Configuration Field Descriptions and Default Settings

The following table provides a brief description and default values for the Kiosk Configuration screen.

Basic Configuration

Configuration SettingDescriptionDefault ValueRange
Primary MetaDefender ServerURL of the primary MetaDefender server(Blank)
API KeyThe API Key of the primary MetaDefender server, if one is set(Blank)
Server is a load balancerIndicates that the primary server is a load balancer for MetaDefender If checked, the API key is disabledUnchecked
Periodically test Core servers every # hoursPeriodic interval in which Kiosk will send an eicar to test the Core server detection. An alert will be logged if no engines detect the eicar file.1 hour0 disables the periodic check Min: 1 hour
Backup ServerAdditional MetaDefender servers for the Kiosk to use if the primary is inaccessible (URL & API Key)Empty
Vault ServerVault servers to be used among different workflows (URL & Admin api key)Empty
Printer SetupSelect the color of the printing output: Black & White or ColorBlack & White
Side marginsLeft and right margin length Recommended settings: 3 for zebra printer 200 for laser jet30 or greater
Display the MetaDefender URL in the session printoutThe URL of the MetaDefender server (Core or Vault) used for a session will be displayed on the printoutDisabled
Include page numbersInclude the page number on each printed pageEnabled
Custom introduction messageAdd a special header message to the first page of the printoutDisabled
Custom logoAdd a logo image to the first page of the printoutDisabledRecommended max image size of 400 x 400
Save session log file to local systemEnables a session text/PDF log to be created at the end of a session in a location on the systemEnabled Logging directory: <kiosk install dir>\Client\Log
Save session log file to processed mediaEnables a session text/PDF log to be created at the end of a session on the media processedDisabled If enabled, the log will be saved to the root of the media
Save as Text File / Save as PDFSpecifies whether the session log file will be a text or PDF fileText file
Display the MetaDefender URL in the session logThe URL of the MetaDefender server (Core or Vault) used for a session will be displayed in the log fileDisabled
Wipe MethodSpecifies which wipe options to display to the user Format 1 pass wipe 3 pass wipe 7 pass wipeAll wipe methods shown0,1,3,7 pass wipe
Exit PasswordRequire password when terminating the Kiosk UI (ALT + F4)Disabled
WatchdogCustom action watchdog that will run when the Kiosk UI is unexpectedly terminated Do nothing Restart MetaDefender Kiosk Log out of Windows Lock Windows Restart WindowsRestart Windows
Export Session HistoryEnables auto export of session history (in CSV)Disabled
Export File HistoryEnables auto export of files history (in CSV)Disabled
FrequencyInterval between history exports1 hourMin: 1 hour Max: 365 Days
Export PathDirectory where the history will be exported to(Blank - <kiosk install dir>\Client\Log)
User authenticationRequires users to provide login credentials when starting a Kiosk sessionEnabled
NoneNo AD server used for logging in usersDisabled
Windows user loginEnables users to log in against the same domain the system is on and the local systemEnabled
  • Restrict to domain users
Only allow users to enter authentication information for the domain; local system users deniedDisabled
Remote Active DirectoryEnables the use of authenticating to remote AD serversDisabled
  • Server address
The url of the AD server(Blank)
  • Username
Username to connect to the AD server(Blank)
  • Password
Password to connect to the AD server(Blank)
  • SSL
Enables the use of SSL communicationDisabledIf a port is not specified in the server address, the default port used is: Enabled: 636 Disabled: 389
Default loginEnables authenticated users not assigned to any workflow to use KioskEnabled
Guest loginEnables users with no authentication credentials to use KioskEnabled
Custom AuthenticationEnables using your custom authentication module for verifying a user's log in

Disabled

(Hidden until authenticationModule.dll exists in <install dir>\Client\Authentication)

  • Use Kiosk UI to obtain login credentials
Kiosk username prompt will be used instead of requiring the custom auth module to display a UI to obtain user informationDisabled
  • Prompt for a password
Kiosk password prompt will be usedDisabled
Enable (image media)Enables an image of the inserted media to be taken with the FTK Imager configuredDisabled
FTK Imager PathThe full path to the FTK Imager executable that handles imaging the media (ftkimager.exe)(Blank)
Image TypeThe image type FTK will outputRAW/DD
Fragment SizeThe size of chunks the image will be separated into1 GB0 disables fragmenting the image Min: 1 Max: 1024 (Min\Max per unit: KB - TB)
Compression LevelThe compression applied to the image0Min: 0 (no compression) Max: 9 (best compression)
Encrypt with passwordEnables the image to be encrypted with a password. The password is the name of the user logged in to the session and the id of the session: "<username><sessionID>"Disabled
Encryption certificate path

The full path to a X.509 certificate to encrypt the image with. Supported certificate formats:

  • PKCS#12 / PFX (*.p12, *.pfx)
  • PEM (*.pem)
  • Stand-alone public key only (*.cer, *.crt, *.der)
(Blank)
Vault ServerVault entry to upload the image to(Blank)
DirectoryDirectory to upload the image to(Blank)

