OPSWAT MetaDefender Core has achieved Common Criteria EAL4+ (Evaluation Assurance Level 4+) certification, providing organizations with independent, third-party validation of the advanced threat detection and prevention platform for trusted file workflows.
MetaDefender Core is a platform with a broad scope of use: a multi-layered architecture with a customizable workflow engine and REST and ICAP integration that organizations deploy across on-premises, cloud, and air-gapped environments.
This certification provides organizations with independent, third-party validation that MetaDefender Core meets the requirements of one of the most widely recognized security evaluation frameworks available.
Understanding Common Criteria EAL4+ and What the Certification Covers
Common Criteria is an internationally recognized framework governed by ISO/IEC 15408, applied across 31 member nations, for independently evaluating the security properties of IT products. The EAL scale runs from 1 to 7, with EAL4+ representing one of the highest levels achievable for commercial products. At this level, independent accredited laboratories conduct methodical design analysis, independent vulnerability testing, documentation review, and functional security assessment. The “+” designation confirms that the product satisfies augmented requirements beyond the standard EAL4 baseline.
For a hardware product, the scope of evaluation is bound by physical components and firmware. For MetaDefender Core, the evaluation scope encompasses the platform's full processing pipeline: file ingestion, format detection, content analysis across layered technologies, reconstruction logic, output validation, workflow execution, and the API layer through which systems and applications interact with the platform.
Scope of Evaluation
Hardware appliance certifications validate a contained, purpose-specific attack surface. MetaDefender Core's EAL4+ validates a complete, multi-engine software processing pipeline that organizations integrate into their own products, workflows, and infrastructure, making it one of the most demanding and meaningful software certifications in the file security category.
For IT Directors, Compliance Officers, Legal Counsel, and C-Suite leaders evaluating vendor security claims, this distinction matters enormously. EAL4+ on a software platform means the independent assessment covered not only what the product does, but how it does it — including the design integrity of its security logic, the robustness of its API implementation, and the reliability of its output across every supported file type and deployment mode.
What the EAL4+ Evaluation Assessed
The EAL4+ evaluation assessed MetaDefender Core's layered architecture as a unified platform. The following technologies and capabilities were included in scope.
Predictive AIin AI
AI-Predictive Threat Detection
Applies machine learning models to analyze file attributes and structural patterns, identifying characteristics associated with malicious content that has not been previously catalogued. Predictive Alin AI extends detection coverage beyond known threat signatures by assessing the probability of malicious intent based on learned file behaviors, enabling the platform to surface threats that have not yet been identified by traditional detection approaches.
Deep CDR™ Technology
Content Disarm and Reconstruction
Recursively sanitizes more than 200 file types by removing all potentially malicious content — scripts, macros, embedded objects, and out-of-policy elements — and regenerating fully functional, safe files. Deep CDR™ Technology is detection-agnostic: it neutralizes threats it has never encountered before, including zero-day attacks, by operating on file structure rather than threat signatures. Certifying a reconstruction-based prevention mechanism at EAL4+ independently validates an entirely different class of security logic.
Metascan™ Multiscanning
30+ Concurrent Anti-Malware Engines
Simultaneous scanning using more than 30 leading anti-malware engines achieves greater than 99% malware detection coverage across signatures, heuristics, and machine learning models. The EAL4+ evaluation covered the coordination layer that manages concurrent engine dispatch, result aggregation, and policy application — not merely the individual engines themselves.
Adaptive Sandbox
Emulation-Based Behavioral Analysis
Emulates file behavior to surface indicators of compromise across unknown and zero-day scenarios, delivering results 10x faster than traditional sandbox approaches. The evaluation assessed the platform's ability to accurately identify threat-relevant behaviors across evasive file types and obfuscated payloads.
File-Based Vulnerability Assessment and SBOM Generation
Identifies exploitable vulnerabilities within file contents and generates Software Bill of Materials inventories for software packages, open-source components, and binary artifacts. This capability provides software supply chain transparency and pre-deployment risk analysis directly within the file inspection workflow.
True File Type Detection and Country of Origin Analysis
AI-based file type identification prevents file spoofing and malware evasion through misrepresented extensions. Country of Origin and vendor detection enables organizations to enforce geopolitical trust policies and flag files sourced from restricted or untrusted jurisdictions, directly within automated inspection workflows.
Custom Workflow Engine and REST / ICAP API Surface
Organizations configure custom file-handling policies that orchestrate any combination of the above capabilities in sequence, applying differentiated rules by file type, source, destination, or risk classification. The REST and ICAP API layer through which third-party applications access the platform was evaluated as part of the overall security architecture, covering access control, input validation, and response integrity.
EAL4+ Assurance Extends to How MetaDefender Core Is Deployed
MetaDefender Core is deployed both as a standalone platform and as an integrated component within broader environments through REST API and ICAP. Organizations, software vendors, and managed service providers rely on it as part of their own security workflows and product architectures.
When a healthcare application integrates MetaDefender Core to inspect file uploads, the file inspection capability in use is now EAL4+ certified. When a financial services organization uses MetaDefender Core to support DLP compliance on outbound attachments, the underlying logic has been independently assessed. When a government agency deploys MetaDefender Core at an IT/OT boundary, that deployment rests on a platform that has been evaluated to EAL4+ standard.
Certification That Travels With The Platform
EAL4+ certification for MetaDefender Core means that the organizations who embed it inherit certified security assurance throughout their own products and workflows without conducting their own evaluation.
This inherited assurance is directly relevant for software providers who embed file inspection into their platforms, Managed Security Service Providers who deliver file security as a service, DevSecOps teams who gate CI/CD pipelines using MetaDefender Core's API, and system integrators who deploy file inspection capabilities on behalf of regulated clients. In each of these contexts, the EAL4+ certification provides documented, third-party evidence that the embedded security engine meets global standards — an argument that cannot be made with vendor claims alone.
| Framework | Relevant Obligation | Certified Core Capability |
|---|---|---|
| GDPR | Technical safeguards for processing personal data; data minimization; breach prevention | Proactive DLP · Deep CDR™ Technology · Audit Logging |
| HIPAA | Protection of PHI in electronic transmissions; access controls over file systems containing health data | Proactive DLP · Multiscanning · SIEM Integration |
| PCI DSS | Malware protection for file-handling systems; monitoring of data leaving cardholder environments | Multiscanning · DLP · Country of Origin |
| NIST CSF | Detect, respond, and recover functions for file-borne threats; supply chain risk management | Adaptive Sandbox · SBOM · Vulnerability Assessment |
| CMMC | Malicious code protection; audit log generation; supply chain risk assessment for defense contractors | Multiscanning · Deep CDR™ Technology · SBOM · Audit Logs |
A Certified Platform for Regulated and High-Security Environments
OPSWAT has invested significantly in independent certification because the organizations that rely on MetaDefender Core — including financial services, defense, government, and critical infrastructure — cannot base security decisions on vendor promises. They require evidence that independent evaluators have challenged, tested, and validated every security claim.
The certification covers the layered technologies that analyze, detect, and prevent file-borne threats before they reach the security perimeter, across every channel and deployment mode MetaDefender Core supports.
For organizations that need more than vendor assurances when evaluating their advanced threat prevention platform, MetaDefender Core's EAL4+ certification provides the independent, documented evidence that supports that decision.
