MetaDefender Core™ v5.18.0 Release

Selecting the wrong file type during policy configuration is a common source of exposure. The updated Block and Allowlist interface makes file type selection clearer and more accurate, reducing misconfiguration risk in complex environments.

Quarantined files can now be saved with password protection, preventing auto-execution if an infected file is downloaded or transferred during investigation. For incident response and forensic workflows where files move between teams or systems, this keeps malicious content contained through the full review process.

MetaDefender Core now supports Debian 12, Windows 24H2, and Windows 25H2, ensuring file security coverage keeps pace with OS upgrade cycles across your environment.

The Inventory Module now surfaces an in-platform notification with troubleshooting guidance when low connectivity is detected whether related to proxy configuration, internal connections, OCM, or license validation. Administrators get a direct path to resolution instead of having to diagnose blind.

A search bar is now available across both global settings and the Workflow Visualization view. For teams managing large numbers of custom workflow rules, this significantly reduces the time needed to locate and manage specific configurations.

MetaDefender Core now sends a signal to notify integrated products as soon as processing is complete, and response time to those integrations has been optimized. For environments running ICAP-connected solutions, this reduces latency between scan completion and the downstream product receiving the result.

The REST API now supports retrieval of file scan history for up to two years with no restriction on the number of users in the query. Security and compliance teams can pull complete audit records programmatically, supporting long-term investigations and regulatory requirements including GDPR, HIPAA, PCI DSS, and CMMC.

CSV export is now available for Executive Reports alongside existing formats, giving compliance officers and risk managers the flexibility to feed report data directly into SIEMs, governance platforms, or board-level reporting tools.

Processing history can now be exported as a structured CSV file, giving operations and compliance teams a portable, audit-ready record of all file processing activity for investigations, regulatory submissions, or routine documentation.

The SBOM engine now supports a filtered report download that returns only packages with identified vulnerabilities. When the goal is remediation or compliance evidence, security teams can go directly to actionable findings without working through the full component inventory.

Effective April 1, 2026, two new engines are being added to the Metascan™ Multiscanning MAX package.

SentinelOne joins the MAX package for both Windows and Linux, adding AI-driven behavioral analysis and machine learning detection alongside the existing signature and heuristic coverage across the 30+ engine ensemble.

Xcitium is being added to the Linux MAX package, strengthening detection coverage for Linux environments across cloud-native, OT, and regulated infrastructure.

Both additions are included within existing MAX package entitlements, with no additional integration work or licensing changes required.

Archive file types are now included in the standard Adaptive Sandbox configuration out of the box. Previously, archive analysis required a manual policy adjustment, which left standard deployments with a potential coverage gap. Detection coverage is now consistent from deployment.

Administrators can now consolidate roles into a single unified settings configuration. When users belong to multiple groups with varying rules, permissions become unpredictable and difficult to audit. Defining roles once and applying them consistently reduces those gaps and supports cleaner access control documentation for compliance teams.