What's New in MOVEit Transfer

Accessibility Improvements

To expand usability of MOVEit Transfer for all users, we improved our user interface to help conform with WCAG 2.1 AA accessibility guidelines. These improvements include keyboard navigability for WebUI pages to accommodate keyboard-only users, screen reader support, and compliance with minimum contrast standards.

Navigate Folders View with Tab Key and Choose a Folder with Spacebar (selection highlighted)

MySQL Database Engine Conversion

When you install or upgrade a MOVEit Transfer system using the bundled MySQL Database, MOVEit Transfer installs the standard InnoDB storage engine for greater reliability and scale. Data migration to the new InnoDB scheme is automatic.

When you upgrade to MOVEit Transfer 2021.1 with the bundled MySQL Server, your database tables will be automatically upgraded to InnoDB. To successfully upgrade you must have free disk space on the database drive equal to at least three times the size of the current MOVEit Transfer database.

RESTful API Improvements

MOVEit Transfer 2021.1 adds new capabilities to its REST API.

For detailed information, see the MOVEit Transfer RESTful API reference guide.

REST API Feature


Update User Password.

New update capability to users endpoint. Org admins can issue a password reset based on current Org policy. If an org is configured to:

  • Send a new password. (When set as policy) MOVEit Transfer sends an auto-generated password notification and forces the user to change the password at sign-on.
  • Send a password reset notification. (When set as policy) MOVEit Transfer sends the user a privileged link to sign on to the system and define a new password.

PATCH /api/v1/users/{userId}

Request body example:

"password": "MayaKewl&UneeqP455w*rd",
"sendPasswordChangeNotification": "true"

Package Requirements Properties. (Updated for 2021.1.1)

We extended the packages/requirements endpoint.

This work extends current use cases and reveals values for download limits set by (or on behalf of) the current user. (If not set by sender, org limits apply.)

  • Download limit (maxAttachmentDownloads) reveals the per-attached-file download limit.
  • Absolute limit (defaultAttachmentDownloads) limits how many file downloads can occur for the current package.


Also added, attachment permission toggle values for the current user (sender).

  • allowAttachFiles
  • allowSendPackages

GET /api/v1/packages/requirements

Return object example:

"allowAttachFiles": true,
"allowChangeSecureNote": true,
"allowSendPackages": true,
"classificationTypes": [
"id": 0,
"orderIndex": 0,
"value": "string"
"defaultAttachmentDownloads": 20,
"defaultSecureNote": true,
"defaultUserPackageExpirationHours": 72,
"isClassificationFieldRequired": true,
"maxAttachmentDownloads": 8,
"maxUserPackageExpirationHours": 48

Easier to Deregister Token from External App. (Updated for 2021.1.1)

A new DELETE verb allows simple deregistration for external application tokens.

DELETE /api/v1/users/self/externaltokens

Request body example:

"token": "47cb95ef-5af3-4fb5-94f8-e76e6f7ac897",
"type": "MicrosoftOutlook"

Fixed Issues

This section outlines issues tracked and fixed by the MOVEit product team for the 2021.1 release. Not all changes suggested by customers or uncovered in usability testing are tracked as issues or defects. See the What's New section for a broader view of these improvements.



Fixed Issue



Enhanced data handling scoping operations based on periodic security testing.



Added file check for customized schemes. .



Fixed upload Window language behavior.


Account Creation

Fixed issue so switching org auth to external will follow org policy for password setup.


Config Utility

Fixed issue that limited MySQL password length.


WebUI (Admin)

Fixed paging issue for expiration policies page.


WebUI (GroupAdmin)

Fixed exception handling for Folder Settings page.



Fixed Custom Report run report output format behavior.



Fixed issue where detecting a non-default logs directory caused issue for upgrade scenario.


Scheduled Tasks

Fixed a write-to log issue for syncLDAP process.



Refactored license count warning to ignore TempUser count.



Fixed issue where end-user could not access default home in WebUI when AdHoc functionality switched off.


Remote Filestore

Refined condition for UNC mount failure scenario.



Virtual folders present option to upload to subfolders without permission.


Installer (upgrade)

Fixed exception handling of TimeEnded value for Taskruns table.


User Settings

Fixed recipient limit for Temp users.


Mulesoft Connector

Fixed timeout for large files.



Refined file notification behavior to include copied files.



Fixed "no attachment" pop-up warning for Ad Hoc packages.



Admins can't share folder with email address only when AdHoc enabled.



Fixed out-of-memory error for large file uploads.


Transfer Server

Implemented best practices for Content-Security-Policy.


Large File Stores

Fixed incorrect reports of missing files.



Fixed exception handling for flush to file operation.



Fixed out-of-memory exception that could happen using resumable upload and AV/DLP scanners are configured.



Fixed issue resulting in URI destination mismatch for case where federated identity provider requires the URI to include a port value even when it is the well-known default.



Fixed issue where certain collapsible controls were not accessible using keyboard navigation.



Fixed issue where a group user list displayed to a GroupAdmin could be incomplete.



Updated MySQL server distribution to latest recommended version.



Added name=transaction attribute value to example syntax in Single Sign-on Integration section of the Admin Guide.



Limited GroupAdmin password policy to members of their group (not including the GroupAdmin user).



Fixed vulnerability based on NIST CVE-2020-27511R



Fixed/improved the response delay observed when canceling an upload.

Fixed Issues in 2021.1.1

This section outlines issues tracked and fixed by the MOVEit product team for the 2021.1.1 maintenance release. Not all changes suggested by customers or uncovered in usability testing are tracked as issues or defects. See the What's New section for a broader view of these improvements.



Fixed Issue


MySQL Bundle
(if used)

The current installer upgrades the current MySQL database (if used) to 8.0.27. This version includes a critical patch for MySQL. For details, refer to Oracle's documentation (



Added library methods to protect passwords during install.


Upgrading to the latest version of MOVEit Transfer ensures that you have access to the latest features, fixes, security updates, and usability improvements.

If you have a support subscription, upgrades are free. For licensing information, you can read this MOVEit License FAQ.

Get the Installer and Activation Code

To get a MOVEit installer package:

  1. Log in to the Progress Customer and Community portal and select Product Downloads.
  2. Download the product package.

    When you get your MOVEit product package from your Progress Community page, the activation code is embedded in the download file and is automatically applied during installation.

    The activation code is also stored in your Progress Community product page for reference.

  3. Before you run the upgrade installer.
    • Review Upgrade Guidelines. They identify useful tips and guidelines for existing MOVEit Transfer or MOVEit DMZ users.
    • It is a good idea to copy and save your current product serial number. This Progress knowledge base article explains how to find it.

Upgrade Paths

MOVEit Transfer 2021 supports "direct upgrade" (upgrade by way of running the MOVEit Transfer installer) for existing MOVEit Transfer 2019 (11.0.0) and newer.

Use the Upgrade Path table to find out how you can move earlier or legacy versions to MOVEit Transfer 2021.

Your Older MOVEit Transfer Version

Upgrade Path

MOVEit Transfer 2019 (11.0.0) or newer

Use Upgrade mode in MOVEit installer:

MOVEit Transfer 2018 PLUS SP2 (10.2) and older

If you are running a version that is out of date or close to being out of date, you can:

  • Upgrade to a supported version such as 2019 (running the 2019 installer in upgrade mode), and then...
  • Use the latest installer to upgrade 2019 to 2021.

    Check the Product Lifecycle page --upgrade to the latest version of MOVEit Transfer if your product version is close or past its End of Life (EoL) or sunset milestones.

