All other result types -- Infected, Error, Unscannable -- remain in the protected source bucket

  • This system can be configured within Configuration > Scan Settings

  • When leveraging this capability, the promotion of the clean files is handled directly within the agent and eliminates the need for a Lambda Function to promote the files

EBS Scanning for Linked Accounts

  • We now support schedule-based virus scanning and data classification for the EBS volumes within your linked accounts

  • The volumes from your linked accounts will appear within your EBS Protection page as well as the Schedule creation interface

  • Please note that you must first update the Linked Account CFT for each of your linked accounts to take advantage of this capability

EFS Volume Inventory for Linked Accounts

  • We will not display the EFS volumes that reside within your linked accounts by default. If you would like to display volumes that reside in linked account, there is a toggle within the EFS Protection page to show/hide these volumes

  • The ability to scan these volumes will be included in a future update

  • Please note that you must first update the Linked Account CFT for each of your linked accounts to take advantage of this capability

Refresh List of EBS and EFS Volumes

  • Using the Actions dropdown within both the EBS and EFS Protection pages, you can now manually refresh the list of volumes

Unique Job IDs

  • Each Job will now display a unique ID within the Monitoring > Jobs page

  • This ID will also be present within the CloudWatch logs, allowing you to easily link logs to specific jobs that have run

Changes to default date range when loading date-based reports

  • When loading reports that display data based on date, the report will now default to showing the full previous day and full current day. Prior to this change it would default to the previous 24 hours from when the report was viewed

  • Reports updated: Problem Files, Jobs, Notifications

EventBridge Notifications

  • Added the possibility to send proactive notifications to EventBridge in Console Settings > AWS EventBridge Proactive Notifications

  • This will send the notifications to the selected event bus, where you can create rules to send the notification somewhere else. e.g. CloudWatch

Management API

  • Additional function to allowing assigning Linked Accounts to Groups on creation

  • Added Manage Groups endpoints

Various Bug Fixes:

  • Fixed EventBridge Scanning for linked accounts

  • Fixed Cognito issue breaking Manage Users and Manage Groups pages

  • Maximize the amount of buckets and capacity of protection

  • Improved clean up for stale jobs (retro, LFS, etc.)

v7.03.000 CloudFormation Template

v7.03.000 CFT

October 2023 - Console: V7.02.002, Agent: NA

In this release:

  • Allow assigning Linked Accounts to Groups on creation

v7.02.002 CloudFormation Template

v7.02.002 CFT

October 2023 - Console: V7.02.000, Agent: V7.02.000

In this release:

  • Problem Files/Findings Page Improvements

    • Unclassifiable results now show in the DC findings as a Classification Result Type

  • Retrying Static & Dynamic Analysis

    • You can now retry performing a Static or Dynamic Analysis

    • Sophos updates their Static and Dynamic analysis library periodically and retrying an analysis at a later time can yield a different or more informative result. If an analysis failed the first time around you can also retry it.

  • Rescanning for large files is now available

  • Multi-engine rescan

    • When rescanning files you can now select the engine to rescan with and perform the rescan with multiple engines.

  • API Agent Allowed Request Origins Configuration (CORS)

    • If you are embedding our scan API within a web app, you can now specify the web app domain(s).

  • Various Bug Fixes:

    • EBS Data Classification fixes and improvements

    • Monitoring page fixes

v7.02.000 CloudFormation Template

v7.02.000 CFT

September 2023 - Console: V7.01.001, Agent: V7.01.001

In this release:

  • EBS and EFS Scheduled Scanning

    • We now support schedule-based virus scanning and data classification for EBS volumes and EFS volumes

    • EBS Virus Scanning and Classification supports Linux and Windows (FAT4, XFS, NTFS, exFAT. FileSystems)

    • You can now have a schedule that scans and classifies a mixture of S3 buckets, EBS and EFS volumes

Please note that you must first stage a region to run a scan on any EBS volume within that region, if you have not already deployed a scanner within that region.

This will be corrected in a patch, afterwhich you will be prompted to configure the region when activating your schedule.

  • Problem Files Rescan Functionality

    • You now have the ability to rescan any problem files that are found to be infected, unscannable, suspicious, or have an error.

