Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for OPSWAT MetaDefender
Summary of Contents for OPSWAT MetaDefender
- Page 1 MetaDefender Drive 3.5.0 © 2020 OPSWAT, Inc. All rights reserved. OPSWAT®, MetadefenderTM and the OPSWAT logo are trademarks of OPSWAT, Inc. All other trademarks, trade names, service marks, service names, and images mentioned and/or used herein belong to their respective owners.
-
Page 2: Table Of Contents
Table of Contents Overview Key Features Supports Encrypted Disks 1. Getting Started with MetaDefender Drive Boot from MetaDefender Drive Establish Internet Connectivity (optional) Upgrade Drive Software License Remediation End User License Agreement Update Engines Disk Status & Remediation 2. Processing Your Device... - Page 3 5. Working with OPSWAT Central Management 6. Advanced Usage Offline Activation Obtain Deployment ID: Request an License File for Offline Activation: Download License File: Copy License File to MetaDefender Drive: Boot MetaDefender Drive: Offline updates Updating MetaDefender Drive Software Updating Engine Definitions Permanently unlock BitLocker...
- Page 4 Copyright DISCLAIMER OF WARRANTY COPYRIGHT NOTICE MetaDefender Export Classification...
-
Page 5: Overview
Overview MetaDefender Drive provides an advanced analysis solution in a USB form factor that embeds multiple anti-malware engines and OPSWAT file-based vulnerability detection capabilities. MetaDefender Drive is able to quickly and easily boot into any suspicious (x86/x64 based architecture) device in an organization. After analysis is complete MetaDefender Drive provides a comprehensive report on the state of the device without modifying the underlying filesystem leaving it at rest. -
Page 6: Key Features
Includes multi-scanning commercial anti-malware packages (number of engines based on Edition) Includes File-Based Vulnerability Analysis (patented) (available on select Editions) Includes Data Loss Protection (available on select Editions) Report generated as PDF, Text, and JSON Works with OPSWAT Central Management 3.5.0... -
Page 7: Supports Encrypted Disks
Supports Encrypted Disks MetaDefender Drive can unlock encrypted hard disks if the decryption/recovery keys are made available. MetaDefender Drive supports the following full disk encryption technologies: Windows BitLocker: How to Unlock BitLocker macOS FileVault (Experimental) LUKS (Linux Unified Key System) -
Page 8: Getting Started With Metadefender Drive
1. Getting Started with MetaDefender Drive MetaDefender Drive offers a Setup Wizard during the first use. This Getting Started section covers this setup. System Requirements PCs: Windows® 7, 8, 8.1, 10 Macs: Intel Based Macs from 2006 to 2017 Linux: Debian 5 based (or newer), RHEL 6 based (or newer) Minimum 4GB of RAM. -
Page 9: Establish Internet Connectivity (Optional)
Establish Internet Connectivity (optional) If you do not currently have an active internet connection, then you will be prompted to establish one via the Fix Internet button. If you are in an offline environment, then you may continue without an internet connection but will have to skip upgrading the Drive to its latest version, in addition to providing engine updates via the offline workflow. -
Page 10: Upgrade Drive Software
It is highly recommended that you upgrade your MetaDefender Drive if prompted. In the event you are using the MetaDefender Drive in an offline environment, you can use the Skip Update button. -
Page 11: License Remediation
License Remediation MetaDefender Drive will attempt to resolve its license automatically. However, if it cannot find a license it will prompt you to remediate If you were provided with an Activation Key through OPSWAT accounting, then you can click Manual Input and enter it at the prompt (as shown below) - Page 12 3.5.0...
-
Page 13: End User License Agreement
End User License Agreement Upon first use the MetaDefender Drive will ask you to accept the terms of usage. You cannot continue using MetaDefender Drive without accepting OPSWAT EULA. Update Engines MetaDefender Drive will automatically update if an active internet connection is enabled. -
Page 14: Disk Status & Remediation
MetaDefender Drive will then attempt to determine if the Disk is encrypted, then determine if it already knows the decryption key. If MetaDefender Drive cannot determine an encryption key it will allow the user to know its most-likely classification of the encryption system and provide steps to unlock that Drive based on encryption type. - Page 15 3.5.0...
- Page 16 3.5.0...
-
Page 17: Processing Your Device
2. Processing Your Device Configuring the Scan Full Device Processing scans all disks that are mounted and unlocked. Press the Start button to immediately begin processing your device. Custom Processing enables quicker operation with user-defined selections. Press the Select button to choose: a subset of files to scan a subset of processing (i.e. -
Page 18: Scan In Progress
Each file is submitted to the embedded MetaDefender system on the MetaDefender Drive to process the file with a variety of antivirus, vulnerability, and utility engines. Time Remaining is a best guess based on previous rate of processing, and file size, and may update as processing continues. - Page 19 3.5.0...
