MD Core Sandbox Engine Features

MetaDefender Sandbox technology is available as part of an integration with MD Core. The integration is available with two different engine types: embedded and remote sandbox engine (with full reporting). The embedded engine is deployed with MD Core, similar to other engines (CDR/DLP). The remote engine requires a side-by-side installation of the full standalone sandbox platform.

Feature

Embedded Engine

Remote Engine

MetaDefender Core: Installation OS

Windows, Linux

Windows, Linux

MetaDefender Sandbox: Installation OS


Ubuntu (Linux)

File parsers

Yes

Yes

Second-stage file downloads

No

Yes

File certificate validation

Yes

Yes

Image text analysis (OCR)

No

Yes

Microsoft Office file emulation

Yes

Yes

Powershell script emulation

No

Yes

URL emulation (ML based phishing detection)

No

Yes

Fuzzy hash lookup

Yes

Yes

Google safe browsing

No

Yes

OPSWAT reputation lookup

Yes

Yes

YARA pattern matching

Yes

Yes

Note: for a full list of engine features of the MetaDefender Sandbox standalone product, then visit here.