Check out our new video demonstrating AppRemover for Mac!

AppRemover for Mac thoroughly uninstalls antivirus and public file sharing applications, removing all related files to ensure that the system is left stable and clean. The uninstallation process only takes a few seconds to remove an application and never requires a reboot.

This video shows how to use the command line interface of AppRemover to completely remove a Mac antivirus product. In the demo, ESET Cybersecurity is uninstalled from the local machine, however the AppRemover CLI can also be used in a networked environment.

Click to play video

The terminal is used to launch the AppRemover utility, which first detects applications installed on the system and reports the current status of each one, plus the product name, product version, vendor, and whether it is supported by AppRemover. Then specified applications, or all applications, can be removed. After the successful removal of the security applications, a log file is generated and placed in the working directory. 

AppRemover for Mac is ideal for IT pros who need to seamlessly detect and remove software from many computers at once, as well as software developers who want to add an uninstallation feature to their own applications. Click the on the image to see AppRemover for Mac in action!

Windows Security Center is a reporting tool that is built into the operating system, since the release of service pack 2 for Windows XP, that monitors the health state of the endpoint in different areas, such as Windows updates, firewall settings and antivirus/antispyware settings. In order for third party security applications to be Windows compliant, they must report their state to Security Center through the use of a private API that can be obtained by signing an NDA.

It is no surprise that antivirus software is a necessity in today's digital world to detect a growing list threats. But what about detecting the antivirus software protecting the endpoint in a growing list of antivirus software? Surely we can use Windows Security Center to determine the antivirus software protecting the endpoint, right? Yes and no.

Recently, Microsoft have exposed some new interfaces for determining the product's name and state that are reporting the Windows Security Center that are available on Windows 8 operating system. Microsoft has even provided a sample project illustrating how to work with the new Windows Security Center interfaces. So problem solved yes? Well for Windows 8 users, Microsoft has provided a secure way of obtaining this information, but how relevant is this today? If you consider the market share for Windows 8 desktops, not very relevant at all. So how can earlier operating systems query this information? WMI.

Windows Security Center is built upon Windows Management Instrumentation (WMI) which is an infrastructure for managing all kinds of data and operations on Windows operating systems. I am not going to go into the details of the WMI architecture, but I must briefly discuss a few aspects of it here: WMI consumers, WMI providers, and WMI repository.

A WMI consumer is a management application or script that can query information, run provider methods, or subscribe to events. A WMI provider supplies data for managed objects and handles messages (or invocations) sent from WMI to the managed objects. The WMI repository is a centralized storage area for managed objects organized by WMI namespaces. The following simplified diagram illustrates how each of these components of the WMI infrastructure interact with each other.

In our example, the antivirus software reporting to Windows Security Center is the WMI provider, and our scripts for retrieving the antivirus software information is the WMI consumer. There are 2 different versions of the Security Center WMI namespace.

// WMI namespace for Security Center 1, pre-Vista
root\SecurityCenter

// WMI namespace for Security Center 2, post-Vista
root\SecurityCenter2

Our focus will be on the AntiVirusProduct WMI class, which the antivirus software will provide an instance of to the given namespace. The following Managed Object Format (MOF) represents the AntiVirusProduct WMI class for Security Center 1:

class AntiVirusProduct
{
    string  companyName;              // Vendor name
    string  displayName;              // Application name
    string  instanceGuid;             // Unique identifier
    boolean onAccessScanningEnabled;  // Real-time protection
    boolean productUptoDate;          // Definition state
    string  versionNumber;            // Application version
}

There are additional properties, such as pathToEnableOnAccessUI, to the AntiVirusProduct class not listed above as they are rarely used by WMI providers. The following MOF represents the AntiVirusProduct WMI class for Security Center 2:

class AntiVirusProduct
{
    string  displayName;              // Application name
    string  instanceGuid;             // Unique identifier
    string  pathToSignedProductExe;   // Path to application
    string  pathToSignedReportingExe; // Path to provider
    uint32  productState;             // Real-time protection & defintion state
}

Now that we have an understanding of where Security Center stores information in the WMI repository and what information the antivirus software provides to Security Center, we can write a WMI consumer to access this data. There are countless examples online for how to achieve this, such as here, here, and here. For simplicity of this post, I will use a simple Visual Basic script as my WMI consumer. The following script will detect instances of AntiVirusProduct in Security Center 1 and display them in a message box.