-
Page 20: Results & Reporting
3. Results & Reporting Results Dashboard MetaDefender Drive will provide a summary of the scan results (shown below), and any problems found during scanning. The drop down menu toggles between summaries of Potentially Infected Files, Potentially Vulnerable Files, and Files with Data Loss Risk. The hash identifier is the file name of of the locally persisted report file. -
Page 21: Report File
Once processing has finished you will be instructed that a final report has been written and its location on the NTFS "MetaDefender Drive" partition under /reports. Persisting the report to the external partition is required to make sure data is not lost once the target system is powered off and MetaDefender Drive is removed. 3.5.0... -
Page 22: Remote Report File Using Central Management
If MetaDefender Drive is configured with OPSWAT Central Management, then press Sync All Reports to the send the report to OPSWAT Central Management. In OPSWAT Central Management you can select and view all the reports associated with an individual MetaDefender Drive. -
Page 23: Settings & Preferences
MetaDefender Drive dashboard provides customization and configuration for: OPSWAT Central Management License Remediation Preferences (including Reports, Language, and Storage) Software Updates License Renewal You can deactivate, renew, and add a new license to a MetaDefender Drive through the License settings menu. 3.5.0... -
Page 24: Localization
Japanese Chinese Vietnamese Hebrew Polish Korean Please select the Settings button in the upper right hand corner of the MetaDefender Drive UI. Then select Edit under the Preferences tab. Finally, select the appropriate language under Select a language dialog. 3.5.0... - Page 25 3.5.0...
-
Page 26: Working With Opswat Central Management
OPSWAT Central Management v7 Within the MetaDefender Drive that you would like to manage, enter the Central Management URL and Registration Code (Found in Central Management) within the dialog shown below. Clicking Connect will change the yellow indicator to green indicating this MetaDefender Drive is syncing with OPSWAT Central Management. -
Page 27: Advanced Usage
6. Advanced Usage Offline Activation MetaDefender Drive provides full functionality in an offline environment. As a result the license activation process is designed to be possible through an air-gapped environment. Assuming the drive is kept in an isolated area without network access, and a low-security system sits on the low-side with internet access. - Page 28 Navigate to the NTFS partition "MetaDefender Drive" Under the root of the partition sits a file called "deployment_id.txt" , this is your MetaDefender Drive deployment ID Please look for the OPSWAT invoice provided with the activation key MetaDefender Drive Open this file and copy the alphanumeric string to your clipboard...
-
Page 29: Request An License File For Offline Activation
Navigate to "portal.opswat.com", and login using the credentials you setup during the sales process Select "License Activation" Ensure MetaDefender Package reads "MetaDefender Core v4.x - All packages" Enter your Deployment ID in the given field Enter your Activation Key in the given field Click "Request Unlock Key"... -
Page 30: Copy License File To Metadefender Drive
You should receive a file with called "<Deployment ID>.yml" Copy License File to MetaDefender Drive: 3.5.0... -
Page 31: Boot Metadefender Drive
NTFS partition "MetaDefender Drive" Eject the MetaDefender Drive Boot MetaDefender Drive: Insert MetaDefender Drive into target system to be processed Boot MetaDefender Drive via BIOS (see Quick Start guide for more details see Getting Started with MetaDefender Drive 3.5.0... -
Page 32: Offline Updates
If MetaDefender Drive reaches the "Update" phase of usage then the license has been accepted! Offline updates Updating MetaDefender Drive Software Download and Extract MetaDefender Drive Creator Navigate to portal.opswat.com and download MetaDefender Drive Creator for the appropriate environment Unzip the package Execute MetaDefender Drive Creator 3.5.0... - Page 33 Launch the MetaDefender Drive Creator NOTE: MetaDefender Drive Creator will only image official OPSWAT hardware. 3.5.0...
- Page 34 Image the Drive 3.5.0...
-
Page 35: Updating Engine Definitions
Once MetaDefender Drive is finished successfully it is ready for use. Updating Engine Definitions MetaDefender Drive can receive engine updates online, if connected to the internet, or offline, via file based definition updates. Online updates is done automatically when MetaDefender Drive has a valid internet connection. -
Page 36: Permanently Unlock Bitlocker
All the instructions are available on the MetaDefender Drive itself in case the user doesn’ t have access to the internet. How can I tell if a drive is encrypted with BitLocker? OPSWAT MetaDefender Drive will let users know during the scan if one or more of their volumes are encrypted with BitLocker. 3.5.0... -
Page 37: Unlocking Bitlocker Using A Recovery Key File
Unlocking Bitlocker using a Recovery Key File To unlock the BitLocker encrypted volumes for use with OPSWAT MetaDefender Drive, users must boot into Windows and then insert the OPSWAT MetaDefender Drive. Depending on the version of Windows (pre-Windows 10 Creators Edition or Windows 10 Creators Edition and later) users will either see three removable disk volumes appear under ‘This PC’labeled “MetaDefender Drive”, “...”... - Page 38 To unlock their drives, users must open “This PC” (or “My Computer”, depending on the version of Windows), right click on the encrypted drive icons with the locked yellow padlock icon, click "Unlock Drive" and provide the Password. 3.5.0...
- Page 39 3.5.0...