Upgrade Considerations

Logs Directory for Web Farm Upgrade

When you upgrade a MOVEit Transfer Server node, ensure that the local logs directory defined in the Web Farm install configuration for all nodes already exists (or create one on each node). If the installer does not find this local logs directory, it will return a failure message and halt during the Web Farm scale-out process.

MySQL Database Deployments

When you run the MOVEit Transfer installer in an upgrade scenario on a MOVEit Transfer deployment using MySQL, the installer upgrades existing MySQL 5.7 servers to MySQL 8.x.

Any custom schema, tables, and fields (if applicable) must be backed up

It is best practice to backup any customizations before you run the MOVEit Transfer installer. MOVEit Transfer database schema customizations are not supported. If you change the name or add schema, indexes, or tables, the MOVEit Installer will not expect these manual changes and attempt to revert them.

Reset tamper check for logs

If you have logs that include data from before and after a software upgrade, tamper check verification shows false positive tamper errors when verifying the logs.

To prevent this situation, do the following when upgrading MOVEit DMZ software to MOVEit Transfer 2017 (and later).

  1. Before you upgrade, manually start the MOVEit DMZ Log Tamper Check program from the Start menu.
  2. Immediately after you upgrade:
    • Sign-on as System Administrator. Click SETTINGS.
    • In the System section, Tamper Detection row, click Reset All Orgs.
  3. Click Reset Tamper Detection Data.

Upgrading to a release with Secure Folder Sharing (a post upgrade task is necessary)

If you upgrade your MOVEit Transfer installation with a version that enables Secure Folder Sharing, this feature set will be initially set to off. After the upgrade, as sysadmin user, you can apply the Secure Folder Sharing feature set selectively in Org Profile Settings. As sysadmin, you can apply these settings on an org-by-org basis.

Enable org UI Security Settings to Allow Secure Folder Sharing Feature Set (needed for upgrade installations)

Learn more...

System Requirements

MOVEit Transfer requires certain software and hardware to ensure correct operation.

MOVEit Transfer Server Requirements

These requirements apply to the supporting environment and operating system where you install MOVEit Transfer server.

Before you attempt to install MOVEit Transfer server, ensure your Windows server has the latest service packs and required updates installed.

Hardware Requirements

Minimum server requirements

  • Four-core server-class CPU (For example: Intel Xeon 4-core 2+GHz)
  • 8 GB RAM
  • 250 GB or larger free disk space, depending on workload
  • Gigabit Ethernet (GigE) Interface.

Typical server requirements

  • Eight-core CPU.
  • 16 GB RAM.
  • Hard drive capacity of 1TB (SAS) is common.
  • Free disk space should be sized based on the system log, task logs, and the expected number of concurrent active users and transfers.
  • Using SSD or other high-performance disk will improve performance.
  • GigE or better network interface card.

Note: MOVEit Transfer requires a dedicated server machine or hypervisor. Do not install MOVEit Transfer on a machine that has other applications installed.

Software Requirements

MOVEit Transfer server requires the following software.

Supported Operating Systems for MOVEit Transfer

  • Windows Server 2019
  • Windows Server 2016

.NET Framework

MOVEit Transfer requires .NET 4.7.2. If the server does not have Internet access, you must install .NET by other means before you run the MOVEit Transfer installation program.

Windows Server 2019 comes with .NET 4.7.2.

Supported Databases

MOVEit Transfer requires one of the following database platforms:.

  • MySQL 8 (included in the MOVEit Transfer installation)
  • Azure SQL Database
  • Microsoft SQL Server 2019 Enterprise/Standard
  • Microsoft SQL Server 2017 Enterprise/Standard
  • Microsoft SQL Server 2016 Enterprise/Standard
  • Earlier versions (not supported)

It is best to run the MOVEit Transfer Server and the database it connects to in the same time zone. Otherwise, security features like multi-factor authentication for sign-on as well as secure connection protocols used between the services will not function.

You can create an Azure SQL database using the Azure Management Portal. See the upgrade and migration section for instructions on how to migrate your current database to Azure SQL.

Compatible Third-Party AV/DLP Engines

The following major anti-virus (AV) and data loss prevention (DLP) engines are reviewed for compatibility with MOVEit Transfer.

AV Engines (some with AV/DLP)

Anti-Virus Scanner

Latest Version Reviewed

McAfee VirusScan Enterprise

Last reviewed version

McAfee VirusScan Enterprise for Storage (VSES)

Last reviewed version 1.3

McAfee Endpoint Security

Last reviewed version

McAfee Web Gateway

Last reviewed version 9.29 (36018)

Sophos Anti-Virus Dynamic Interface (SAVDI) scanner

Last reviewed version: 2.6

Sophos for Network Storage

Last reviewed version:

Symantec Protection Engine

Last reviewed version

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) *

Last reviewed:

  • A/V Pattern: 16.615.00
  • A/V Scan Engine: 12.5.100

DLP Engines

Data Loss Prevention Scanner

Latest Version Reviewed

McAfee Web Gateway*

Last reviewed with version 9.29 (36018)

Symantec DLP Suite

Last reviewed with version 15.x*

*DLP Blocked responses require additional configuration for some scanning engines such as McAfee and Symantec.

TLS Certificate

For use in production environments of the MOVEit Transfer Server, you should install a certificate from a trusted certificate authority. Apply the trusted certificate during installation or through the configuration utility.

Email Server (for notifications)

MOVEit Transfer needs an SMTP server to relay package notifications, account notifications, and other user messages. You will be asked for an SMTP server and credentials during the install process.

If you do not have email server information at the time of install, you can use the MOVEit Transfer Configuration Utility to add this information. For more information, see the MOVEit Transfer Admin Guide.

Browser Support

Supported Web Browsers

  • Chrome
  • Mozilla Firefox
  • Microsoft Edge
  • Safari

Other browsers might work with MOVEit Transfer but are not officially supported.

Additional Clients

MOVEit Mobile

MOVEit Mobile is available for the following devices:

  • iOS (Apple devices). Available for download in the Apple App Store.
  • Android (Android OS devices). Available for download from Google Play.

MOVEit Client

All current versions of the MOVEit Client are supported. Older versions will work with limited feature capabilities. Download the latest versions from the MOVEit Products page.

Legacy Outlook Plug-in (Ad Hoc)

  • Outlook Client:

    Outlook 2016 (English, German, French, Japanese, Simplified Chinese, Spanish and Traditional Chinese)

    Outlook 2013 (English, German, French, Japanese, Simplified Chinese, Spanish and Traditional Chinese)

    Outlook 2010 (32-bit and 64-bit English, German, French, Japanese, Simplified Chinese, Spanish and Traditional Chinese)

  • Mail or Exchange Server:

    Ad Hoc Transfer Plug-in for Outlook is compatible with a variety of mail servers, such as Exchange Server 2013, Exchange Server 2010 (32-bit and 64-bit English and German), or Progress IMail 11 (using SMTP). When Outlook & Exchange are used together, Cached Exchange Mode is supported but is not required.

  • Operating System:

    Microsoft Windows 10, Microsoft Windows 8, Windows 7 (32-bit and 64-bit English, German, French, Chinese Simplified, Chinese Traditional, Japanese)

Known Issues

This section outlines known issues and typical workarounds for MOVEit Transfer.



Known Issue in MOVEit Transfer



After you upgrade a MOVEit Transfer server to 2020 that leverages the legacy mobile server, if you subsequently uninstall only MOVEit Transfer, the next time you run the installer the Modify option displays but no real modify-install scenario exists. You will not be able to complete the MOVEit Transfer install process.


To run the installer successfully, you will need to uninstall the deprecated MOVEit Mobile Server manually. Then you can re-run the MOVEit Transfer Installer.



Some virtual folder operations do not extend to the REST API.


For full parity, use the WebUI or MOVEit Automation.