' Open handle to to Windows Security Center '
Set oWMI = GetObject( _
  "winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter")
  
' Run Query for all AntiVirusProduct instances '
Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")

' Check if we found any instances '
If colItems.count = 0 Then
    Msgbox "No antivirus products", vbOKOnly, "Alert"
    WScript.Quit
End If

' Iterate over each of the instances found and dump useful display data '
For Each objItem in colItems
  With objItem
    Msgbox "Company name = " & .companyName & vbLf _
       & "Product name = " & .displayName & vbLf _
       & "Product version = " & .versionNumber & vbLf _
       & "RTP status = " & .onAccessScanningEnabled & vbLf _
       & "Up-to-date = " & .productUptoDate & vbLf _
       , vbOKOnly, "Antivirus product"
  End With
Next

We can slightly alter the script above to work with Windows Security Center 2.

' Open handle to to Windows Security Center '
Set oWMI = GetObject( _
  "winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter2")
  
' Run Query for all AntiVirusProduct instances '
Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")

' Check if we found any instances '
If colItems.count = 0 Then
    Msgbox "No antivirus products", vbOKOnly, "Alert"
    WScript.Quit
End If

' Iterate over each of the instances found and dump useful display data '
For Each objItem in colItems
  With objItem
     Msgbox "Product name = " & .displayName & vbLf _
        & "Path to product = " & .pathToSignedProductExe & vbLf _
        & "Product state = " & .productState & vbLf _
        , vbOKOnly, "Antivirus product"
  End With
Next

What are these scripts doing?

1. Connecting to the Security Center WMI namespace
2. Running a WQL query to find all instances of AntiVirusProduct in the namespace
3. Checks if we didn't find any instances, if so, will alert and exit
4. Iterate over each instance found and display the values

To summarize, our WMI consumer scripts have the ability to detect which antivirus application is reporting to Security Center and determine the state of the product. So, how can we trick our consumer to detect an antivirus application that is not installed on the system?

The information that we just accessed is stored in the WMI repository, which is a storage area. Any WMI consumer can make a query on this information. We can insert data into this WMI namespace for the AntiVirusProduct WMI class through a WMI provider. There are numerous ways to provide data to WMI. We are going to use the MOF Compiler, which is part of the .NET Framework, to insert data into the WMI repository. Remember, that in order for a security product to actually report it's status notifications to Security Center, it must use the private API's, however, I am talking about WMI consumers.

The following MOF file (fake-av.mof) represents an instance of the AntiVirusProduct WMI class for Security Center 1:

#pragma autorecover

#pragma namespace("\\\\.\\root")

instance of __Namespace
{
  Name = "SecurityCenter";
};

#pragma namespace("\\\\.\\root\\SecurityCenter")

instance of AntiVirusProduct
{
    companyName = "ESET, spol. s.r.o.";
    displayName = "ESET NOD32 Antivirus 4";
    instanceGuid = "{CD3EA3C2-91CB-4359-90DC-1E909147B6B0}";
    onAccessScanningEnabled = TRUE;
    productUptoDate = TRUE;
    versionNumber = "6.2.71.2";
};

To compile and insert the managed object into the WMI repository, run the following command with administrative privileges. The following assumes that mofcomp.exe is in your %PATH% and you are running this from the same directory as your "fake-av.mof" file.

 C:\Documents and Settings\test\Desktop>mofcomp.exe fave-av.mof

If successful, you will see the following output:

 Microsoft (R) MOF Compiler Version 6.1.7600.16385
 Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
 Parsing MOF file: fake-av.mof
 MOF file has been successfully parsed
 Storing data in the repository...
 Done!

Now if we run the same Visual Basic script above, we will falsely detect ESET NOD32 Antivirus 4 on the endpoint with its real time protection status on and the virus definitions up-to-date. The same process can used with Security Center 2 with the following MOF file.