- Page 40 Once the encrypted drive has been unlocked, the user should navigate to the "MetaDefender Drive" volume Next, navigate to the "tools" folder within the "MetaDefender Drive" volume 3.5.0...
- Page 41 Users should then see three files: “unlock_bitlocker.bat" (used to unlock your BitLocker drives), “unlock_bitlocker.ps1” (a Windows PowerShell script utilized by bitlocker.bat), and "README.txt" (instructions on how to unlock BitLocker encryption for a diagnostic scan). Right click on “unlock_bitlocker.bat” and select the "Run as administrator"...
- Page 42 Once the script has run, a file named “bitlocker.key” will appear in the "tools" indicating to users that they are ready to run a scan. 3.5.0...
-
Page 43: Pre-Configured Settings
The automation can be split to two steps on a high level: Pre-configuration Automation 1. Pre-configuration We setup the desired configurations following the INI file format: file name: mdd_ignition.ini file path: MetaDefender Drive/conf INI files are simple text files with a basic structure composed of sections, keys, and properties https://en.wikipedia.org/wiki/INI_file 3.5.0... - Page 44 Sections, Keys and Properties are case sensitive If there are duplicated Keys defined, the latest property is used Section Key eula accepted 3.5.0...
- Page 45 Section Key 3.5.0...
- Page 46 Section Key 3.5.0...
- Page 47 Section Key 3.5.0...
- Page 48 Section Key 3.5.0...
- Page 49 Section Key 3.5.0...
- Page 50 Section Key engine required 3.5.0...
- Page 51 Section Key 3.5.0...
- Page 52 Section Key 3.5.0...
- Page 53 Section Key 3.5.0...
- Page 54 Section Key 3.5.0...
- Page 55 Section Key 3.5.0...
- Page 56 Section Key 3.5.0...
- Page 57 Section Key 3.5.0...
- Page 58 Section Key 3.5.0...
- Page 59 Section Key 3.5.0...
- Page 60 Section Key 3.5.0...
- Page 61 Section Key 3.5.0...
- Page 62 Section Key 3.5.0...
- Page 63 Section Key 3.5.0...
- Page 64 Section Key 3.5.0...
- Page 65 Section Key 3.5.0...
- Page 66 Section Key 3.5.0...
- Page 67 Section Key 3.5.0...
- Page 68 Section Key report json disk <driveID> EXAMPLE Disk3 Please access to to gain the information regarding to dis Disk Status & Remediation 3.5.0...
- Page 69 Section Key 3.5.0...
- Page 70 Section Key 3.5.0...
- Page 71 Section Key 3.5.0...
- Page 72 Section Key 3.5.0...
- Page 73 Section Key 3.5.0...
- Page 74 Section Key scan full 3.5.0...
- Page 75 Section Key 3.5.0...
- Page 76 Section Key 3.5.0...
- Page 77 Section Key paths 3.5.0...
- Page 78 Section Key 3.5.0...
- Page 79 Section Key 3.5.0...
- Page 80 Section Key useDeviceIntegrity useMultiscan useVulnerability useDlp shutdownAfter 2. Automation After setup the pre-configuration for example as below: [eula] accepted=true 3.5.0...
- Page 81 [engine] required=all ; -p[censored]: please input password to decrypt Luks there [disk] Disk3=-eLuks (Password) -p[censored] [scan] paths=/media/Disk1,/media/Disk2 useMultiscan=true useVulnerability=true [report] json=false pdf=true txt=false We could have an automation process from EULA accepted screen to waiting for all required engines be activated, then auto decrypt Disk3 with provided password and finally start the custom scan automatically.
-
Page 82: Troubleshooting Your Drive
MetaDefender Drive does not support ARM or RISC based processor systems. Rebooting after Unintended Stop If the MetaDefender Drive is disconnected from the target device during the engine definition update phase, there may be definition file corruption occurring on the drive's partition where definitions are stored. -
Page 83: Restoring Metadefender Drive
Restoring MetaDefender Drive If a MetaDefender Drive is failing to boot, or seems to be corrupted, then you can restore it in several methods: Check for Updates: If your MetaDefender Drive still boots you can check for an update to the Drive software by going to Settings→Update and clicking "Check for Updates". - Page 84 3.5.0...
-
Page 85: Release Notes
As a result we are happy to announce that this to v5.4 LTS version of MetaDefender Drive has up taken the Linux Kernel v5.4 LTS along with along with many of the most up to date associated drivers. This... -
Page 86: Legal
(photocopying, recording or otherwise) without prior written consent of OPSWAT Inc. No patent liability is assumed with respect to the use of the information contained herein. While every precaution has been taken in the preparation of this publication, OPSWAT Inc. - Page 87 Although we provide the information on this page, you remain responsible for exporting or re- exporting MetaDefender in accordance with U.S. law. We encourage you to seek appropriate legal advice and/or consult the EAR and the BIS Information Technology Controls Division before exporting, re-exporting, or distributing MetaDefender.
Need help?
Do you have a question about the MetaDefender and is the answer not in the manual?
Questions and answers