Release Notes
| MetaDefender Kiosk 4.8.3 | |
|---|---|
| 26 June 2026 (Kiosk 4.8.3.7906) | |
| New Features | |
| Support SSO Smartcard Authentication with Certificate-based Sign-in. | Users can now authenticate at the Kiosk using
a smartcard which enables certificate-based sign-in for SSO authentication
(such as Microsoft EntraID). This strengthens identity assurance for
high-security environments that mandate hardware-based credentials.
 |
| Support Running The Kiosk UI under Standard User Accounts | The Kiosk UI can now run under a standard Windows user account instead of
an administrator, reducing the attack surface and aligning deployments with
least-privilege security policies. Administrators can optionally configure a
separate admin account for tasks that require elevated privileges.
 |
| Encrypted USB Profile Capture Tool | Kiosk now includes a utility tool that allows administrators to capture
the unlocking process of encrypted USB devices not natively supported by
Kiosk. The captured profile can then be exported as a JSON file and imported
into Kiosk, enabling it to recognize and unlock these devices automatically.
This makes it easy to extend encrypted USB support and replicate
configurations across multiple Kiosk deployments.
 |
| Execute Remote Script Execution from Central Management (CM10) | Central Management (CM10) can now support remotely triggering script
execution commands on managed Kiosk devices, enabling centralized automation
and maintenance without physical access to each Kiosk.
 |
| Dedicated Kiosk Hardened Image Upgrade Option in CM10 | Kiosk hardened image upgrades through Central Management (CM10) have been
enhanced with a dedicated upgrade option, making it easier to manage and roll
out image updates across individual devices or groups. Providing a more
streamlined and intuitive upgrade management.
 |
| Telemetry for Product Improvement | A new telemetry capability collects operational and usage data to help OPSWAT continuously improve product quality and performance. This feature can be disabled at any time if preferred. |
| Enhancement | |
| SSO Group-Based Kiosk Workflow Assignment | Administrators can now assign Kiosk workflows based on SSO group
membership, enabling group-driven access, processing rules, and routing
without configuring each user individually.
 |
| Enhanced SSO authentication in Management Console to support OIDC | Extending the existing SSO support in Management Console, Kiosk now also
supports OIDC-based single sign-on, giving administrators more flexibility to
centralize authentication and manage the user lifecycle through their
organization's preferred identity platform.
 |
| Custom Logo for Media Passport & Session Logs | Administrators can now display a custom organization logo on the Media
Passport and Session log, allowing these reports to be branded consistently
with corporate identity for a more professional appearance.
 |
| Support Managed File Transfer (MFT) Browsing | Administrators can enable Managed File Transfer (MFT) browsing when
uploading files through the Kiosk, streamlining secure file submission
without leaving the Kiosk interface.
 |
| Support Variables in Custom Command-Line Scripts | Administrators can now pass variables and the
end user's "User Question" response (%%%userresponseX%%%) into
custom command-line post-actions.
 |
| Pre-Configured Passwords for Original Encrypted Destination USBs | Administrators can pre-configure passwords for encrypted both original
and destination USB drives, so file retrieval and write-back proceed
automatically without prompting the end user to unlock the device manually.
 |
| Enhanced Offline Activation Instructions | The offline activation instructions exported to USB are now a
professionally formatted PDF with a 5-step visual guide, embedded portal
screenshots, deployment IDs, and OPSWAT branding, replacing the previous
plain-text file for a clearer activation experience.
 |
| Enhance Back Button to Insert Media Screen | The back button has been enhanced to allow users to return to the insert media screen, making it easy to reinsert or swap media without restarting the entire session. This improves the experience when a drive is removed early or needs to be replaced with a different one. |
| Support scan LVM partitions in Acronis TIB disk images. | The Kiosk can now mount and scan LVM (Logical Volume Manager) partitions storing in Acronis TIB disk images, extending backup-image scanning coverage to a wider range of source media. |
| Improved Skipped File Reporting | Scan results in the Kiosk UI and logs now provide more detailed
information about skipped files. This gives operators clearer visibility into
scan outcomes and makes it easier to troubleshoot why specific files were not
processed.
 |
| BitLocker-Encrypted USB Unlock with Recovery Key | Extend the existing support of BitLocker, the Kiosk can now unlock and
scan BitLocker-encrypted USB drives using a provided recovery key.
 |
| System Resource Optimization for Large File Scans | Memory consumption has been optimized to improve stability when handling large scans, reducing the risk of resource exhaustion and unexpected failures during high-volume sessions. |
| Improved Paging Performance | Improved paging performance when displaying large scan sessions or long
lists of application logs, resulting in faster load times and a more
responsive experience
 |
| Improved Mobile Device Scanning | Improved performance when scanning files transferred from mobile devices such as phones and tablets, delivering faster and more efficient processing within the Kiosk workflow. |
| Display DHCP or Static IP in Device Info screen | The Device Information in Kiosk UI now shows whether the Kiosk's IP address is assigned via DHCP or statically configured. |
| Removed Legacy Visual C++ Runtimes | Legacy Visual C++ runtimes have been evaluated and removed from the Kiosk installer, eliminating outdated dependencies that are no longer required for installation. |
| Security Enhancements | Various security issues have been addressed to enhance the overall security of the system |
| Improved CloneZilla Disk Image Scan result | Improved scan result classification for CloneZilla disk image folders. Unmountable disk images scan results are now accurately classified as Blocked, ensuring more reliable scan outcomes. |
| Improved Email RFC Compliance | Kiosk-generated SMTP emails are now RFC-compliant with proper headers, sender/recipient formatting, and encoding for non-English content, preventing mail servers from rejecting or silently dropping messages. |
| Bug Fixes | |
| Fixed Kiosk service crash when scanning virtual disk files containing non-ASCII filenames | Resolved an issue where the Kiosk service could restart unexpectedly while scanning virtual disk files (VHD/VHDX), particularly those containing non-ASCII filenames on non-English system locales. |
| Fixed blank SSO login screen when network is unavailable at startup | Resolved a race condition where the Kiosk showed a blank SSO authentication screen if the service started before the network was ready. |
| Fixed missing numeric keys on the Vietnamese on-screen keyboard | Resolved an issue where the Vietnamese on-screen keyboard did not expose number and symbol keys. |
MetaDefender KIOSK Documentation
The users can consult this web page or, alternatively, they can download the manual in pdf format from the link below:
MetaDefender KIOSK manual (SHA256: 404339BCE0F3E4C5EFA52F55903C8C617C0F9630D01E2020EC09EA6CDC1304C7).
OPSWAT MetaDefender AGD Documentation_v1.6 (SHA256: 78A69F89D3C0D0FCA8A4B8D30B2C92E55D80CC559583F23AC61158F67CE04988).
Was this page helpful?