#pragma autorecover

#pragma namespace("\\\\.\\root")

instance of __Namespace
{
  Name = "SecurityCenter2";
};

#pragma namespace("\\\\.\\root\\SecurityCenter2")

instance of AntiVirusProduct
{
	displayName = "ESET NOD32 Antivirus 4";
	instanceGuid = "{CD3EA3C2-91CB-4359-90DC-1E909147B6B0}";
	pathToSignedProductExe = 
	"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ecmd.exe";
	pathToSignedReportingExe =
	"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\x86\\ekrn.exe";
	productState = 266240;
};

The values to provide to productState are undocumented. In fact, all of the WMI namespaces and classes are undocumented, however, the following blog post shines some undocumented light on the matter, which has held true in all of my testing.

The moral of the story, do not rely solely on a WMI consumer for detecting security products reporting to Security Center. They can easily be fooled.

Disclaimer

This post is, by no means, meant to discredit the security that Microsoft provides with Windows Security Center. There have been posts in the past that have brought up spoofing Security Center in the context of malware attacks. The content of this post should be applied to software manageability.

There are ways in which one could authenticate the content returned to the WMI consumer. The purpose of this article is merely to expose the effect of having a "lazy" WMI consumer for security product inventory through Security Center.

Mike Owens
Software Team Lead
OPSWAT

OPSWAT released new versions of AppRemover, OESIS Local, Metascan and Metadefender for Media this past month, including support for new applications and several important feature enhancements.

Recent releases of OESIS Local include numerous enhancements to product support and a new API called “GetMachineType” which helps identify whether the system being used is a laptop or desktop and on which platform. This API allows customers to add another factor to their device risk assessment and enables differentiation for permissions of desktop computers versus laptops.

Version 3.0.6.1 of AppRemover includes support for five new security applications from vendors such as Symantec and Max Secure Software. Additionally, AppRemover’s whitelisting mechanism has been enhanced to include the ability to exclude specific product detection, giving customers more flexibility and control over the uninstallation process.

Last week OPSWAT released Metascanversion 3.7.1 with several significant feature enhancements. These include support for Windows 8 and Windows 2012, as well as improved caching and logging of scanned results. Metascan Client is also included in Metascan 3.7.1, allowing quick scanning of endpoints with multiple antivirus engines.

Finally, version 2.6.6 of Metadefender for Media was released with minor bug fixes.

Please visit https://portal.opswat.com to review the release notes and product user guides and to download the latest product versions.

We attended the 23rd annual RSA Conference at the end of February in San Francisco’s Moscone Center and exhibited exciting new innovations and product demos in the OPSWAT booth.

Almost 700 people stopped by our booth during the four-day long event, and visitors had the chance to view demos of our latest products, including Metascan Client, which quickly scans endpoints with multiple antivirus engines.

Click to play video

Many of the conference sessions and Expo floor discussions focused on mobile security, and we demoed OESIS Framework on mobile devices, showing how our SDK can detect and assess applications on Android and iOS devices. For those that could not attend the conference and would like more details about Metascan Client, OESIS for mobile or any of the products we exhibited during the conference, please contact sales@opswat.com.

For every conference attendee who visited our booth, we donated $1 to the Wounded Warrior Project, a charity that provides programs and services to members of the military that suffered injuries during combat. Thanks to all those that participated, OPSWAT will be donating a total of $672!

In celebration of our great customers and partners, we hosted our annual RSA VIP Party at OPSWAT headquarters during the conference. Visitors who stopped by participated in pop-shot basketball games, challenged us to arcade games and enjoyed free chair massages! Attendees included customers and partners from companies such as AppRiver, Avira, Symantec, Trend Micro, Dell SonicWall, Cisco, and others.

For video highlights of our booth at RSA and the RSA VIP Party, click the image above. You can click here to check out pictures of the conference and party. Make sure to like our Facebook fan page to get the latest updates from OPSWAT! 

Organizations today have a basic need to move data both internally - between networks and domains - and externally, in B2B file exchange operations. However, these seemingly simple tasks have become quite challenging in the face of mounting regulations and increased security levels. Additionally, the threat from malware and virus attacks is also increasingly difficult for IT teams to manage.

Join OPSWAT and Attunity for a webinar this Wednesday, March 20th to learn about best practices and key technologies for tackling these critical issues. Specifically, you will learn how Attunity MFT, combined with OPSWAT’s Metascan, will:

• Automate the process of transferring files wherever they need to go
• Incorporate multiple anti-malware engine scanning to eliminate risk of malware attacks
• Greatly reduce manual efforts currently used to inspect and move data through highly-secured network tiers
• And a lot more

In addition, Reza Khan, Attunity's Director Global Support Services, will discuss and demonstrate the combined Attunity MFT and OPSWAT Metascan software solution.

OPSWAT is happy to announce the availability of the new Metascan Client, and we will be hosting a webinar this week to introduce the technology.

Metascan Client is a lightweight tool that can be deployed to endpoints throughout an organization to scan running processes, folders, drives, etc. for threats. Metascan Client harnesses the power of multiple antivirus engines, connecting to a Metascan server either hosted in your organization or in the cloud.

Join OPSWAT for a webinar this Thursday, March 21st at 10:00 am PDT for an overview, a live demonstration, and to learn about how this new technology can:

• Multi-scan endpoints for viruses, key loggers, and other malware
• Scan files or running processes
• Enhance network security
• And more

We recently created a new video featuring OPSWAT’s OESIS Framework! Check out the video to see how OESIS can enhance your solution with features for detecting, assessing and remediating thousands of third-party software applications. OESIS is a cross-platform, open development framework that significantly reduces development time and support costs for software engineers and technology vendors looking to perform endpoint assessment and management for Windows, Mac, Linux and mobile platforms such as Android and iOS.

Click to play video

The video briefly highlights several features of OESIS, including many supported modules and a variety of powerful APIs. Click on the image on the right to view the video and learn how OESIS can benefit your organization.

To learn more, visit the OESIS page.

Our team has certified many new products for March, including the first OPSWAT Certifications for these new partners: Cicada Security, ESTsoft and GEN-X Technology.

Below are our latest OPSWAT Certifications; these products are now verified compatible with leading SSL VPN and NAC solutions from vendors including Cisco, F5, Citrix, Juniper and many others!

	Avira Server Security 12.x
	Avira Server Security 12.x
	Cicada Security Client 2.x
	Avast Internet Security 8.x Avast Premier Antivirus 8.x Sourcenext VirusSecurity Zero 12.x
	Avast Internet Security 8.x Avast Premier Antivirus 8.x Avast Pro Antivirus 8.x ESTsoft ALYac Enterprise 2.x GEN-X Total Security 1.x
	Avast Free Antivirus 8.x Avast Internet Security 8.x Avast Premier Antivirus 8.x Avast Pro Antivirus 8.x Avira Free Mac Security 1.x ESTsoft ALYac Enterprise 2.x GEN-X Total Security 1.x Intego VirusBarrier 2013
	Avast Internet Security 8.x Avast Premier Antivirus 8.x ESTsoft ALYac Enterprise 2.x GEN-X Total Security 1.x Intego NetBarrier 2013

OPSWAT continues to support San Francisco State University (SFSU) students in their work with OpenMRS and more recently, the Raxa project. The Raxa project is a part of OpenMRS, an open source medical record system project which was developed in 2004 by the Regenstrief Institute at Indiana University to support automated record-keeping in developing countries.

The significant benefit of using OpenMRS is that it allows users to modify the system from anywhere in the world according to the specific needs of each community. The Raxa project focuses on bringing affordable and quality healthcare to rural communities in India, helping to store patients’ medical history and to enhance delivery of medical services in areas of low internet connectivity and electricity.

OPSWAT released new versions of OESIS Local, AppRemover and OESIS Monitor this past month, including support for new applications from several top security vendors.

This month's weekly releases of OESIS Local include new supportfor products from vendors such as Kaspersky, Norman, Avast and many others. Additionally, minor bug fixes have been released.

Version 3.0.7.1 of AppRemover includes support for an additional 13 security products on the Windows platform and one additional public file sharing application. AppRemover currently supports removal of more than 350 different security applications and more than 120 public file sharing applications on Windows.

Finally, a release of OESIS Monitor included minor maintenance updates.

Please visit https://portal.opswat.com to review the release notes and product user guides and to download the latest product versions.

We are very excited to announce the release of a new version of Security Score! Thanks to valuable feedback from those who have tried out the Security Score beta, we have added many new features to the tool.

In this release, we have enhanced Security Score to scan your computer every 24 hours so that you can monitor your security and the status of your applications over time.

