A Message About the Kaspersky Ban and How It Affects OPSWAT Metadefender

Kaspersky Lab Logo

OPSWAT's reputation was built on our excellent relationships with the anti-malware community. We've integrated and certified security products, especially anti-malware applications, for the past 15 years. Our leading product, MetaDefender, launched over 10 years ago and includes a core feature, multi-scanning, which embeds a large part of the IP of the anti-malware community.

Recently there was a presidential order to remove any deployment of Kaspersky Lab from any federal department and agency. Kaspersky is one of the top players in the OEM anti-malware space and is the backbone of many important and mission-critical cyber security solutions.

According to one of our recent market share reports, 4.5% of the market uses Kaspersky. Millions of people use Kaspersky products for signature- and heuristic-based threat detection, and Kaspersky has protected these users against billions of threats.

I would like to take this opportunity to send a clear message that we stand behind our product and our relationship with Kaspersky. We do have a Kaspersky OEM agreement that allows us to use their anti-malware SDK in our MetaDefender product offering as part of our Enterprise 16 engines package.

Since we're leveraging the SDK, we have a lot of flexibility in fine-tuning the integration. Each engine is deployed in its own isolated environment, and it will not "ping home."

Many malware engines allow a "hash lookup" in their cloud environment to double-check potential false positives. This method improves the detection and reduces false positives. However, all of the SDKs that we've integrated have that feature disabled, along with other calls outside their scope. MetaDefender makes the calls for signature updates and maintains and deploys those updates.

When it comes to government and federal organizations, our solutions can be used offline and in air-gapped environments, where it's physically impossible to report any data back to the engine supplier. Even if MetaDefender is deployed in an online environment to facilitate automatic signature updating, the individual engines we integrate would still have no outbound access to the outside world.

It's important to unite in combating country-backed cyber crime, and the intelligence that a solution such as Kaspersky brings to the table is priceless. We should embrace and respect all security solutions. It's about the greater picture, and it's about having all the possible tools in hand when deciding if you can trust the terabytes of data flowing throughout your network.

Unfortunately, the decision has already been made to ban Kaspersky, and we need to respect that decision. To our customers in the public sector, I understand and share your concerns. To comply with the presidential order, it won't be enough just to disable Kaspersky within MetaDefender. The order requires the removal of any trace of Kaspersky from the servers. For that, feel free to reach out to our Customer Success team for guidance, or review the step-by-step instructions listed on our knowledge base, How Do I Remove an Engine?

Additionally, I recommend leveraging OPSWAT MetaAccess, our cloud-based access control solution that helps organizations enforce endpoint compliance and prevent contamination of cloud applications by blocking potentially compromised or noncompliant devices from accessing SaaS applications.

OPSWAT MetaAccess Screenshot

Click image to expand

Lastly, I'd recommend that you visit https://www.MetaDefender.com/reports/statistics#!/1, where we emphasize the value of multi-scanning. The report shows how OPSWAT MetaDefender Core packages can detect top-listed threats. As more scan engines are added, more of the top threats are detected, indicating the value added with each MetaDefender Core Packages increment.

Sign up for Blog updates

Get information and insight from the leaders in advanced threat prevention.