Why is my Excel document not showing hidden sheets after Deep CDR sanitization?

This article applies to all MetaDefender Core releases deployed on Windows and Linux systems.

Overview

When processing Excel documents with OPSWAT MetaDefender Core Deep CDR (Content Disarm and Reconstruction), users may notice that hidden sheets are missing from the sanitized output. This behavior is expected and depends on both the file format and the Deep CDR configuration settings.

Cause

The Deep CDR engine currently supports the removal of hidden sheets only for Excel files in the .XLS format (legacy Excel format). During sanitization, hidden sheets in .XLS files are detected as embedded objects. When the configuration setting remove_embedded_object is enabled in the Excel section of the Deep CDR policy, these hidden sheets are automatically removed as part of the sanitization process.

This is done to ensure that no potentially malicious or hidden content remains in the file.

Example

For example, if an .XLS file contains a hidden sheet, and the Deep CDR configuration has the default remove_embedded_object setting enabled, the hidden sheet will be removed from the sanitized file.

How to Keep Hidden Sheets

If you need to preserve hidden sheets during sanitization, you can modify the Deep CDR configuration:

  • Open your Deep CDR configuration file or navigate to the Excel section in your MetaDefender Core policy settings.
  • Locate the following setting: “"remove_embedded_object": true”
  • Change it to: “"remove_embedded_object": false”
  • Save the configuration and reprocess the file.

With this change, the Deep CDR engine will no longer remove hidden sheets, and they will be preserved in the sanitized output.

Important Notes

  • This behavior applies only to .XLS files.
  • For modern Excel formats such as .XLSX, hidden sheets are not currently modified or removed by the Deep CDR engine.
  • Always ensure that disabling embedded object removal aligns with your organization’s security policy, as it may increase the risk of allowing hidden or embedded malicious content.

If Further Assistance is required, please proceed to log a support case or chatting with our support engineer.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
What can I do when MetaDefender Core (Windows) has an insufficient disk space error?
On This Page
Why is my Excel document not showing hidden sheets after Deep CDR sanitization?OverviewCauseExampleImportant Notes