Impex release information

Release Type: General

Release date: 2025-11-29

Information about the IMPEX release 5.6.0

USBProtect in transfer mode and Xtransfer now support adding signed scanning reports in different formats to the target USB or the remote share. For USBProtect if you only scan, not transfer, Impex now can also remount the readonly source USB device and add reports to it. This operation needs to be explicitly allowed in ICC since this changes our long default behaviour: we normally mount the source device read only and never ever change anything on it.

Another requested feature coming in this release is the File Selector where, if enabled in the configuration card, one can select which files should be scanned and transferred. This is useful when the source media contains a lot of files but not all should be imported or transferred. This is available for both USBProtect and Xtransfer.

USBProtect now supports scanning and transferring to a target disk without formatting the target media. This can be useful in certain scenarios but can also be a risk which is why it is turned off by default. It can be turned on in the ICC configuration card. This is a requested feature from those who have a target disk that they reuse and want to add additional files to.

For high risk environments we now also support filesystem blocking at the udev level. A blocked filesystem will never be mounted, thus reducing the kernel attack surface on the USBProtect and Xtransfer stations.

The IMPEX 5.6.0 release

ICC changes

  • Improved station card layout heights styling
  • Added Configuration options for new scan report directives
  • Added disk usage pane in the Overview view for ICC and REPO server
  • Mark Sophos AV as legacy since it is no longer getting signature updates
  • Added Config card settings for changing transfers to be non destructive for the target media. This means the target is not getting formatted and if the scan passes the scanned files will be transferred to a new directory on the target media.
  • There is now Signify UDEV bundle on each station card; this can be used to temporarily allow a physical keyboard to be attached to a station
  • Added page numbering to the Scan report PDF

USBProtect changes

  • File selector for transfer and Xtransfer
  • Make it possible to try and force decrypting and unpacking a file although it was not tagged as an encrypted archive
  • The frontend GUI can now handle higher resolution monitors
  • Updated logging to always log in RFC3339/ISO8601 time format
  • Refactored status polling to use websocket, this makes the frontend slightly snappier
  • Added quarantining state so that when quarantining takes longer the user knows what is going on
  • When the Transfer-without-format setting is active the target drive is not formatted before scanned files are copied to it
  • When a signify UDEV bundle is processed the station will allow a physical keyboard to be attached for debugging
  • Make error messages more user friendly by supplying a user friendly message and then have a detail-button for the more technical error details
  • Implemented a new feature to block file systems on media drives. This can be enabled in the ICC GUI. This can be useful to minimize kernel attack surface if an organization knows that HFS+ support for example is not needed.

USBProtect fixes

  • Made the on-screen keyboard more responsive
  • There was a bug in the ISO Repair mode that failed to copy network settings when reinstalling a 5+ station, this has been fixed
  • Support more than 50 stations in the Station view by adding infinity scroll functionality to it like in other views

Xtransfer changes

  • We now renew kerberos tickets in case they would expire before the scanning and uploading operation can finish
  • Make it more clear when a scanned media is not going to be uploaded to the remote file share
  • Write signed reports on the target drive, if option is enabled
  • Allow for a file picker to select the files to be uploaded

Datalock changes

  • Add support for hostname (FQDN) in remote destinations. This is pretty important for customers using remote destinations which might have different IP addresses (which is common with large cloud providers)

REPO changes

  • Add disk usage endpoint which ICC uses to show disk usage in the Overview view

Documentation

  • Added USBProtect design blueprints with dimension measurements
  • General updates and improvements of documentation

Information

Operating system packages

All system components have been updated to their latest respective version.

Online Documentation

Further details and configuration guidance are available in the official documentation:

https://sysctl.se/impex/documentation/

SBOM

Each ISO and VHD release has a software bill of materials (SBOM), to make introspection of the release easy to integrate with a number of security tools.

Update Instructions

For networked Impex stations this release will be automatically installed as part of the regular update process. No manual steps are required from administrators or users. The system will apply the update seamlessly in the background, ensuring that the latest fixes are in place without any interruption to normal operations.

For standalone Impex stations, your organisation needs to download the update from portal.sysctl.se in accordance with the update instructions in chapter “USBProtect in offline mode” in the Impex USB Protect user manual.

Sysctl portal

https://portal.sysctl.se/

Documentation for offline patching

https://sysctl.se/impex/documentation/usb-protect-user-manual/#updates-and-patching

Sysctl rss/atom

https://sysctl.se/feed.xml