In addition, we have added a display of the threats that have been detected by your antivirus application (click the images to the right to expand and see examples of these details) and improved the calculation of the security score.

Finally, we’ve also added an automatic updating feature to the tool so that you can get the latest improvements to Security Score whenever you restart the application.

To try out the improved Security Score visit http://www.opswat.com/products/security-score to download and install the tool.

We appreciate your feedback on this tool - please continue to use the 'Report an issue' button to send us your suggestions, and look for more enhancements in the coming months!

Check out our new video demonstrating how to uninstall an antivirus application using our AppRemover CLI! Ideal for IT pros and software engineers, AppRemover supports complete detection and removal of various security and public file sharing applications.

Click to play video

This demo illustrates how administrators can use simple commands to script silent and thorough removal of unwanted applications.In the video, we demonstrate the basic uninstallation process in a situation where a user’s application license has expired and the user is in the process of moving to an entirely new security product. The terminal is used to launch the AppRemover utility, which first detects applications installed on the system and reports the current status of each one. Then, specified applications, or all applications, can be removed.

Click on the image on the right to view the video and see the AppRemover CLI in action! To learn more, visit the AppRemover Page.

Our team is happy to announce several new OPSWAT Certifications for Windows, Mac and Android applications. Listed below are our new OPSWAT Certifications, including Android certification for our newest partner, AegisLab!

	Kaspersky Endpoint Security 8.x
	Intego Family Protector 2013
	Sophos Safeguard Disk Encryption 5.x
	AhnLab V3 Click 1.x
	AhnLab V3 Click 1.x
	K7 Ultimate Security 12.x Intego Personal Backup 2013
	AegisLab Antivirus Premium 2.x Ikarus mobile.security 1.x Comodo Mobile Security 1.x Zoner Antivirus Free 1.x Zoner Antivirus Free - Tablet 1.x Zoner Mobile Security1.x Zoner Mobile Security - Tablet 1.x Quick Heal Mobile Security Free 1.x Quick Heal Total Security Free 1.x G Data Antivirus Free 24.x

One of the ways that we illustrate the value of multi-scanning is to show how viruses take different lengths of time to go from unrecognized by any antivirus engine to being recognized by most. High profile viruses will quickly be added to antivirus signature databases soon after they are discovered, but lower profile threats that don’t have much media coverage or aren’t as widespread may take much longer.

The spread of the detection of the two threats described below illustrates the variability in how quickly new virus outbreaks are added to different antivirus engine databases.

Virus 1 was first submitted to Metascan Online (a free online virus scanner) on April 4th, when it was detected by 4 different antivirus engines. By the next day, it was detected by 16 different antivirus engines and by April 8th it was detected by 28 different antivirus engines. Over the four day period this was a difference of 24 engines detecting the threat.

Virus 2 was first uploaded to Metascan Online on April 6th, when it was detected by 3 different antivirus engines, but it was added to antivirus definition databases much more slowly than Virus 1, and was still only recognized by 9 engines two days later. The detection rate rose to 16 by April 10th and 19 by April 12th. This is only a 16 engine increase over 6 days.

Another important thing to note about these two outbreaks is that only one antivirus engine detected both on the first day each file upload was scanned, again illustrating the value of multi-scanning as a way to significantly improve detection of early virus outbreaks.

The lesson to be learned from this data is that one cannot depend on all antivirus engine providers to immediately add virus definitions to their databases soon after another engine has identified a virus. By using a multi-scanning product, an organization can improve their odds of detecting new outbreaks before damage can be done to their systems.

Tony Berning
Senior Product Manager
OPSWAT

Check out our video showcasing simultaneous uninstallation of an antivirus and a public file sharing application using the free AppRemover tool! The technology behind this free tool allows IT pros and software engineers to easily detect and remove various security and public file sharing applications.

Click to play video

AppRemover scans the computer for applications and can be used to verify the current status of each application. Then, AppRemover simultaneously removes the applications from the system and continues to work to clean up left-over files for a thorough, complete removal.

Click on the image on the right to view the video and see the AppRemover in action! To learn more, visit the AppRemover Page.

