Integrating Deep CDR Analysis Mode
This article applies to MetaDefender Core 5.12.1 (or higher) and Adaptive Sandbox 2.1.0 (or higher) releases deployed on Windows or Linux systems.
Improving file analysis using Deep CDR Analysis mode
The file analysis can be improved by integrating Analysis mode of Deep CDR to increase the amount of information available prior to scanning a file.
The Deep CDR Active Content trigger for Adaptive Sandbox can be used to run scans based on Active Content found by Deep CDR, increasing the control over which files are sent to Sandbox. Why does this matter? Enabling exposure of the sandbox engine to files regardless of the Metascan AV engine results in true zero-day detection in a scalable fashion.
Setup Deep CDR Analysis mode
If you prefer to retain your files without modifications while still leveraging the benefits of CDR integration, enable the CDR Analysis Mode. For more information, visit the Deep CDR analysis mode page.
Enable Deep CDR for archives
To submit archives for processing, ensure that Deep CDR Archive Processing is enabled in the Archive Compression Engine Workflow Settings. Additionally, activate the required archive types for your use case. For detailed instructions, refer to the Deep CDR advanced configuration page.
Setup Adaptive Sandbox Deep CDR Active Content trigger
Under Workflow Management -> Workflows -> (Name of the workflow) -> Adaptive Sandbox -> Advanced configuration There is an option "Enable for Active Content(s) found by Deep CDR":
By default, every supported Active Content is selected, but it can be configured to best suit the current application.
If Further Assistance is required, please follow the instructions on How To Create a Support Package, then proceed to create a support case or chat with our support engineer.