Domains Contacted During Installation
During the installation of MetaDefender Sandbox (previously known as OPSWAT Filescan Sandbox), the following domains will be contacted. Please note that this may change over time.
| Domains | Purpose |
|---|---|
| api.metadefender.com | MetaDefender Cloud Reputation API |
| Microsoft Container Registry and repository for .NET packages - Used by the Powershell emulator | |
| Repositories of Ubuntu and Debian packages (can be any regional or local mirror) - Used directly for Ubuntu installations and used in Docker containers for both Ubuntu and RHEL installs | |
| Used for Docker installation and downloading base images for Sandbox components | |
| Python package repositories - Used when building the Docker image for the Sandbox webservice component | |
| Fedora’s geographically optimized mirror server that hosts Fedora packages | |
| Used for downloading phishpedia package from artifact.sandbox-prod.metadefender.com - Required for phishing detection ML model | |
| Used for downloading Google Chrome - Required for URL rendering in the Sandbox transform Docker container | |
| github.com | Used for getting YARA rules from OPSWAT fsYara repository: https://github.com/filescanio/fsYara |
| Used for basic connectivity check | |
| NTP and time servers | |
| pki.goog | Google Public Key Infrastructure |
| playwright.azureedge.net | Used for installing playwright in the Sandbox webservice docker image |
| rhui.us-west-2.aws.ce.redhat.com | RHEL package repository (can be any regional or local mirror) |
Was this page helpful?