Cloud Storage Security Help Docs
Release Notes
  • Introduction
  • Getting Started
    • How to Subscribe
      • Pay-As-You-Go (PAYG)
      • Bring Your Own License/GovCloud (BYOL)
      • AWS Transfer Family
    • How to Deploy
      • Steps to Deploy
      • Advanced Deployment Considerations
      • AWS Transfer Family
    • How to Configure
  • Console Overview
    • Dashboard
    • Malware Scanning
      • AWS
        • Buckets
        • Amazon EBS Volumes
        • Amazon EFS Volumes
        • Amazon FSx Volumes
        • WorkDocs Connections
      • Azure
        • Blob Containers
      • GCP
        • GCP Buckets
    • See What's Infected
      • Findings
      • Malware History
      • Results
    • Schedules
    • Monitoring
      • Error Logs
      • Bucket Settings
      • Deployment
      • Jobs
      • Notifications
      • Storage Assessment
      • Usage
    • Configuration
      • Classification Rule Sets
      • Classification Custom Rules
      • Scan Settings
      • Console Settings
      • AWS Integrations
      • Job Networking
      • API Agent Settings
      • Proactive Notifications
      • License Management
      • Event Agent Settings
    • Access Management
      • Manage Users
      • Manage Accounts
        • Linking an AWS Account
        • Linking an Azure Account
        • Linking a GCP Account
      • Manage Groups
    • Support
      • Getting Started
      • Stay Connected
      • Contact Us
      • Documentation
  • Product Updates
  • How It Works
    • Scanning Overview
      • Event Driven Scanning for New Files
      • Retro Scanning for Pre-Existing Files
      • API Driven Scanning
    • Architecture Overview
    • Deployment Details
    • Sizing Discussion
    • Integrations
      • AWS Security Hub
      • AWS CloudTrail Lake
      • AWS Transfer Family
      • Amazon GuardDuty
      • Amazon Bedrock
    • Demo Videos
    • Scanning APIs
    • SSO Integrations
      • Entra ID SSO Integration
      • Okta SSO Integration
  • Frequently Asked Questions
    • Getting Started
    • Product Functionality
    • Architecture Related
    • Supported File Types
  • Troubleshooting
    • CloudFormation Stack failures
    • Cross-Region Scanning on with private network
    • API Scanning: Could not connect to SSL/TLS (v7)
    • Password not received after deployment
    • Conflicted buckets
    • Modifying scaling info post-deployment
    • Objects show unscannable with access denied
    • Remote account objects not scanning
    • My scanning agents keep starting up and immediately shutting down
    • I cannot access the management console
    • Linked Account Out of Date
    • Rebooting the Management Console
    • Error when upgrading to the latest major version
    • I Cannot Create/Delete an API Agent
  • Release Notes
    • Latest (v8)
    • v7
    • v6 and older
  • Contact Us & Support
  • Data Processing Agreement
  • Privacy Policy
Powered by GitBook
On this page
  • April 2025 - Console: v8.07.003, Agent: v8.07.003
  • April 2025 - Console: v8.07.002, Agent: v8.07.002
  • March 2025 - Console: v8.07.001, Agent: v8.07.001
  • March 2025 - Console: v8.07.000, Agent: v8.07.000
  • February 2025 - Console: v8.06.001, Agent: v8.06.001
  • February 2025 - Console: v8.06.000, Agent: v8.06.000
  • February 2025 - Console: v8.05.000, Agent: v8.05.000
  • January 2025 - Console: v8.04.000, Agent: v8.04.000
  • December 2024 - Console: v8.03.000, Agent: v8.03.000
  • November 2024 - Console: v8.02.001, Agent: v8.02.001
  • October 2024 - Console: v8.02.000, Agent: v8.02.000
  • October 2024 - Console: v8.01.001, Agent: v8.01.001
  • September 2024 - Console: v8.01.000, Agent: v8.01.000
  • August 2024 - Console: v8.00.000, Agent: v8.00.000
  1. Release Notes

Latest (v8)

We will cover a running list of new features and releases with the latest always placed at the top.

PreviousRelease NotesNextv7

Last updated 20 days ago

**IMPORTANT**

Please upgrade your Linked Account Roles to v1.14.001 or later BEFORE upgrading your console/agent to v8.

If you do not upgrade your Linked Account Roles then you could experience problems when using EventBridge. to learn more about Linked Account Updates.

Please also note, you'll also need to upgrade your console/agent to the you're currently on before you can upgrade to the next major version.

For example, if you are on v6, you'll need to upgrade to the latest version of v6, then upgrade to the latest of v7, then finally upgrade to v8.

If you are deployed using public subnets then you are most likely using our cloudstoragesecapp.com subdomain to connect to your Management Console. The SSL Certificate associated with that domain name was renewed as of v8.07.002. Please upgrade to the latest console version to avoid any SSL browser errors.

April 2025 - Console: v8.07.003, Agent: v8.07.003

In this release:

Patch to update AWS Marketplace listings. There is no need to update to this version as there are no infrastructure changes.

April 2025 - Console: v8.07.002, Agent: v8.07.002

In this release:

Updated our SSL Certificate. Be sure to update to this version to avoid SSL browser errors!

Various Improvements and Bug Fixes

  • Fixed a bug where the Proxy option in the CFT caused issues with deployment

  • Migrated certain logs to Trace level to avoid excessive logging

    • Modify the LOG_LEVEL environment variable to 'Trace' in the Console's task definition to access these logs

v8.07.002 Cloud Formation Template

March 2025 - Console: v8.07.001, Agent: v8.07.001

In this release:

Various Improvements and Bug Fixes

  • UI improvements on the Schedules page

  • Fixed a bug where completed jobs were incorrectly being marked as being in an invalid status

  • Fixed a bug where 'Suspicious' findings by the Sophos engine didn't surface in the Findings page when multiple engines were being used

  • Fixed a bug where users could access certain API actions outside of their group assignment

v8.07.001 Cloud Formation Template

March 2025 - Console: v8.07.000, Agent: v8.07.000

In this release:

Updated Console Navigation

  • We've updated the Console's navigation page to make it more intuitive.

Updated Protection UI

  • Protection columns have now been moved to the left-hand side.

API Agent Hardening

  • API Agent has been hardened to prevent against server-side request forgery (SSRF) attacks

  • API Agent has been hardened to prevent against path traversal attacks

Improved Reporting Times

  • Improving reporting time for the following sections to make it more real-time

    • Malware Found Last Week dashboard

    • Total Number of Infected Files dashboard

    • Findings page

Engine Rename

  • ClamAV has been renamed CSS Secure in the Console

Various Improvements and Bug Fixes

  • Fixed a bug where Azure Blobs were failing to update in the Console

  • Fixed a bug where the Findings page occasionally failed to load

  • GCP Retro Scanning Fixes

  • UI fixes for the EFS Protection page

v8.07.000 Cloud Formation Template

February 2025 - Console: v8.06.001, Agent: v8.06.001

In this release:

Various Improvements and Bug Fixes

  • Fixed a bug impacting GCP on-demand scanning

  • Fixed a bug impacting the API Scanning Agent's ability to process certain URLs

v8.06.001 Cloud Formation Template

February 2025 - Console: v8.06.000, Agent: v8.06.000

In this release:

Quarantine Error and Unscannable Files

  • We now offer the option to quarantine Error and / or Unscannable files

  • Set it in the Configuration > Scan Settings page

AWS FIPS Endpoint Setting

  • CSS can now use FIPS endpoints for its calls to AWS services. Enable this feature in the CloudFormation template.

  • Available in both commercial cloud and GovCloud

  • Works in U.S. Regions only

  • No FIPS for the following API calls:

    • S3 ListBuckets

    • Marketplace MeterUsage

    • Application Auto Scaling (unavailable in commercial cloud, ASG FIPS endpoints are available in GovCloud)

Storage Protection Status and Malware Found Dashboards

  • Storage Protection Status UI panel added

    • Shows total / potected storage container ratio for AWS, Azure, and GCP

  • Malware Found Last Week UI panel added

    • Shows malware found in the last week

Custom KMS key usage for DynamoDB, SNS, and SQS

  • Enable feature in the CloudFormation Template

Various Improvements and Bug Fixes

  • Sophos AV engine updated to version 3.93.1

  • Sophos Content Analysis engine updated to version 3.51.0

  • Fixed a bug where EventBridge-protected buckets connected to Proactive Notifications were unable to provide an accurate VersionId field

