Votiro VA On-premises v10.0 Release Notes

Highlights

We are very pleased to announce the latest release of Votiro VA On-premises version 10.0. This version contains important enhancements to our product!

New Features

• Menlo—Votiro Rebranding - This release introduces the new Menlo—Votiro branding, including updates to the End User License Agreement (EULA) and a refreshed user interface (UI) design for a cohesive brand experience.
• Enhanced SIEM Integration - Our product now supports sending audit events directly via Syslog, enabling better integration with existing security information and event management (SIEM) systems for centralized logging and monitoring.
• QR Code Sanitization - A new capability has been added to sanitize QR codes, ensuring that any embedded malicious content or links are neutralized before they can pose a threat.
• SVG Image Security - This new feature allows the removal of external file references embedded within SVG images, mitigating potential risks associated with external content.
• Flexible File Connector Deployment - The File Connector now offers increased flexibility by allowing input and output folders to be located on different hosts, simplifying deployment in distributed environments.
• Enhanced URL Protection for Office and PDF Files - URL protection for Office and PDF files has been significantly enhanced, with new capabilities to mask suspicious links and sanitize (rewrite) them to prevent users from accessing malicious destinations.
• Password-Protected Portal Enhancements:
  • Nested PPF Detection - Our password-protected solution now supports detection of nested password-protected files.
  • Customizable Communication - Administrators can now customize the wording of messages sent in email bodies related to Password-Protected Files (PPF), providing greater control over user communication.
  • "Peek" at Password - For improved user experience, a "peek" button has been added to password entry fields, allowing users to temporarily reveal their entered password for verification.
  • Customizable PPF Portal Logo - Organizations can now upload and display their own logo on the Password-Protected Files (PPF) portal, enhancing brand consistency and user trust.
  • Brute-Force Protection - To bolster security, the PPF portal will now automatically lock for 10 minutes after three consecutive failed password attempts, preventing brute-force attacks.
• Service Token by Privileges - Service tokens have been enhanced with privilege-based access control:
  • Connector - This token type is specifically for authenticating file upload procedures. Existing tokens will automatically be assigned the 'Connector' type.
  • Developer - This token type grants access to all available APIs and should be handled with extreme caution due to its broad permissions.
• Browser Plugin - Context Identifiers Enhancements: Improvements have been made to context identifiers within the browser plugin, leading to more accurate and efficient threat detection and content handling.
• New File Types Support - Votiro now supports a wider range of file types:
  • Sanitization support - Hancom HWP/X, Cell, Show, HTML sanitization, HEIC sanitization.
  • Detection support - WEBP, Tableau, DWF, SQL
• ML Macros LLM - New Lightweight Model: This release introduces a new, lightweight Machine Learning model for macros, significantly improving detection accuracy.

Deprecated Features

To further enhance data protection, Dynamic Data Exchange (DDE) is now disabled for CSV files.

Resolved Issues

This release includes significant bug fixes aimed at enhancing the stability, reliability, and performance of Votiro On-prem v10.0. 
The complete list of resolved issues is as follows:

• Resolved an issue where the Built-in File Connector would not sanitize files with Japanese characters.
• Resolved an issue where the Built-in File connector had an error when sanitizing large files (>2GB).
• Resolved an issue where targeted users of the email connector were not presented on the Threats Analytics dashboard.
• Resolved an issue where the default role for a new user was admin instead of SOC role.
• Resolved an issue where Office corrupted files were not identified and blocked.
• Resolved an issue where PNG file sanitization caused an increase in file size.
• Resolved an issue where URL reputation was still running even when it was disabled.
• Resolved an issue where a specific suspicious part within an Excel file (external file as hyperlink) was not removed post-sanitization.
• Resolved an issue where a file was missing from a PPF zip due to "System Locale" settings.
• Resolved an issue where in some cases a Macro Removed event was not published in the UI.
• Resolved an issue where password-protected files were released multiple times.
• Resolved an issue where "Sanitization error" was displayed instead of "Wrong password" for PPF.
• Resolved an issue where a Summary Report was not generated due to a "bad request" error.
• Resolved an issue where license usage was shown as “0” instead of the actual license usage.
• Resolved an issue where "Win Events" items did not display in Votiro filtered incidents.
• Resolved an issue where some JPG image files were not identified and were detected as "Unknown."
• Resolved an issue where a Released original file was sent as an attachment instead of the email itself.
• Resolved an issue where specific PDF files took a long time to process.
• Resolved an issue where some MOV files were detected as unknown.

• Resolved an issue where recipient's information of EML files was not displayed.

• Resolved an issue where HEIC files were not sanitized by default.