Manual Scan

MetaDefender NDR performs automated file collection, inspection, scanning, and alerting. It may be used to perform centralized scans on files uploaded by analysts too. At a minimum, static analysis and local scanning are available for ad-hoc scanning. If additional third-party appliances are integrated into the deployment such as OPSWAT MetaDefender Core, or FireEye AX, the uploaded file can be run against some or all appliances depending on the user preference. See External Integrations in the Administration menu to view a list of third-party scanning appliances.

MetaDefender NDR supports the following compression formats: 7z, ar, arc, arj, bzip2, cab, compress, cpio, deb, flac, gzip, iso, lzma, rar, rpm, tar, xz, zip.

Note: To ensure analysts are not exposing their data to unnecessary risk by introducing malicious files to their system, it is advised that they encrypt potentially malicious files on a system where the risk of infection is removed prior to uploading them. Manual scan supports encrypted zip file uploads. When creating encrypted zip files containing the file of interest, use infected as the password. MetaDefender NDR will then decrypt, extract, and process the files.

Scan Tab

You can upload multiple files or raw traffic dumps by clicking Analysis > Manual Scan. On the default Scan tab, click the Upload Files segment of the user interface to browse and select the files or just drag-and-drop the files to this area for scanning.

The Upload Queue segment displays the file names, a progress bar indicating the percentage of the file upload completion and the status as Uploaded once the file upload is 100% complete. After the completion, you can view the related sessions on the Dashboard and the Analysis pages.

Note: Clicking Clear in the top-right corner of the Upload Queue segment only removes the records of the uploaded files from the page and does not cancel their upload process. Once the upload process starts for a file, you cannot cancel it. Only in case of multiple file uploads at the same instance, files for which the upload process hasn't yet started (displaying 0% upload progress and waiting in the upload queue) have a Cancel option that lets you cancel the upload. They also have a Force option that lets you initiate the upload process instantly irrespective of their waiting status in the upload queue.

Queued Tab

The Queued tab displays the basic session details of multiple files waiting in the queue for scanning. Sessions, in most cases, appear on this page only when a huge number of files are captured off the network and are waiting in the queue to be scanned.

Scanned Sessions Tab

The sessions will be analyzed, recorded, and displayed in the Scanned Sessions tab along with their scanned time and session time. Scanned time refers to the time the PCAPs were scanned by MetaDefender NDR. Session time refers to the time the PCAPs were captured off the session.

Scanned Files Tab

Files will be analyzed, recorded, and displayed in the Scanned Files tab along with their scanned time, filename, and MIME type. Scanned time refers to the time the files were scanned by MetaDefender NDR.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard