What's New in OfficeScan XG

This version of OfficeScan includes the following new features and enhancements.



Ransomware Protection enhancements

Your protection against ransomware attacks has been further enhanced to allow OfficeScan agents to recover files encrypted by ransomware threats, block processes associated with ransomware, and prevent compromised executable files from infecting your network.

For more information, see Ransomware Protection.

Newly Encountered Program protection enhancement

To more easily maximize your ransomware protection security policy on individual agents, the newly encountered program detection feature has been moved to the Behavior Monitoring settings screen.

For more information, see Newly Encountered Program Protection.

You can also customize the message that displays on agent endpoints after a user downloads and executes a newly encountered program.

For more information, see Modifying the Content of the Notification Message.

Predictive Machine Learning

The Predictive Machine Learning engine can protect your network from new, previously unidentified, or unknown threats through advanced file feature analysis and heuristic process monitoring. Predictive Machine Learning can ascertain the probability that a threat exists in a file or process and the probable threat type, protecting you from zero-day attacks.

OfficeScan Edge Relay Server

The OfficeScan Edge Relay server provides you greater visibility and increased protection for endpoints that leave the local intranet by providing the following features:

  • Suspicious Object list synchronization

  • Sample submission

  • Log submission

  • Agent status information submission, such as current pattern and component versions

For more information, see Edge Relay Server.

Suspicious File Sample Submission

To further enhance your integration with a Deep Discovery Virtual Analyzer, OfficeScan agents can now detect and send suspicious files that may contain previously unknown threats directly to the Virtual Analyzer for further analysis. After verifying that a threat exists, the Suspicious Object lists are immediately updated and synchronized to all agents, preventing the threat from spreading across your network.

For more information, see Sample Submission.

Dashboard UI enhancements

The Dashboard has been redesigned to provide better visibility of your network's protection status.

Control Manager integration enhancements

To prevent unauthorized communication between the Control Manager and OfficeScan servers, registration to the Control Manager server requires certificate authentication and policy management through the Control Manager server is managed using public-key encryption.

For more information, see Control Manager Certificate Authorization.

Anti-exploit protection

Real-time Scan allows you to detect and block threats using Common Vulnerabilities and Exposures (CVE) exploits.

For more information, see Scan Settings.

Behavior Monitoring can also detect abnormal program behavior that is common to exploit attacks.

For more information, see Anti-Exploit Protection.

Suspicious Connections enhancement

You can now configure the Suspicious Connections feature to log or block network connections detected by the Global C&C IP list and malware network fingerprinting.

For more information, see Configuring Suspicious Connection Settings.

Firewall enhancements

The application filter of the OfficeScan Firewall now supports Windows 8 and later platforms.

You can grant OfficeScan agents users the privilege of configuring the firewall security level and exceptions list.

For more information, see Adding a Firewall Profile.

Independent mode

The previously named "Roaming" mode has been renamed as "Independent" mode.

For more information, see Agent Connection Status.

Platform and browser support

This version of OfficeScan provides support for the following:

  • Microsoft™ Windows™ Server 2016


This version of OfficeScan discontinues support of the Apache Web Server.