Enhancing MetaDefender threat detection with Threat Intel

Multiscanning is the process of performing static analysis with a number of anti-malware engines in order to increase the chances of malware detection in files, because no single engine can detect all the malware in the world. The world is seeing more more malware as time goes by, and the amount of malware is growing in an exponential rate.

OPSWAT MetaDefender comes with a variety of different anti-malware engines which can be customized based on client needs and desires. When scanning files, sometimes only a small number of engines will detect the file as being infected, in which case a decision regarding file integrity is hard to take. It might be the case that this file is falsely marked as being infected by one of our engines, or it might be that the file is a new type of malware just released in the wild and only a few of our engines have come in contact with it. In either case, our Threat Intelligence comes in handy!

What is Threat Intelligence?

Threat Intelligence is a new feature available starting with MetaDefender version 4.14.0. It allow users to upload files to MetaDefender Cloud for scanning with a large number of engines

How does Threat Intelligence work?

Every workflow rule can be configured to send infected files to a special section called quarantine. The quarantine is a dedicated space for infected files, a place where the malware detected is pinned for future reference and where Threat Intelligence is performed. See this page on how to enable sending files to quarantine for a workflow.

When scanning an infected file which ends up in the quarantine section, MetaDefender users have the ability to request another analysis report from MetaDefender Cloud.  

The file is automatically uploaded and scanned, and the results are displayed when clicking on the file and selecting the "Threat intelligence results" tab:


How do I enable Threat Intelligence?

First of all, you need to make sure you have the "Threat Intelligence" technology licensed and enabled on your activation key. If it is enabled, you can find it in the "Technologies panel:

To enable it, please go to your portal account and grab your MetaDefender Cloud apikey, then click on "Threat Intelligence" -> "Settings" and paste your apikey:

Now you have the option to upload every quarantined file to MetaDefender Cloud, either manually or automatically. 

For more details on how to configure "Threat Intelligence" please visit our quarantine documentation page.

 


Sign up for Blog updates

Get information and insight from the leaders in advanced threat prevention.