Key Rotation

If disk capacity is less than the largest file in your filestore and you run key rotation, your key rotation process will fail to convert that file.


Key Rotation

Key rotation functionality does not extend directly to environments that use Azure Blob Service for their filestore.


Azure Storage has its own encryption scheme and key management infrastructure.


Outlook Add-In

If Internet Explorer is configured with Enhanced Security Configuration (ESC) and you run MOVEit Add-in for Outlook (Ad Hoc), the add-in pane fails to load. For example, this issue might occur if you run MOVEit Add-in for Outlook (Ad Hoc) with older versions of Windows that still include Internet Explorer. (Note that Windows Server enables IE ESC by default.)


Run the MOVEit Add-in for Outlook (Ad Hoc) from a machine that does not bundle Internet Explorer, such as a non-server version, or add the resource needed by MOVEit Add-in for Outlook (Ad Hoc) to launch as a trusted site. You can also disable IE ESC.

Licensees and Evaluators

For more information, please check our:

Copyright Notice

© 2022 Progress Software Corporation and/or one of its subsidiaries or affiliates. All rights reserved.

These materials and all Progress® software products are copyrighted and all rights are reserved by Progress Software Corporation. The information in these materials is subject to change without notice, and Progress Software Corporation assumes no responsibility for any errors that may appear therein. The references in these materials to specific platforms supported are subject to change.

Chef, Chef (and design), Chef Infra, Code Can (and design), Compliance at Velocity, Corticon, DataDirect (and design), DataDirect Cloud, DataDirect Connect, DataDirect Connect64, DataDirect XML Converters, DataDirect XQuery, DataRPM, Defrag This, Deliver More Than Expected, DevReach (and design), Icenium, Inspec, Ipswitch, iMacros, Kendo UI, Kinvey, MessageWay, MOVEit, NativeChat, NativeScript, OpenEdge, Powered by Chef, Powered by Progress, Progress, Progress Software Developers Network, SequeLink, Sitefinity (and Design), Sitefinity, Sitefinity (and design), SpeedScript, Stylus Studio, Stylized Design (Arrow/3D Box logo), Styleized Design (C Chef logo), Stylized Design of Samurai, TeamPulse, Telerik, Telerik (and design), Test Studio, WebSpeed, WhatsConfigured, WhatsConnected, WhatsUp, and WS_FTP are registered trademarks of Progress Software Corporation or one of its affiliates or subsidiaries in the U.S. and/or other countries.

Analytics360, AppServer, BusinessEdge, Chef Automate, Chef Compliance, Chef Desktop, Chef Habitat, Chef WorkStation, Corticon.js, Corticon Rules, Data Access, DataDirect Autonomous REST Connector, DataDirect Spy, DevCraft, Fiddler, Fiddler Everywhere, FiddlerCap, FiddlerCore, FiddlerScript, Hybrid Data Pipeline, iMail, JustAssembly, JustDecompile, JustMock, KendoReact, NativeScript Sidekick, OpenAccess, PASOE, Pro2, ProDataSet, Progress Results, Progress Software, ProVision, PSE Pro, Push Jobs, SafeSpaceVR, Sitefinity Cloud, Sitefinity CMS, Sitefinity Digital Experience Cloud, Sitefinity Feather, Sitefinity Insight, Sitefinity Thunder, SmartBrowser, SmartComponent, SmartDataBrowser, SmartDataObjects, SmartDataView, SmartDialog, SmartFolder, SmartFrame, SmartObjects, SmartPanel, SmartQuery, SmartViewer, SmartWindow, Supermarket, SupportLink, Unite UX, and WebClient are trademarks or service marks of Progress Software Corporation and/or its subsidiaries or affiliates in the U.S. and other countries. Java is a registered trademark of Oracle and/or its affiliates. Any other marks contained herein may be trademarks of their respective owners.

This document was published on Friday, January 21, 2022 at 10:39