  • Fixed a bug where ECS tasks were failing to end

  • API Scanning fixes

v8.06.000 Cloud Formation Template

February 2025 - Console: v8.05.000, Agent: v8.05.000

In this release:

Various Improvements and Bug Fixes

  • Retro scans with ScanResult Proactive Notifications now include the VersionId field

  • GCP Fixes

  • Azure Fixes

  • UI Fixes

v8.05.000 Cloud Formation Template

January 2025 - Console: v8.04.000, Agent: v8.04.000

In this release:

CrowdStrike Engine Removal

  • We have removed CrowdStrike as a scanning due to low usage

GCP Object Scheduled Scanning

  • Users can now link and perform scheduled and on-demand scans on GCP buckets!

  • GCP Scanning supports all scanning engines currently offered

  • The Console generates a Terraform file to deploy scanning architecture into GCP

Daily Email Updates

  • Users can set up daily email reports of data scanned

  • See findings and problematic at a glance

  • Configure in Configuration > Proactive Notifications

SSO User Roles and Groups Assignment

  • Users provisioned via SSO can be assigned to a default role and group prior to creation to remove the need of manual configuration

CloudFormation EBS, EFS, FSx Opt-Out

  • Added the ability to opt-out of accessing and ingesting EBS, EFS, and FSx volumes

  • Configure in the updated CloudFormation Template

Error Log Dashboard Improvement

  • Added new Error Logs page to assist with troubleshooting

URL Redirect Prevention

  • Added mechanisms preventing Console URL manipulation to guard against user redirect attacks

Various Improvements and Bug Fixes

  • For GovCloud deployments launched in AV mode, DC can now be enabled in the License Management page.

  • New console deployments will launch with Sophos and CSS Premium as default scanning engines

  • Sophos AV Engine updated to 3.92.0

  • Fixed a bug where folders were being moved in a 2 bucket system

  • Proactive Notification Fixes

  • Permissions Fixes

  • ClamAV Engine Fixes

  • Azure Fixes

  • UI Fixes

v8.04.001 Cloud Formation Template

December 2024 - Console: v8.03.000, Agent: v8.03.000

In this release:

General Availability for Azure Blob Scanning

  • All scanning engines are available to use for Azure blob scanning

New CSS Premium Scanning Engine Available

  • We've added a new premium antivirus scanning engine to our solution allowing you to scan files up to 5TB in size

  • Use it as your primary scanning engine or as a secondary scanning engine to increase the efficacy of your scan

  • This new scanning engine is available for scanning both AWS and Azure storage volumes

Linked Account Role Updates to v1.14.001

  • Make sure to update your Linked Account roles to the latest version

Various Improvements and Bug Fixes

  • FSx fix

  • Sophos definition improvements

  • Scan Settings page fix

  • API Scanning fix

  • EventBridge scanning fix

  • AWS MarketplaceMetering improvements

v8.03.000 Cloud Formation Template

November 2024 - Console: v8.02.001, Agent: v8.02.001

In this release:

Verbose Logs

  • Capturing S3 Request IDs can now be activated for troubleshooting purposes

  • In the Console's task definition, modifying the LOG_LEVEL environment variable to 'Debug' will now allow the Console to deposit S3 Request IDs into the Console.Buckets log group

Various Improvements and Bug Fixes

  • Logging Fixes

  • Console UI Fixes and Improvements

  • Large File Scanning Fixes

v8.02.001 Cloud Formation Template

October 2024 - Console: v8.02.000, Agent: v8.02.000

In this release:

Azure Event-based Scanning and Updates (early access)

  • Updated Threat Map includes Azure data

  • Event protection now enabled in the Console for Blob storage

  • Azure event-based containers now have autoscaling capabilities depending on queue size

  • Azure event agent settings are now partitioned by accounts

  • Agent configuration is now stored in the same storage account to reduce infrastructure costs

Added customization for SNS topic policy

  • Terraform module now includes the ability to append statements to the SNS Topic Policy

IAM Improvements

  • We've tightened the permissions in the CloudStorageSecRemotePolicy, removing excessive wildcard permissions with more granularity

Various Improvements and Bug Fixes

  • ClamAV Private Mirror functionality fixed

  • Fixed a bug where lack of ability to reach CloudTrail Lake endpoint was preventing console login

  • API agents can now be properly stood up in il-central-1

  • Azure fixes and improvements

  • UI fixes and improvements

  • Event-based scanning fixes

  • Retro/on-demand scanning fixes

  • Large file scanning fixes

v8.02.000 Cloud Formation Template

October 2024 - Console: v8.01.001, Agent: v8.01.001

  • Security Hub Findings fixes

v8.01.001 Cloud Formation Template

September 2024 - Console: v8.01.000, Agent: v8.01.000

In this release:

Malware History Report

  • For users that want to get a visual understanding of how malware has been found over time, we’ve added a new page in our Console UI to track historic malware findings

  • We leverage Amazon Bedrock to interpret the malware finding to provide a human-readable summary and description of the malware found

  • As a result, Amazon Bedrock must be enabled for this feature

  • You can expand a specific identity and view more information around how often it was found

  • At this time, this report pulls data from the last 30 days of enabling it and will show information from that point onwards

Data Classification Quarantine

  • You can now quarantine files found to have PII

Reporting Bucket Secure Transport

  • We’ve removed HTTP Access to our Console Reporting bucket, which now only accepts HTTPS requests

Azure Improvements

  • In v8 we introduced Azure Blob Scheduled Scanning. We have a few improvements and fixes for Azure:

    • Scanning Improvements

    • Linked Account Fix

    • Virus Definition Update Fix

Various Improvements and Bug Fixes

  • Console UI Fixes

  • Console UI Improvements

  • Console API Improvements

  • Proactive Notifications Fix

  • Proactive Monitor now clean SQS queues left

v8.01.000 Cloud Formation Template

August 2024 - Console: v8.00.000, Agent: v8.00.000

In this release:

Azure Blob Scheduled Scanning (early access)

  • You can now link Azure accounts into your AV console and ingest any Azure blobs you have, allowing you to perform a scheduled retro scan on any pre-existing files stored within your Azure Blobs.

  • While we currently only support Retro scanning for Azure Blob we will expand to support event-based scanning in an upcoming release in the near future.

Minimized Permissions

  • We've updated our CloudFormation template to use customer managed IAM policies vs inline IAM policies. We've done this to ensure we're using the minimum permissions required to deploy our solution.

Threat Map UI Updates

  • Infection and Classification titles on the right panel were changed to "Malware" and "Sensitive Data".

  • Legend at the bottom left shows "No Malware or Sensitive Data", " "Malware Found", "Suspicious Files or Sensitive Data Found".

  • Legend icons view can be toggled by clicking on it.

  • Regional information drill-down option navigates to Problem Files/Findings page w/ filters applied when clicked on

Bucket Size and Object Count Metrics Fixed

  • We've improved how we calculate bucket size and object count for each S3 bucket that we ingest on the Bucket Protection page.

Various Improvements and Bug Fixes

  • EFS Volume Scanning Fixes

  • EBS Volume Fixes

  • API Scanning Fixes

  • TerraForm Module Fixes

v8.00.000 CloudFormation Template

Read more about our finding types .

Learn more about linking your GCP Account(s)

You can now scan new and pre-existing files stored in

Learn more about linking your Azure account(s)

Want to get early access to Azure Blob scanning? and we can assist!

If you have IAM policies or Service Control Policies that prevent creating customer managed policies, you'll need an exception for this upgrade. You can refer to for more information.

v8.07.002
v8.07.001
v8.07.000
v8.06.001
here
v8.06.000
v8.05.000
here
v8.04.001
Azure Blobs
here
v8.03.000
v8.02.001
v8.02.000
v8.01.001
v8.01.000
Contact us
Managed policies and inline policies
v8.00.000
latest current version
Click here
FIPS Endpoints
UI Updates
GCP Buckets Protection
Daily Email Summary
Default SSO Assignments
S3 Request IDs shown in CloudWatch Log Group: Console.Buckets
Azure Blobs
Linked AWS and Azure Accounts