Multi-scanning and Data Sanitization
Integrating MetaDefender Core
In order to integrate MetaDefender Vault with Metadefender Core please follow MetaDefender Core Integration .
Integrating with MetaDefender Core enables:
- Anti-malware multi-scanning
- Data sanitization (CDR)
- Data Loss Prevention (DLP)
- Vulnerability information
- Other security features
Use the MetaDefender Core Management Console to configure a file scanning policy that encompasses your security criteria. This requires purchasing, installing, and configuring MetaDefender Core.
Note that this user guide does not detail the MetaDefender Core configuration steps; those steps are available in the MetaDefender Core User Guide .
Data sanitization (CDR)
Content Disarm & Reconstruction (CDR), also known as data sanitization, assumes all files are malicious and sanitizes and rebuilds each file ensuring full usability with safe content. For more information about Deep CDR please check MetaDefender Core documentation.
After the uploaded files have been processed by Vault, they will be in "Sanitized" state.
The MetaDefender Core scan result indicates, that the file was sanitized:
Administrators and supervisors can choose between the original version of the file and the sanitized file when downloading a file. For regular users, the redacted file is downloaded automatically.
Data Loss Prevention (DLP)
The main feature of the Proactive DLP engine is to detect and block sensitive data in files, including credit card numbers and social security numbers. The engine supports a wide range of file types, including Microsoft Office documents and PDF. For more information about DLP please check MetaDefender Core documentation.
The user can download a redacted file with sensitive information masked while the structure of the document remains intact. This feature leverages Proactive DLP module from MetaDefender Core and it works even if sanitization (Deep CDR) is not configured.
After the files have been processed by Vault, they will be in "DLP processed" state.
The sensitive data found by processing the file can be seen on Vault's file scan result page:
Administrators and supervisors can choose between the original version of the file and the redacted file when downloading a file. For regular users, the redacted file is downloaded automatically.
If both Deep CDR and DLP modules are enabled, the file will be in "Sanitized" state and the processed file will be sanitized and DLP processed.
Vault sends the currently logged-in user's username and email address as metadata to Core, providing the ${vault_user_name} and ${vault_email_address} variables for configuring custom watermark text in the Proactive DLP process. For more details, refer to the Proactive DLP watermark documentation.
Sandbox
The OPSWAT Sandbox engine in MetaDefender Core is a next-gen sandbox and threat intelligence solution that utilizes Adaptive Threat Analysis (ATA) of the OPSWAT Filescan platform. For more information about Sandbox please check MetaDefender Core documentation.
The result of the MetaDefender Core scan indicates that the file has been scanned by the Sandbox and no threat was detected:
Viewing scan results for files
From My Files, Shared With Me, Processing History, Approval History or Pending Approval pages you can click on any file to see scanning results. Once clicking on the file, MetaDefender Core's result page will be shown to the user on a new browser tab.
Advanced configuration and high availability for MetaDefender Core
Follow MetaDefender Core Integration in order to configure Metadefender Core in MetaDefender Vault.
Follow Create a MetaDefender Core rule that will apply only to MetaDefender Vault in order to create a MetaDefender Core rule that only applies to files uploaded in MetaDefender Vault.