background image

3.5.0

5

Overview

MetaDefender Drive provides an advanced analysis solution in a USB form factor that embeds 

multiple anti-malware engines and OPSWAT file-based vulnerability detection capabilities. 

MetaDefender Drive is able to quickly and easily boot into any suspicious (x86/x64 based 

architecture) device in an organization. After analysis is complete MetaDefender Drive provides 

a comprehensive report on the state of the device without modifying the underlying filesystem 

leaving it at rest.

Summary of Contents for MetaDefender

Page 1: ...ed OPSWAT MetadefenderTM and the OPSWAT logo are trademarks of OPSWAT Inc All other trademarks trade names service marks service names and images mentioned and or used herein belong to their respectiv...

Page 2: ...ternet Connectivity optional 9 Upgrade Drive Software 10 License Remediation 11 End User License Agreement 13 Update Engines 13 Disk Status Remediation 14 2 Processing Your Device 17 Configuring the S...

Page 3: ...ender Drive 31 Offline updates 32 Updating MetaDefender Drive Software 32 Updating Engine Definitions 35 Permanently unlock BitLocker 36 How can I tell if a drive is encrypted with BitLocker 36 Unlock...

Page 4: ...Copyright 86 DISCLAIMER OF WARRANTY 86 COPYRIGHT NOTICE 86 MetaDefender Export Classification 86...

Page 5: ...AT file based vulnerability detection capabilities MetaDefender Drive is able to quickly and easily boot into any suspicious x86 x64 based architecture device in an organization After analysis is comp...

Page 6: ...l path processing Included device integrity check all Editions Includes multi scanning commercial anti malware packages number of engines based on Edition Includes File Based Vulnerability Analysis pa...

Page 7: ...unlock encrypted hard disks if the decryption recovery keys are made available MetaDefender Drive supports the following full disk encryption technologies Windows BitLocker How to Unlock BitLocker mac...

Page 8: ...r newer RHEL 6 based or newer Minimum 4GB of RAM USB Type A port USB Type C is not supported Boot from MetaDefender Drive Turn OFF your target device Insert MetaDefender Drive into the device s USB Ty...

Page 9: ...nnection then you will be prompted to establish one via the Fix Internet button If you are in an offline environment then you may continue without an internet connection but will have to skip upgradin...

Page 10: ...the MetaDefender Drive will check to make sure its software is on the most current version It is highly recommended that you upgrade your MetaDefender Drive if prompted In the event you are using the...

Page 11: ...with an Activation Key through OPSWAT accounting then you can click Manual Input and enter it at the prompt as shown below If you were NOT provided with an Activation Key you can check your internet...

Page 12: ...3 5 0 12...

Page 13: ...automatically update if an active internet connection is enabled You may see a message Require engines are initializing at the bottom of the dialog MetaDefender Drive requires a minimum subset of int...

Page 14: ...attempt to determine if the Disk is encrypted then determine if it already knows the decryption key If MetaDefender Drive cannot determine an encryption key it will allow the user to know its most li...

Page 15: ...3 5 0 15...

Page 16: ...3 5 0 16...

Page 17: ...are mounted and unlocked Press the Start button to immediately begin processing your device Custom Processing enables quicker operation with user defined selections Press the Select button to choose a...

Page 18: ...the embedded MetaDefender system on the MetaDefender Drive to process the file with a variety of antivirus vulnerability and utility engines Time Remaining is a best guess based on previous rate of pr...

Page 19: ...3 5 0 19...

Page 20: ...n below and any problems found during scanning The drop down menu toggles between summaries of Potentially Infected Files Potentially Vulnerable Files and Files with Data Loss Risk The hash identifier...

Page 21: ...be instructed that a final report has been written and its location on the NTFS MetaDefender Drive partition under reports Persisting the report to the external partition is required to make sure data...

Page 22: ...aDefender Drive is configured with OPSWAT Central Management then press Sync All Reports to the send the report to OPSWAT Central Management In OPSWAT Central Management you can select and view all th...

Page 23: ...of the MetaDefender Drive dashboard provides customization and configuration for OPSWAT Central Management License Remediation Preferences including Reports Language and Storage Software Updates Lice...

Page 24: ...ish French Dutch German Italian Japanese Chinese Vietnamese Hebrew Polish Korean Please select the Settings button in the upper right hand corner of the MetaDefender Drive UI Then select Edit under th...

Page 25: ...3 5 0 25...

Page 26: ...ploy OPSWAT Central Management within your organization using the following instructions OPSWAT Central Management v7 Within the MetaDefender Drive that you would like to manage enter the Central Mana...

Page 27: ...designed to be possible through an air gapped environment Assuming the drive is kept in an isolated area without network access and a low security system sits on the low side with internet access The...

Page 28: ...the sits a file called this is your root of the partition deployment_id txt MetaDefender Drive deployment ID Please look for the for OPSWAT invoice provided with the activation key MetaDefender Drive...

Page 29: ...ntials you setup during the login sales process Select License Activation Ensure MetaDefender Package reads MetaDefender Core v4 x All packages Enter your Deployment ID in the given field Enter in the...

Page 30: ...3 5 0 30 You should receive a file with called Deployment ID yml Copy License File to MetaDefender Drive...

Page 31: ...folder on the license NTFS partition MetaDefender Drive Rename the Deployment ID yml to license yml within the folder on the license NTFS partition MetaDefender Drive Eject the MetaDefender Drive Boot...

Page 32: ...nse has been accepted Offline updates Updating MetaDefender Drive Software Download and Extract MetaDefender Drive Creator Navigate to and download MetaDefender Drive Creator for the portal opswat com...

Page 33: ...3 5 0 33 Launch the MetaDefender Drive Creator NOTE MetaDefender Drive Creator will only image official OPSWAT hardware...

Page 34: ...3 5 0 34 Image the Drive...

Page 35: ...updates Online updates is done automatically when MetaDefender Drive has a valid internet connection This document will provide step by step instructions on how to update definitions in an offline env...

Page 36: ...nder MetaDefender Drive Insert and boot system under MetaDefender Drive MetaDefender Drive should notice new offline update packages If it does not click Check for Local Updates on the engine update p...

Page 37: ...ted volumes for use with OPSWAT MetaDefender Drive users must boot into Windows and then insert the OPSWAT MetaDefender Drive Depending on the version of Windows pre Windows 10 Creators Edition or Win...

Page 38: ...lock their drives users must open This PC or My Computer depending on the version of Windows right click on the encrypted drive icons with the locked yellow padlock icon click Unlock Drive and provide...

Page 39: ...3 5 0 39...

Page 40: ...3 5 0 40 Once the encrypted drive has been unlocked the user should to the navigate volume MetaDefender Drive Next to the folder within the MetaDefender Drive volume navigate tools...

Page 41: ...unlock_bitlocker ps1 bitlocker bat and instructions on how to unlock BitLocker encryption for README txt a diagnostic scan Right click on and select the unlock_bitlocker bat Run as administrator opti...

Page 42: ...3 5 0 42 Once the script has run a file named will appear in the bitlocker key tools indicating to users that they are ready to run a scan...

Page 43: ...being scanned Pre configured Settings The product supports partly automated in order to help reduce user interaction The automation can be split to two steps on a high level Pre configuration Automati...

Page 44: ...3 5 0 44 Sections Keys and Properties are case sensitive If there are duplicated Keys defined the latest property is used Section Key eula accepted...

Page 45: ...3 5 0 45 Section Key...

Page 46: ...3 5 0 46 Section Key...

Page 47: ...3 5 0 47 Section Key...

Page 48: ...3 5 0 48 Section Key...

Page 49: ...3 5 0 49 Section Key...

Page 50: ...3 5 0 50 Section Key engine required...

Page 51: ...3 5 0 51 Section Key...

Page 52: ...3 5 0 52 Section Key...

Page 53: ...3 5 0 53 Section Key...

Page 54: ...3 5 0 54 Section Key...

Page 55: ...3 5 0 55 Section Key...

Page 56: ...3 5 0 56 Section Key...

Page 57: ...3 5 0 57 Section Key...

Page 58: ...3 5 0 58 Section Key...

Page 59: ...3 5 0 59 Section Key...

Page 60: ...3 5 0 60 Section Key...

Page 61: ...3 5 0 61 Section Key...

Page 62: ...3 5 0 62 Section Key...

Page 63: ...3 5 0 63 Section Key...

Page 64: ...3 5 0 64 Section Key...

Page 65: ...3 5 0 65 Section Key...

Page 66: ...3 5 0 66 Section Key...

Page 67: ...3 5 0 67 Section Key...

Page 68: ...3 5 0 68 Section Key report json pdf txt disk driveID EXAMPLE Disk3 Please access to to gain the information regarding to dis Disk Status Remediation...

Page 69: ...3 5 0 69 Section Key...

Page 70: ...3 5 0 70 Section Key...

Page 71: ...3 5 0 71 Section Key...

Page 72: ...3 5 0 72 Section Key...

Page 73: ...3 5 0 73 Section Key...

Page 74: ...3 5 0 74 Section Key scan full...

Page 75: ...3 5 0 75 Section Key...

Page 76: ...3 5 0 76 Section Key...

Page 77: ...3 5 0 77 Section Key paths...

Page 78: ...3 5 0 78 Section Key...

Page 79: ...3 5 0 79 Section Key...

Page 80: ...3 5 0 80 Section Key useDeviceIntegrity useMultiscan useVulnerability useDlp shutdownAfter 2 Automation After setup the pre configuration for example as below eula accepted true...

Page 81: ...on false pdf true txt false We could have an automation process from EULA accepted screen to waiting for all required engines be activated then auto decrypt Disk3 with provided password and finally st...

Page 82: ...port ARM or RISC based processor systems Rebooting after Unintended Stop If the MetaDefender Drive is disconnected from the target device during the engine definition update phase there may be definit...

Page 83: ...er Drive Creator If your MetaDefender Drive is non functional or you do not have access to an internet connection you can download the MetaDefender Drive Creator on On a windows system run the Creator...

Page 84: ...3 5 0 84...

Page 85: ...ate associated drivers This improvement will help us to support a larger amount of user hardware more efficiently Improved Integration with OPSWAT Central Management MetaDefender Drive has improved it...

Page 86: ...e of the information contained herein While every precaution has been taken in the preparation of this publication OPSWAT Inc assumes no responsibility for errors or omissions This publication and fea...

Page 87: ...exporting MetaDefender in accordance with U S law We encourage you to seek appropriate legal advice and or consult the EAR and the BIS Information Technology Controls Division before exporting re expo...

Reviews: