OPSWAT MetaDefender User manual
© 2020 OPSWAT, Inc. All rights reserved. OPSWAT®, MetadefenderTM and the OPSWAT logo are trademarks of OPSWAT, Inc.
All other trademarks, trade names, service marks, service names, and images mentioned and/or used herein belong to their
respective owners.
MetaDefender Drive 3.5.0
Table of Contents
Overview 5
Key Features 6
Supports Encrypted Disks 7
1. Getting Started with MetaDefender Drive 8
Boot from MetaDefender Drive 8
Establish Internet Connectivity (optional) 9
Upgrade Drive Software 10
License Remediation 11
End User License Agreement 13
Update Engines 13
Disk Status & Remediation 14
2. Processing Your Device 17
Configuring the Scan 17
Scan in Progress 18
3. Results & Reporting 20
Results Dashboard 20
Report File 21
Remote Report File using Central Management 22
4. Settings & Preferences 23
License Renewal 23
Localization 24
5. Working with OPSWAT Central Management 26
6. Advanced Usage 27
Offline Activation 27
Obtain Deployment ID: 27
Request an License File for Offline Activation: 29
Download License File: 29
Copy License File to MetaDefender Drive: 30
Boot MetaDefender Drive: 31
Offline updates 32
Updating MetaDefender Drive Software 32
Updating Engine Definitions 35
Permanently unlock BitLocker 36
How can I tell if a drive is encrypted with BitLocker? 36
Unlocking Bitlocker using a Recovery Key File 37
Pre-configured Settings 43
1. Pre-configuration 43
7. Troubleshooting Your Drive 82
System Requirements 82
Rebooting after Unintended Stop 82
Restoring MetaDefender Drive 83
Generate a Support Package 83
8. Release Notes 85
9. Legal 86
3.5.0 5
Overview
MetaDefender Drive provides an advanced analysis solution in a USB form factor that embeds
multiple anti-malware engines and OPSWAT file-based vulnerability detection capabilities.
MetaDefender Drive is able to quickly and easily boot into any suspicious (x86/x64 based
architecture) device in an organization. After analysis is complete MetaDefender Drive provides
a comprehensive report on the state of the device without modifying the underlying filesystem
leaving it at rest.
3.5.0 6
Key Features
No software installation required
Supports online and offline machines, e.g. air-gapped networks.
Supports Windows, macOS, Linux
Supports Full and Partial path processing
Included device integrity check (all Editions)
Includes multi-scanning commercial anti-malware packages (number of engines based
on Edition)
Includes File-Based Vulnerability Analysis (patented) (available on select Editions)
Includes Data Loss Protection (available on select Editions)
Report generated as PDF, Text, and JSON
Works with OPSWAT Central Management
3.5.0 7
Supports Encrypted Disks
MetaDefender Drive can unlock encrypted hard disks if the decryption/recovery keys are made
available.
MetaDefender Drive supports the following full disk encryption technologies:
Windows BitLocker: How to Unlock BitLocker
macOS FileVault (Experimental)
LUKS (Linux Unified Key System)
3.5.0 8
1. Getting Started with MetaDefender Drive
MetaDefender Drive offers a Setup Wizard during the first use. This Getting Started section
covers this setup.
System Requirements
PCs: Windows® 7, 8, 8.1, 10
Macs: Intel Based Macs from 2006 to 2017
Linux: Debian 5 based (or newer), RHEL 6 based (or newer)
Minimum 4GB of RAM.
USB Type A port. USB Type C is not supported.
Boot from MetaDefender Drive
Turn OFF your target device.
Insert MetaDefender Drive into the device's USB Type A port.
Turn ON the target device and enter the BIOS.
Select the USB as the boot option, exit and save settings within the BIOS.
Alternatively some BIOS' allow for one-time boot from a selected drive, this may vary
based on the target system you are trying to process
3.5.0 9
Establish Internet Connectivity (optional)
If you do not currently have an active internet connection, then you will be prompted to
establish one via the Fix Internet button.
