Metadefender is a powerful and flexible security solution for ISVs, IT admins and malware researchers, providing simultaneous access to multiple anti-malware engines, heuristics, data sanitization and additional threat protection technologies residing on a single system.
At the heart of the solution, the Metadefender Core multi-scanning engine uses up to 40+ anti-malware engines to scan files for threats, significantly increasing malware detection. It can be used to analyze a large database of files and provide extensive data points about which engines have detected each threat. It is also easy to use alongside other analysis software, including dynamic analysis solutions, to provide detailed contextual information about files.
The comprehensive feature set of the Metadefender Core technology includes heuristics, file type detection, data sanitization, archive scanning, and many other features that enable organizations to detect and prevent both known and unknown threats.
Metadefender Core Components:
Metascan® Multi-scanning Engine
Multi-scanning with Metadefender Core is designed to be effective, efficient and fast. We leverage both signature and heuristic scanning from up to 30 scan engines on-premises and more than 40 scan engines in the cloud to increase malware detection rates. The combined threat research from those engines (using a range of methods like behavioral analysis and emulation techniques) contribute to Metadefender's comprehensive detection of malware targeting Windows, Mac, Linux, Android and iOS operating systems. Using anti-malware engines from around the world also allows Metadefender Core to quickly detect newly-developed malware from different origins.
- Coverage of more threats by combining the best results from many antivirus engines
- Using anti-malware engines from different geographic locations improves outbreak protection since vendors close to the origin of the outbreak are usually the first to address the threat
- Decreased detection time after an outbreak: vendors address different threats at different times
- Each engine has unique heuristic scanning capabilities for zero-day threat detection
- Increased resiliency to malware built to evade specific antivirus engines
To learn more about multi-scanning, take a look at related posts on our blog and visit the Metadefender Top Threats page to see how more scan engines impacts detection rates. Quickly demo our multi-scanning engine by uploading files or searching for results on Metadefender.com.
Data Sanitization Engines
The Data Sanitization engine allows you to thwart zero-day and targeted attacks by disarming active content in files that may not be detected by anti-malware engines. With support for 15 file types and growing, OPSWAT's data sanitization engine offers robust threat prevention features for organizations. Many customers choose to sanitize potentially dangerous file types, like PDFs and Microsoft Office documents, to eliminate any embedded malware, thwarting macro-based attacks. Data sanitization neutralizes unknown threats and maintains the security of your network and is particularly beneficial for combating ransomware spread via email.
To learn more about data sanitization and to see examples of how it prevents threats, take a look at related posts on our blog, including our series discussing the various methods for performing data sanitization.
Heuristic algorithms look for malicious traits in files in order to flag malware that may not have been seen before. This increases the ability to catch unknown threats like zero days, and also provides unique abilities to detect threats that attempt to evade detection. For example, anti-malware vendors can push out adjustments to their heuristic rules with their daily update packages, giving them the flexibility to adapt to new threat vectors. These updates and the fact that heuristic engines do not provide details on why a file is flagged (unlike sandboxing) gives heuristics an advantage over malware authors; the authors will not be aware of what they need to do to evade detection. Malware authors may attempt to evade detection by a particular engine or target blind spots to evade sandbox detection, but heuristic algorithms are still able to detect this malware.
By leveraging combined heuristics from multiple engines, Metadefender benefits from the various algorithmic approaches that different leading antivirus engines use to detect possible harmful code so that more unknown threats are prevented.
Archive scanning allows you to extract all extractable files and scan them individually—and the results often vary greatly from an unextracted antivirus scan. Because of this extra layer of investigation, archive scanning has been proven to provide more granularity for uncovering threats. With Metadefender Core, you have the flexibility to scan entire archives, or to extract and scan individual files within the archive.
Metadefender Core performs this archive handling once for each file type instead of allowing each individual anti-malware engine to use their own archive handling methods, which eliminates repetition and speeds up processing time. You also have control over configuration, customizing everything from the depth of archive scanning and the max number of files extracted to the size of extracted files.