Advanced Configuration

Configuration SettingDescriptionDefault ValueRange
Max number of parallel scansMaximum amount of concurrent process requests Kiosk will make to a MetaDefender server200 or greater
Max number of retries when Metadefender Core is too busyMaximum amount of retries that Kiosk will attempt on a file when the Core server notifies that it is too busy to handle new requests Once the maximum amount of retries is reached for a file, the session will be canceled00 for infinite 100 or greater
Boot sector processingAllows processing of the first 512 bytes of an input media's partitions\disks. When enabled, these boot sector files can be selected during browse or are automatically included when 'Process All' is selected. Boot sector files cannot be included in file handling operations at the end of a session.Enabled
Display warning for network errorsDisplay a warning to the user regarding network issues with the Core server while files are being processedEnabled
Allow decryption of encrypted archivesAllows you to input passwords when encrypted archives are detectedEnabled
Allow user to skip entering a password for McAfee Encrypted USBIn the case that a McAfee encrypted drive is set to unlock via other means instead of a password, a user can skip entering a passwordDisabled
Skip processing locked system filesEnables skipping of system files on media that Core cannot access and will typically result in a failed scanDisabled
Continue processing media with inaccessible contentAction to take when media has deeply nested directories that Kiosk cannot accessDisabled
Mount and scan Virtual Hard DisksAllow processing of the contents within an VHD\VHDX fileDisabled
  • Scan original Virtual Hard Disks
Enables sending the entire VHD\VHDX file to MetaDefender after all contents have been processedEnabled
Mount and scan Virtual MachinesAllow processing of the contents within a VMDK file Only VMDK with Windows file systems are currently supported.Disabled
  • Scan original Virtual Machines
Enables sending the entire VMDK file to MetaDefender after all contents have been processedEnabled
Mount and scan Acronis disk backupsAllow processing of the contents within an Acronis disk backupDisabled
  • Scan original Acronis disk backups
Enables sending the entire Acronis disk backup to MetaDefender after all contents have been processedEnabled
Acronis Executable PathThe full path to the Acronis executable that handles mounting the disk backup (acrocmd.exe)(Blank)
Heuristic File Type DetectionKiosk will heuristically group similar file type extensions for reportingDisabled
User Interface TimeoutThe time the Kiosk UI will wait for a session to begin before automatically switching back to the idle screen5 minutes60 seconds or greater
Display disclaimer screenDisplay the disclaimer screen to a user when a new session is startedEnabled
Allow user to browse for filesAllow user to select files before processing mediaEnabled
Allow user to process all filesAllow user to select to process the entire mediaEnabled
Alert user if MetaDefender Core license is close to expirationAlerts you on the Kiosk idle screen if the Core license is close to expirationDisabled
Alert user if MetaDefender Kiosk license is close to expirationAlert you on the Kiosk idle screen if the Kiosk license is close to expirationDisabled
Reboot at end of sessionSpecifies if the system should reboot after a session completesDisabled
Allow user to select languagesAllow user to select which language the Kiosk UI's text will be displayed as If this setting is disabled, the default language selected will be locked inEnabled
Available KeyboardsThe keyboards allowed for users to select within the on-screen Kiosk keyboardAll keyboards enabled
Choose LanguageThe default language to be used for the UIEnglish
Multiple PartitionsSelects the method for processing files on partitionsProcess files on all accessible partitions
HostIP or DNS of SMTP server127.0.0.1
PortPort of the SMTP server25
Enable SSLEnable the use of SSLDisabled
UsernameUsername to authenticate to the SMTP server(Blank)
PasswordPassword to authenticate to the SMTP server(Blank)
Boot Hardening - [Enable] [Disable]Enables/Disables the process that causes the taskbar on the desktop not to load when Windows is logged in to run Kiosk, thereby disallowing any PC functionality until the Kiosk starts.Disabled
Enable (pop up detection)Enables Kiosk to detect any windows / pop ups open on the systemDisabled
Time Open ThresholdThreshold, in minutes, for a pop up to be open to trigger notification5 minutesMin: 1 minute Max: 60 minutes
Notification ActionAction to be taken when a pop up exceeds the time open thresholdDisplay warning
Process WhitelistIgnore pop ups from the processes listed(Blank)
Enable (file integrity monitor)Enables the File Integrity Monitor, which will shut Kiosk down if any unauthorized changes are made in the Kiosk install directoryKiosk: disabled
ServerFile Integrity Monitor server locationKiosk: (blank)
PortPort to connect to the File Integrity Monitor serverKiosk: 0
UsernameUser name to log into File Integrity Monitor serverKiosk: (blank)
PasswordPassword to log into File Integrity Monitor serverKiosk: (blank)
Verify SSL CertificatesEnables verification of SSL certificates when connecting to MetaDefender via HTTPSEnabled
Log Retention - Application LogSpecifies the length that Application Log entries will exist before being automatically deleted.NeverNever - 12 months
Log Retention - Session HistorySpecifies the length that Session History entries will exist before being automatically deleted. File history associated with the expired session history will also be deleted.NeverNever - 12 months
Size Summary -DisplayDisplays the total files and size of selected files\folders when browsing for files.Disabled
Size Summary - Max size to stop calculatingKiosk stops calculating the selected files and folders if the accumulated size exceeds this threshold value. This prevents users from waiting a long time when the total size is large.2 MBMin: 1 MB Max: 1024 GB
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard