Skip to content

What's New

We will cover a running list of new features and releases with the latest always placed at the top.


April 2021 - v5.01.002

In this release:

  • Local Task Image Support
    • We now support the ability to host the container images locally
    • You can download the images from our repo and place them locally in your own repo
    • Simply specify and account number where the repo will be located and make sure to use matching names
    • Get more details by visiting the Advanced Deployment Considerations section
  • Various bug fixes and improvements
    • Fixed a billing issue introduced in the v5 release
    • Fixed a out-of-memory issue in the Dashboard Widgets when you have a lot of Agent data
    • Fixed a bug in the Scheduled Scan modal
    • Improved agent data lookups
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

April 2021 - v5.01.000

In this release:

  • Various bug fixes and improvements
    • Deployment Overview page updated to better reflect real-time scan protection vs schedule protection in your overall regional bucket protection score
    • Improved Object Tag handling
      • Fixed discarding existing tags on object when we place our tags
      • New object scanning will evaluate whether the object has been scanned before and skip it if it has the "scan-result" tag on it
        • This is useful if copying objects that have been previously scanned into the same or another protected bucket
        • Note: if a replacement object has been uploaded "over the top" of the existing object, we will scan it (it will come in without tags and erase existing tags)
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

March 2021 - v5.00.000

In this release:

  • Premium Scan Engine Added - Sophos
    • Sophos is a well known household name in security providing excellent detection and great performance
    • Sophos provides the ability to scan much larger file sizes
      • 15gb to start, but much larger in the very near future
    • Sophos offers much better performance
    • Get more details by visiting the Scan Engines page
  • Improvements to Local Signature Updates
  • More Deployment Options Added
    • Auto Assign Public IP - Console and Agents
      • You can control whether your Console and Agents are publicly accessible through multiple methods, but we were still assigning public IPs even if they weren't accessible. You now have the option to turn off the assignment if they will never be used
    • Agent Scan Engine
      • You can choose which engine, ClamAV or Sophos, you'd like to start with - this can be changed in the console after deployment as well
    • Info Opt-out
      • In order to provide a proper SSL-protected persistent URL for application access, we register your IP and subdomain info with our hosted Route53. If you plan to leverage a Load Balancer and would prefer not to send us that info, you can now make that choice
  • Various bug fixes and improvements
    • Bucket Protection page modified to reflect protection through real-time or scheduled scans
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

Note

Agent vCPU and Memory recommendations have changed. We recommend to run the scanning agents with 1 vCPU and 3gb Memory. The defaults have been 2 vCPU and 4gb Memory, but we are finding there is no advantage to those settings at the moment. Switching to 1 and 3 is a worthwhile cost savings while having no impact on performance. In the Performance Throughput Table the ClamAV numbers were produced with 2vCPU and 4gb Mem, but the Sophos numbers were run with 1vCPU and 3gb Mem. In subsequent testing, we saw no noticeable reduction in performance with ClamAV as well.


Leveraging the Sophos engine has an add-on cost associated with it. Check our AWS Marketplace Listing for more details on the pricing. Please Contact Us if you would like to discuss pricing in more detail.


March 2021 - v4.11.000

In this release:

  • Permitted File Handling - False Positive / Acceptable File
    • It is inevitable that a file or object is identified as infected. Whether you deem it is a false positive or an acceptable file, you will need to place it back into a useful state. This release allows you to handle those files and place them back into the original bucket they were uploaded to
    • You can place the objects back into a usable state as a one-off or "permanently"
    • Get more details by visiting the Problem Files page
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

February 2021 - v4.10.000

In this release:

  • Turn Off Public IP Assignment to Console and Scanning Agents
    • To go along with the 4.08 release that introduced the ability to put the Console and the Scanning Agents into private subnets, we have now removed the public IP that AWS would assign to the service. This public IP did not make either service public when deployed this way, but this ensures now it is not assigned at all
    • The default value is ENABLED, but after the upgrade to 4.10.000 occurs, you can run an Update Stack leveraging the same template and change the value for these two new parameters to disabled
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.
    • Upgrade issue indicated below
  • Upgrade Notes

    • If upgrading from 4.8.x and prior, you should have no issues upgrading to 4.10.000
    • If coming from 4.09.x, you will have to take an additional action this one time

    Upgrading from 4.09.000

    Release 4.09.000 introduced an upgrade bug where upgrades from this point would initially fail. There are two ways you can go about resolving this issue: reboot the console, then proceed with the upgrade or to manually upgrade pointing at the latest template. Both should take no more than 5 minutes.

    Reboot and then Upgrade

    Rebooting the console is a simple process. We will walk you through it below.

    1. Login to the AWS Console
      Note: ensure you are in the region you installed the Antivirus for Amazon S3 Management Console
    2. Navigate to the Elastic Container Service
      ECS service search
      Which will lead you to:
      ECS service
    3. Click into the Cluster that matches your deployment to see the details and services
      ECS cluster details
    4. Tick the box for the Console service and click the Update button
      ECS cluster details
    5. Tick the box for Force New Deployment and click the Skip to Review button
      ECS cluster details
    6. Click the Update Service button
      ECS cluster details

    That is it. Once the new console instance has come online you will be able to proceed with the standard upgrade process

    Upgrade directly with the CloudFormation Template

    Alternatively to rebooting you can upgrade the console manually through an Update Stack with the CloudFormation service console.

    1. Login to the AWS Console
      Note: ensure you are in the region you installed the Antivirus for Amazon S3 Management Console
    2. Navigate to the CloudFormation Service
      CFT service search
      Which will lead you to:
      CFT service
    3. Select the Stack to be updated and click the Update button CFT update
    4. Select Replace current template, specify the Amazon S3 URL to the template and click the Next button CFT update

       https://css-cft.s3.amazonaws.com/ConsoleCloudFormationTemplate.yaml
      
      1. Leave all values as they are and click the Next button CFT update
      2. Click the Next button CFT update
      3. Tick the I acknowledge ... box and click the Update Stack button CFT update

    This is it. Your stack will complete the update process and you will be on v4.10.000. Going forward you will be able to proceed with the standard upgrade process.


February 2021 - v4.09.000

In this release:

  • Custom Resource Naming
    • Many customers have a formal naming scheme for resources within their environment. It is often something along the lines of <project name>-<resource type>. For example: abc_fin_processing-sqsqueue.
    • Customers have asked us for the ability to rename the Antivirus for Amazon S3 resources to match their naming standards. With this release we're happy to say we now support that
    • A section has been added to the CloudFormation template which allows you to rename all of the resources with their own unique prefix
      • We must still append a unique appID to each resource
      • Following the example above, the resource would be created as: abc_fin_processing-sqsqueue-e6t7q1 where the e6t7q1 is the portion we append
    • Get more details on custom resource naming in the Advanced Deployment ConsiderationsOptional AWS Resource Renaming section
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

February 2021 - v4.08.001

In this release:

  • Scheduled Scanning
    • The ability to scan all files or new files (since last scan) based on a schedule
    • Whether it is because compliance is driving you to scan on a regular basis or it is that your workflow allows for non-real-time scanning, scheduled scanning provides flexibility for how you scan your data. You get to decide whether you want real-time, one-off on demand, schedule driven scanning or a combination of all the above
    • Get more details for Scheduled Scans
  • Load Balancer Deployment Option
    • Provided the option to deploy the management console behind a load balancer for persistent IP and access as an alternative to registering with the Cloud Storage Security Route53
    • This can be leveraged if you want the application tied into your own domain or you are planning a deployment without public access
    • Get more details for leveraging a load balancer in the Advanced Deployment ConsiderationsOptional Load Balancer Configuration section
    • More details will show up in the Deployment Details page as well
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

January 2021 - v4.07.000

In this release:

  • AWS Security Hub Integration
    • AWS Security Hub provides a consolidated view of your security status in AWS. Automate security checks, manage security findings, and identify the highest priority security issues across your AWS environment.
    • Antivirus for Amazon S3 has integrated with AWS Security Hub to allow your Amazon S3 object findings (malware and viruses) to be posted to this central location. Any infected files found within your Amazon S3 storage can be shown and managed alongside the rest of the findings coming from all other aspects of your infrastructure.
    • Get more details for Security Hub integration
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

January 2021 - v4.06.001

In this release:

  • Bring Your Own License Option (good for GovCloud)
    • Another consumption model for those who prefer to pre-buy an allotment of GBs to scan
      • For those who require strict control over their spend or who want to buy in bulk for discounts
      • Once the pre-purchased GB allotment runs out, you will have 14 days to get a new license in place before the scanning agents start to shut down
      • Checkout the new BYOL and GovCloud Listing
      • Pre-bought allotments can be done with the pay-as-you-go model as well. You will switch to consumption pricing once the allotment runs out
    • This deployment can be leveraged inside of GovCloud
      • For those of you who need to scan Amazon S3 inside of GovCloud, this deployment will allow for that.
      • You can work directly with us to sort out the license or we can involve a partner of choice
      • Private Offers through AWS Marketplace available as well
      • A consumption option will be provided once AWS Marketplace offers it for Fargate
  • Dashboard updates
    • Added a single, centralized Time Window time picker for all charts. So a singled time slice picked is reflected across all charts
    • Get more details here.
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

December 2020 - v4.05.001

In this release:

  • Buckets Page Optimization
    • Massive improvement to loading performance
      • Data loads independently: bucket list first, then permissions info and then the metrics
      • Bucket management can start immediately while the additional characteristic information sets are loading
      • Where it took 6+ minutes to load 1000 buckets now takes just seconds to load 3000 buckets. Working with even larger bucket sets is just fine as well. You can also break those down by Groups/Accounts to make it more feasible to deal with.
    • Regex searching and better sorting
    • Get more details on how the page works here.
  • Scan / Skip List Enhancements
    • Added support for * wild cards to be used anywhere in the path or filename for the objects
    • Added a global option where you can specify a particular path that may repeat in all your buckets to be used either with the scan or skip list
    • Get more details on how the page works here.
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.
    • Update ClamAV main engine version

December 2020 - v4.04.004

In this release:

  • Simplified KMS access
    • Added option to the CloudFormation template to grant access to all KMS keys
    • Access to all KMS keys leverages the permission option viaService to specify limited scope access to only Amazon S3 objects. The keys cannot be used for any other purpose.
    • Simply keep the default in the CFT or rerun the CFT to change the value at a later time
    • You can still grant one off access as well
    • Get more details on assigning access here.
  • Granular Prepaid License Management
    • You can now buy prepaid data amounts for Retro scanning independently from Go Forward scanning
    • You can now keep track of the license files that have been applied to the deployment
  • Global (almost) Tagging for all solution resources
    • Tags can help you manage, identify, organize, search for, and filter resources. You can create tags to categorize resources by purpose, owner, environment, or other criteria.
    • Resources we tag:
      • ECS Clusters, App Config Doc, App Config Schema, App Config Profile, SNS Topic, SQS Queues, Agent Task Def, Agent ECS Service, Security Groups, CloudWatch Metric Alarms, CloudWatch Retro Alarms, S3 Quarantine Buckets, DynamoDB tables, ECS Console Service, Console Task Def
    • Resources we are currently not tagging:
      • CloudFormation Stack, Cognito, running Tasks
      • You can manually tag the remaining items
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

November 2020 - v4.03.001

In this release:

  • Local Signature Updates (Private Mirror):
    • In certain situations, you may prefer to have the scanning agents retrieve signature updates locally rather than reaching out over the internet. Local updates would allow you to better control and potentially eliminate outbound access for the VPCs housing the scanning agents.
    • This new option allows you to specify an Amazon S3 bucket in your account for the scanning agents to look to for signature updates. You can get the updates into this bucket however you see fit (we provide a sample lambda function that can be used) and each scanning agent as it boots up and then every 6 hours after that will pick up the updates.
    • Get more details for Private Mirror (local updates)
  • Image Distribution:
    • Added Console and Scanning Agent task images to every standard AWS region as part of the build process. This enables local delivery of the Console task image as well as the Scanning Agent task image from the regions each is deployed within.
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.
    • Changing VPC settings for agents was failing due to a Security Group issue. New security groups are now created for each vpc switched to

October 2020 - v4.02.000

In this release:

  • Bucket Attributes:
    • Public settings awareness
      • Provide better awareness around the public settings for buckets. Give you a feel if a bucket is capable of being public (yellow lock) and/or whether ACL or Bucket Policies are making it truly public (yellow lock)
    • KMS encryption status
      • This makes you aware of whether a bucket is protected by Custom KMS and prevent you from scanning the objects within the bucket until the AgentRole has permissions to the key
      • red key = encrypted and AgentRole doesn't have permissions
      • green key = encrypted and AgentRole does have permissions
    • Get more details for Bucket Attributes
  • Problem Files filtering:
    • Added 3 filter options: Accounts, Problem Types and Date Range that allows you to get more specific and useful results
    • Get more details for Problem Files page updates
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.
    • Metering submission bug which was causing agents to shut down after 24 hours of non-submissions

October 2020 - v4.01.002

In this release:

  • Additional System Configuration in the console
    • New Console Settings:
      • Added the ability to change the inbound CIDR rules for console access
      • Added the ability to change the VPC and Subnets the console runs in
      • Better inform you of suitable VPCs and Subnets (public / private)
    • New Agent Settings:
      • Added the ability to change the VPC and Subnets the agent(s) runs in
      • Better inform you of suitable VPCs and Subnets (public / restricted)
    • Get more details for Console Settings and Agent Settings
  • Proactive Notifications update
    • Added 6 new notification types: bucketsDiscovered, bucketProtection, bucketCrawling, bucketsPublicAccess, updatesAvailable, trialExpiring
    • Get more details on Proactive Notifications
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.
    • Performance issues found while crawling objects
    • Bug related to long bucket names or long object paths when retro scanning

September 2020 - v4.00.009

In this release:

  • Group Organization
    • New Groups feature for deployments that need to better organize views into the accounts, buckets, scan results, users and dashboard views
    • You are now able to collect accounts and users into groups creating logical separation from other groups. This may be to separate departments (dev/test/prod or HR/Sales/Finance) within a company or to separate customers from one another in a services model
    • Get more details on Groups Management
  • Deployment Overview
    • This new page gives you a quick view into what is deployed within your infrastructure (event scanning, retro scanning) and the bucket protection status by region
    • This page also gives you the ability to cleanup parts of the installation or uninstall the entire application
    • Get more details for Deployment Overview
  • Proactive Notifications update
    • Added the bucket name to the scanResult notifications so filtering can be done by bucket as well
    • Get more details on Proactive Notifications
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

August 2020 - v3.02.004

In this release:

  • Scan Results Notifications
    • The object scan results are now sent to a new SNS Topic where you can subscribe to receive notifications based on your protocol (HTTP, HTTPS, Email, Email-JSON, Amazon SQS, AWS Lambda, Platform Application Endpoint, SMS) of choice
    • scanResult attribute is added to each message so you can filter down to the object results (Clean, Infected, Unscannable, Error) you care about
    • Get more details on Proactive Notifications
  • System Configuration from the Console
    • We've now simplified the process to change the system configuration by providing you a mechanism to configure: scaling thresholds, cpu, memory and min/max agents from within the console
    • You can set default settings that will apply to all regions as they come online or make specific configurations by region
    • Get more details for Console Settings and Agent Settings
  • Smart Scan Configuration
    • This new option will allow you to run the scanning agents only when there is work to be done. This option will modify scaling alarms to allow for the complete shutdown of scanning agents when the work queues are empty. This will save you money for those periods of times you do not have objects coming in.
    • You will have the option to determine at what point in the work queue you would like an agent to spin up to start processing. The default is any time there is work to be done (so at least 1 entry in the queue), but you can configure this as you choose
    • This mode can be turned on by default for all deployed agents or on a per region basis
    • This effectively turns the scanning agent container into a Lambda firing up when needed, but better from the perspective as it can persist for as long as there is work to be done with no limitations.
    • Get more details for Smart Scan
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

August 2020 - v3.01.001

In this release:

  • Dashboard Improvements
    • Informational widgets have been added across the top of the dashboard to give more insight into your storage protection. Top Row Widgets Data
    • Get more details here
  • Public Access identifier on buckets
    • An identifier (public lock) has been added to buckets that have public access granted on them.
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

July 2020 - v3.0.0

In this release:

  • Cross Account Scanning
    • With this release you can centrally install the console and scanning agents to perform scanning on S3 objects in both the deployed account (primary) as well as remote accounts (linked accounts). This simplifies deployment, adds cost efficiencies and allows you to better meet AWS security best practices.
    • Review how this works here
  • User Management
    • This new page gives you a clear list of users as well as allows you to add, modify and delete users within the console. You can change user roles as well as activate / deactivate them.
    • Overview of the new user management can be found here
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

July 2020 - v2.05.006

In this release:

  • Scan Existing Files
    • When enabling protection on a bucket, you will be prompted to select whether or not to scan files that were added to the bucket while it was not protected. This may be all files in the bucket, or files between a date range if you had previously protected this bucket.
    • From the "Actions" menu on the Bucket Protection page, you may choose "Scan Existing Files..." and will be presented with a dialog to scan existing files. You are able to select the date range as well as how many Agents you would like to use for scanning these files.
    • Review how this works here
  • Improved Updates
    • Applying Console updates will now perform an Update Stack operation in order to more smoothly add new features that require changes to the CloudFormation template
    • Overview of updating can be found here
  • Problem Files page
    • View a table containing information about files that were found to be infected or were too large to be scanned
    • Page overview can be found here
  • Various bug fixes and improvements
    • Many small bugs have been fixed, as well as tweaks to the UI behavior and appearance.

June 2020 - v2.01.008

This is the initial public release of the Antivirus for Amazon S3 scanning product. Cloud Storage Security is introducing an event driven scanning engine and infrastructure for Amazon S3.

In this release:

  • Deploy in minutes from AWS Marketplace Subscription
  • Simple management through Console
    • Easily turn on / off buckets for malware scanning
    • Deploy scanning Agents to multiple regions from centralized Console
    • Upgrade Console and scanning Agents in-place
    • Charts to clearly monitor usage, throughput, malicious files and protection status
    • Custom subdomain access into your console
  • Lightweight containers running on AWS Fargate
    • No EC2 instances to manage
    • Highly scalable
  • Free Trial - give it a go for 30 days! Trial extensions available when needed.
  • Pre-paid Purchase option - ability to buy GBs to scan in bulk
    • Contact Us if you would like to pursue this option

Last update: April 16, 2021