    • If a file is found to be unscannable or produces an error upon being scanned, we will not charge you for the data that scan used. Once you rescan, if the file is scanned successfully and is found to be clean, infected, or suspicious the scan will count towards your scanning data.

  • Proactive Monitoring

    • This is the first version of our Proactive Monitoring functionality. This will be part of a larger release where we will implement modules to monitor certain parts of your deployment

    • Your Console and Agent will detect issues and create CloudWatch alarms to notify you of a broken deployment. This iteration monitors the following:

      • Event Agent SNS Topic or Access Policy doesn't exist

        • Re-create SNS topic and automatically fix Access Policy

      • Invalid ECS Task Running

        • Performs an analysis on resources to determine if the Task is running when it should not.

          Unhealthy status means:

          • ScanQueue job status is not running

          • SQS Queue is missing

        • A notification email will be sent informing you of an unhealthy region

      • Console Health Check

        • If the Console is found to be unhealthy we will send a notification when the CloudWatch Alarm Status changes

  • Updated Protection Section in Management Console Navigation

    • Protection now links to pages for your S3 Buckets, EBS Volumes, EFS Volumes, and WorkDocs Connections

  • Various Bug Fixes:

    • API Agent Cross Region Scanning Fix

    • Scan Now improvement on scan schedules

    • WorkDocs icon in Problem Files table

    • CloudTrail Integration Fix

    • Large File Scanning improvements and fixes

v7.01.001 CloudFormation Template

v7.01.001 CFT

August 2023 - Console: V7.00.004, Agent: NA

In this release:

  • Various Bug Fixes:

    • Extra large file scanning and EC2 error

v7.00.004 CloudFormation Template

v7.00.004 CFT

August 2023 - Console: V7.00.003, Agent: NA

In this release:

  • Various Bug Fixes:

    • AWS Marketplace metering reporting

v7.00.003 CloudFormation Template

v7.00.003 CFT

July 2023 - Console: v7.00.002, Agent: v7.00.000

In this release:

  • Secure Your Managed File Transfer: Cloud Storage Security + AWS Transfer Family

    • Ensure the data that is moved into Amazon S3 via AWS Transfer Family is free of ransomware, viruses, trojans and other payloads by scanning it inline with Antivirus for Amazon S3

    • Integrated AWS Partner Solution created for simple, single-click install of both solutions. Be up and running with both solutions in under 15 minutes

    • Check out the Integrations page for more details

  • Event Bridge Support in Console

    • In November of 2022 we released Event Bridge support through our management API. As of v7.00.000, you can now protect your buckets with Event Bridge or with S3 Event Notifications protection through the Console and if there is a conflict we will best match protection method to resolve the conflict

    • For example, if you select multiple buckets to protect with event-based. scanning and some of them contain conflicts we will protect the conflict buckets with Event Bridge (after you acknowledge this in the popup modal) and the rest will be protected with S3 Event Notifications. If you decline in the modal we will not protect those conflicted buckets.

    • If Protect with Event Bridge is enabled globally from Scan Settings then we will protect all selected buckets with Event Bridge without acknowledgment.

    • Learn more on the Bucket Protection and Scan Settings pages on how Event Bridge helps to resolve event-based scanning on conflicted buckets

Protecting buckets with Event Bridge will incur additional AWS charges. If enabled globally, we will not go back to currently protected buckets and switch their current protection method.

  • API Scanning Agent

    • Updated Load Balancer SSL certificate from TLS 1.2 to 1.3

    • Additional engine choices for scanning now include CrowdStrike and ClamAV

Multi-engine API scanning will be coming in a future release.

Please note, that if the application you have integrated API scanning into only supports TLS 1.2 you will need to upgrade it to support TLS 1.3. Otherwise your application will not be able to successfully communicate with our API Scanning Agent.

  • Problem Files

    • Pagination Improvements

    • CSV export improvements

  • Various Bug Fixes

    • Better character handling for file paths

    • Resolved problem file allow once/permanently error when infected file handling is set to Keep

    • Scanning agent logging and updates improvements

    • SQS Queue messages handling

v7.00.002 CloudFormation Template

v7.00.002 CFT

Last updated