If you are in an offline environment, then you may continue without an internet
connection but will have to skip upgrading the Drive to its latest version, in addition to
providing engine updates via the offline workflow.
3.5.0 10
Upgrade Drive Software
Once an Internet connection has been established, the MetaDefender Drive will check to
make sure its software is on the most current version.
It is highly recommended that you upgrade your MetaDefender Drive if prompted.
In the event you are using the MetaDefender Drive in an offline environment, you can
use the Skip Update button.
3.5.0 11
License Remediation
MetaDefender Drive will attempt to resolve its license automatically. However, if it cannot find a
license it will prompt you to remediate
If you were provided with an Activation Key through OPSWAT accounting, then you can
click Manual Input and enter it at the prompt (as shown below)
If you were NOT provided with an Activation Key you can check your internet
connectivity and click the Check for License button again
If MetaDefender Drive still does not accept your Activation Key or self-discover its
license. Then please contact OPSWAT Support
3.5.0 12
3.5.0 13
End User License Agreement
Upon first use the MetaDefender Drive will ask you to accept the terms of usage.
You cannot continue using MetaDefender Drive without accepting OPSWAT EULA.
Update Engines
MetaDefender Drive will automatically update if an active internet connection is enabled.
You may see a message "Require engines are initializing" at the bottom of the dialog.
MetaDefender Drive requires a minimum subset of internal drives to function, you must
wait for this to finish to perform even a minimal scan.
It is highly recommended that you update your engines regularly via an online
connection or using Update Downloader for Offline Environment.
3.5.0 14
Engine definitions are persistent on the MetaDefender Drive. Subsequent scans after
successful update will be performed with the latest definitions, for both online and
offline deployments.
Disk Status & Remediation
MetaDefender Drive will auto detect each partition and file system on the target device.
MetaDefender Drive will then attempt to determine if the Disk is encrypted, then
determine if it already knows the decryption key.
If MetaDefender Drive cannot determine an encryption key it will allow the user to know
its most-likely classification of the encryption system and provide steps to unlock that
Drive based on encryption type.
Enter password
Enter Bitlocker recovery key
If MetaDefender Drive determines the drive is unencrypted then it will simply mount it
and display it as Ready.
Finally, you must click Continue to move onto scanning the target device.
3.5.0 15
3.5.0 16
3.5.0 17
2. Processing Your Device
Configuring the Scan
Full Device Processing scans all disks that are mounted and unlocked. Press the Start
button to immediately begin processing your device.
Custom Processing enables quicker operation with user-defined selections. Press the
Select button to choose:
a subset of files to scan
a subset of processing (i.e. device integrity, malware analysis, vulnerability)
3.5.0 18
Scan in Progress
The MetaDefender Drive processes every file on the underlying system (assuming encryption
keys have been provided, and no other access barriers are present).
Each file is submitted to the embedded MetaDefender system on the MetaDefender Drive to
process the file with a variety of antivirus, vulnerability, and utility engines. Time Remaining is a
best guess based on previous rate of processing, and file size, and may update as processing
continues. Once the scan has finished the user may click on View Report and see the scan
results.
This stage can take from several minutes to several hours.
3.5.0 19
3.5.0 20
3. Results & Reporting
Results Dashboard
MetaDefender Drive will provide a summary of the scan results (shown below), and any
problems found during scanning. The drop down menu toggles between summaries of
Potentially Infected Files, Potentially Vulnerable Files, and Files with Data Loss Risk. The hash
identifier is the file name of of the locally persisted report file.
Potentially Infected Files
Potentially Vulnerable Files
Table of contents
Popular DC Drive manuals by other brands
Seagate Technology
Seagate Technology STT8000 Product description manual
Epson
Epson BDE-PR1EP2 quick start guide
Habegger
Habegger HIT-TRAC 16 E Original operating instructions
Masterflex
Masterflex ISMATEC REGLO quick start guide
Festo
Festo DFPI ND2P-E-NB3P Series Translation of the original instructions
Inovance
Inovance IS620N Series user guide