File Type Verification
With Metadefender Core's file type verification technology, you can process files based on their true file type, so you can take more precautions with risky file types like EXEs—perhaps setting different policies or rules based on file type. Spoofed file types indicate potentially malicious intent, so to mitigate this risk, Metadefender Core can block files with incorrect extensions, preventing for instance EXE files posing as TXT files from entering your organization.
The Metadefender Workflow Engine helps streamline scanning processes and policies to provide customization options and optimize value for individual organizations. It gives administrators options to control settings throughout pre-scanning, scanning and post-scanning processes. For example, the Workflow Engine allows administrators to create blacklists, set rules for different files and file types and set general rules for scanning. Administrators can also control and secure the flow of data by defining custom user-based policies that meet the needs of groups within their organization. These policies can limit allowed file types and sizes for specific users or groups, sanitize documents and images (file types that are frequently made malicious with embedded macros and scripts) and determine what actions should be taken on approved or blocked files.
The customizations available through the Workflow Engine allow organizations to tweak Metadefender to their specific security and performance needs.
Metadefender Core exposes a rich set of APIs that can be used to build powerful multi-scanning and data sanitization features into existing solutions and security architectures. Our flexible integration options include both REST and COM, making Metadefender Core an attractive option for a variety of users. IT administrators make use of these APIs to build Metadefender Core into their network architecture alongside dynamic analysis solutions, file upload servers, and MFTs. Software developers at ISVs often utilize the APIs to integrate the extra security provided by Metadefender into their development processes. See our use cases for a range of anti-malware API solutions that can be created with Metadefender Core.
The available APIs include basic methods for scanning a file and retrieving existing scan results using a SHA1, SHA256 or MD5 hash, as well as methods for rescanning files, downloading previously scanned files and retrieving the queue size. APIs are also available for retrieving statistics from Metadefender Core, including file type information, scan history, recent threats and server health.
Metadefender Core is designed with the ability to deploy in offline environments. We provide mechanisms for downloading and distributing antivirus updates to any offline Metadefender Core servers so that the virus definitions can be kept up-to-date, even in secure, locked-down environments with limited or no network connectivity. This is important for air-gapped facilities that need to isolate their environment. In air-gapped environments, customers often use Metadefender Core with the Metadefender Kiosk to regulate the flow of data into the organization. Read the Metadefender Kiosk deployment options page for examples of offline deployment setups, or view our offline update configuration video to review the process in detail.
All Metadefender Core packages also provide the ability to implement an in-house file scanning site, like our Metadefender demo, given certain technical requirements. This web interface feature can create a complete, static file scanning solution suitable for malware analysis in off-line or locked-down environments, allowing everyone with a web browser in your network to quickly determine the status of a file (clean or infected) as well as the particular threat identified (class of malware, name, engines that detected the threat).
Metadefender Core has multiple anti-malware scanning engines embedded within its framework at the API level. This means that scanning operations are executed from a single system with a high level of performance, which cannot be achieved by simply passing files to separate command-line or GUI based versions of anti-malware products. Anyone looking to integrate with an anti-malware solution created by Kaspersky Lab or Symantec via API or SDK will find Metadefender Core to be an ideal security solution.
The Metadefender Central Management system provides an easy way to track and manage multiple instances of Metadefender Core within your network. With a simple, clear interface, Metadefender Central Management is a centralized console that allows you to view the managed engines on each installation, control online and offline updates, as well as check license and update status for each managed engine. Central Management runs on Windows as well as Linux.
Flexible, Scalable Deployment
Metadefender Core supports a variety of deployment needs with three versions:
- On-premises, for situations requiring the utmost in privacy and control, including offline and air-gapped networks
- In the cloud at Metadefender.com for easy access to more than 40 anti-malware engines
- And in a hash database that brings the hashes from Metadefender Cloud into the on-premises version
On-premises, Metadefender Core can be deployed on both Windows and Linux appliances. Metadefender Core supports many different 64-bit Linux distributions, including Debian, Red Hat Enterprise Linux, CentOS and Ubuntu. Metadefender Core for Linux provides enhanced security features as well as load balancing for high-volume scanning by deploying multiple scan agents with one Metadefender Core server. Metadefender Core for Linux can be used in high-availability deployments using Linux tools such as Heartbeat and Corosync.
For a demonstration of the technology or for more information, please contact us.