Many of you may have noticed the OPSWAT Security Toolbar is no longer included in the AppRemover download available through AppRemover.com. This change came about after reviewing feedback received from our users that suggested the toolbar was not providing overall value and that the installation was not made clear to users during the download process.

Our intention with the OPSWAT Security Toolbar was not to inconvenience our users, so we have taken it down until we are able to improve the experience. We greatly appreciate the feedback we receive from users, and hope users will continue providing this through the “Report an Issue” link. 

We have also received feedback from users having difficulty removing toolbars from their systems, and we are planning an enhancement to AppRemover that will provide the ability to uninstall browser extensions, including toolbars. Stay tuned for this update coming soon!

Again, thank you to all of our users who provided feedback. Until we’re able to offer the OPSWAT Security Toolbar in a way that will be both apparent and valuable to our users, we will continue offering the free AppRemover tool without it.

OPSWAT released their quarterly market share report today, which includes product usage for instant messaging, backup and peer-to-peer applications worldwide. In addition to announcing leading products in these categories, the report also provides insights to the percentage of users who have instant messaging or peer-to-peer applications installed and running on their computer.

As shown in the instant messaging section of this quarterly report, Skype has a commanding lead in the instant messaging market with a 37.7% share. Windows Messenger comes in just behind Skype with 31.8%. In March, Microsoft officially shut down the Windows Messenger service and began transitioning users to Skype, but it remains to be seen if some of this market share will be lost to other vendors’ applications. While Google Talk and Facebook Messenger show at just below 4% in market share, the report only accounts for installed applications and does not include in-browser chatting capabilities (i.e., Facebook Chat and Google Chat).

The quarterly report also shows market share of peer-to-peer (P2P) applications and backup sync applications. In the peer-to-peer section, the program most frequently detected in OPSWAT’s report is uTorrent, which controls more than half of the P2P market worldwide with 53.7%, and is nearly ten times more popular than its nearest competitor, Pando.  In the backup section of the report, the leader with a dominating share of 47.3% of the worldwide backup market is Dropbox.  Dropbox holds a substantial lead of the backup market over two marquee technology powerhouses in Apple’s iCloud and Google’s Drive, which finished second and third in the report. The backup applications category only includes data for syncing applications.

The data for OPSWAT’s report has historically been collected from users of OPSWAT’s free AppRemover tool. In this quarter’s report, data collection has been expanded to also come from OPSWAT Security Score. This free tool leverages the OESIS Framework to scan a computer and provides a score based on the status of installed security applications. Using data from Security Score in conjunction with AppRemover allows OPSWAT to pull data from a much more diverse sample of users and gives greater insight to the applications installed on an end user’s computer.

“This market share report is a major improvement over previous incarnations thanks to the inclusion of Security Score”, said Derek Bass, Marketing and Media Associate at OPSWAT. “With the addition of Security Score we are able to provide more accurate data to our readers and give us insight as to where the technology market is heading.”

There have been additional improvements made in the way data has been reported compared to past market share releases. In addition to combining Security Score and AppRemover together to obtain data, this report also shows the geographical distribution of where OPSWAT’s data comes from, broken down by country. The report also includes additional details regarding the data collected.

OPSWAT’s future quarterly market reports will include additional improvements and will focus on further product categories including antivirus applications. For future installments or more information regarding this report please contact marketing@opswat.com. Application vendors interested in adding their applications to the OESIS Framework are invited to partner with OPSWAT through the free OPSWAT Certification Program.

For more information about OPSWAT, the OESIS Framework, and OPSWAT Certification, please visit www.opswat.com

About OPSWAT Inc.

Founded in 2002, OPSWAT is the leading provider of software management and security technologies. With both software manageability and multi-scanning products, OPSWAT offers simplified and comprehensive SDKs that reduce time and costs for your engineering and testing teams. OPSWAT delivers: OESIS Framework, an open development framework that enables software engineers to develop products that manage thousands of third-party software applications; Multiple antivirus engine scanning products including Metascan (try the demo at www.metascan-online.com); AppRemover, a free utility that enables the complete uninstallation of security applications; and GEARS, a white-labeled, cloud-based solution for monitoring and managing computers, servers, and switches.

OPSWAT is happy to announce another batch of certifications for our partners. With the certifications listed below, we're excited to welcome two new Certified Partners, BackBlaze and NCP, and to announce new Gold certifications for Webroot and ZeoBit. Congratulations!

	Webroot SecureAnywhere Antivirus 2013 Webroot SecureAnywhere Complete 2013 Webroot SecureAnywhere Internet Security Plus 2013 Webroot SecureAnywhere Endpoint Protection 2013 ZeoBit PC Keeper Antivirus 2012
	NCP Secure Entry Client 9.x
	Trend Micro Smart Surfing for Mac 1.x Trend Micro Virus Buster 1.x
	Trend Micro Virus Buster 1.x
	Trend Micro Virus Buster 1.x
	BackBlaze Mac Online Backup 2.x

To see our full list of Certified Products, please visit www.opswat.com/certified/products.

OPSWAT released new versions of Security Score, OESIS Framework, OESIS Mobile, AppRemover, CacheCleaner, Secure Virtual Desktop, Metascan and Metadefender for Media this past month.

With this month’s update to Security Score beta, the tool now scans your computer every 24 hours so that you can monitor your security and status of your applications over time. The update also includes a log that displays the list of threats that have been detected by the antivirus software installed on your computer.

OESIS Framework had five releases in April, which included additional product support for 21 Window products and 22 Mac products from top vendors such as Kaspersky, K7, PCKeeper and more. In addition, version 3.0.6.1 of OESIS Mobile included additional product support for numerous Android applications and core functionality support for iOS which allows us to retrieve the OS version and hardware identity of the device.

Keeping with this month’s theme of additional product support, the latest update for AppRemover included support for 14 new products from top technology solution vendors such as Avast, Kaspersky, Trend Micro and many others!

Version 1.3.13.1 of CacheCleaner includes product support for Google Chrome version 24 and several bug fixes have been corrected which reduces customer issues.

The latest release of Secure Virtual Desktop included several bug fixes and changed the default settings for encryption of SVD session data to disabled.

Several great new features and improvements have been added in the newest version of Metascan. The update includes enhanced ICAP server support and a newly exposed ICAP interface to facilitate integration of multi-scanning to existing security architectures. For example, using the ICAP interface, Metascan can now be easily integrated to an established proxy server to scan all HTTP traffic over a network and block content that is detected as malware. The latest update to Metascan also features a dashboard that gives customers the ability to view the number of files Metascan has scanned and display the threats detected.

With the release of version 2.7.0, Metadefender for Media now runs in its own secure desktop environment, which provides an added layer of security that prevents users from making changes to the MD4M system itself.

Finally, this month saw the release of the beta version of the Metascan Online Public API (which is available for free to all OPSWAT Portal users). The Metascan Online Public API makes it easier for users to scan files using the more than 40 antivirus engines available in Metascan Online.

Please visit https://portal.opswat.com to review the release notes and product user guides and to download the latest product versions.

We are very excited to announce the availability of a new feature to Metascan Online, the Metascan Online Public API! This API, currently in beta, is now accessible for all users.

The Metascan Online Public API allows users to harness our cloud multi-scanning technology to scan files for malware or search for previous scan results using a file’s hash (MD5, SHA1 or SHA256). The API allows easy integration of malware scanning with the more than 40 antivirus engines included in Metascan Online, from leading security vendors such as Kaspersky, McAfee, AVG, Avira and many others.  

Free access to the Metascan Online Public API (available after signing up for an OPSWAT Portal account and obtaining a license key at https://portal.opswat.com/metascan-online-api) allows five file scans and five hash searches per hour. Users can purchase additional scans or searches by contacting sales.

Additional exciting changes have been released recently as well: we increased the file size limit to 80MB, and we’ve invested in additional hardware to increase our scanning capacity. The increased scanning capacity provides users with faster scans results, both through the web interface as well as through the Metascan Online API. 

For additional information and documentation on the Metascan Online API please visit https://www.metascan-online.com/public-api. We would appreciate your feedback on the new API – please send your comments to us by submitting a support ticket on the OPSWAT Portal!

Join us for an online webinar hosted by our Senior Product Manager Tony Berning on Wednesday, May 15th at 8 a.m. PDTto learn more about the Metascan Online API. The webinar will focus on features of the new API and how you can add multi-scanning to your security architecture. Visit the event page for more details and to register.