I have used MetaDefender for various use cases on my PCs at home and also enrolled it on some of my virtualized devices in my virtualized lab, which runs on Linux and Windows. I tried it on Windows 11, Windows 10, Ubuntu, and Kali Linux, and I enrolled the devices after trying quite a few use cases.

I blocked USB access on all the Windows machines, and it successfully blocked it, so I cannot use USB devices on these machines. I also utilize MetaDefender for patching my Windows devices, as it picks up outdated software and often identifies vulnerable third-party programs. Sometimes I need to patch the software or uninstall older versions before installing the new ones. I also use it for Windows updates, as it flags when my Windows updates and OneDrive application need to be updated. Additionally, it checks my browser extensions for status and compliance.

For malware protection, I am using McAfee, but if it has not scanned for some time, MetaDefender flags that too. I need to fine-tune my policy because it identifies McAfee, Windows Defender, and Microsoft Teams as unapproved products, so I will look into that. I have configured a policy, but since I am using a free version, I could not use DLP, and some intensive endpoint management functionalities are limited. It performs many tasks, including patching my devices, tracking critical issues, third-party vulnerabilities, and showing device locations on a graph. In brief, I am using it mostly for endpoint security.

I did not manage to enroll my IoT devices, including my child's device running on iOS and some Amazon products. I could not enroll my Fire Stick or monitor certain network devices. I initially thought I could enroll all those devices, including some children's IoT devices, but there seem to be limitations with Linux endpoint management as well. I hoped MetaDefender could help with parental controls for my Amazon Kids products.

I have not contacted technical support, though I thought I might need assistance fine-tuning my policy. When MetaDefender flagged some Windows DLL files as infections, I looked up information online and needed to whitelist them if they run directly from the Windows folder. If I could not resolve that, I would reach out for support, but I have not raised any tickets with MetaDefender yet.

MetaDefender is flexible because, for a free product, you can enroll up to 50 devices, and I have only used about eight devices so far. This flexibility allows you to explore its features before committing to a contract with MetaDefender, unlike other products that provide trial versions for a limited time.

I appreciate that you can use MetaDefender for various tasks, including patching, monitoring, vulnerability assessment, and compliance checking for up to 50 devices on the free license.

On the free version, I can only monitor device compliance, which includes the total enrolled devices and my compliance dashboard showing critical issues and warnings. It compiles data by desktops, laptops, virtual machines, servers, and mobile devices, including my enrolled Windows, Android, and one iOS device. The reports show compliant and non-compliant devices, allowing me to fine-tune my policies and group my devices for different policy applications.

There is no maintenance required on my end because the application on my endpoint automatically patches itself. When there is a new update, it handles the patching and alerts me when I am running the latest version. However, a feature I wish MetaDefender had is the ability to patch my devices centrally from my dashboard, including scheduling patches during off-peak times. I cannot provide a full review since I am using the free version, but based on my experiences, I would recommend MetaDefender to peers and companies using Windows endpoints.

I am not using the Expanded File Type and Archive Coverage feature, as it is not part of the free version. I was wondering if I could enroll more devices and replace McAfee with MetaDefender if it can serve as antivirus as well.

The initial deployment is straightforward, as there is an enroll link on the portal. Clicking that gives me options to enroll in MetaDefender Core, Endpoint, or Industrial File. I receive a QR code, and for devices like phones, scanning it enrolls them automatically. For Windows devices, it provides links to download the EML or EXE files, enabling easy Active Directory use. This straightforward enrollment process applies to Linux and macOS as well. However, for IoT devices, it is not so straightforward since it requires building the application from a downloaded file and running it, especially for Linux-based IoTs.

I have been working with the solution for more than eight months.

MetaDefender does not crash and runs well without conflicts with other Windows or Linux applications, indicating that the developers have optimized its performance very well.

I have only enrolled about eight devices, and I cannot comment on scalability for corporate networks with more than 500 endpoints since I have not tested it with larger numbers. I could consider testing on a licensed version to push patches automatically from the portal to assess its full capabilities. I would appreciate a trial period of one or two weeks for better testing of the full version features.

I have not contacted technical support, though I thought I might need assistance fine-tuning my policy. When MetaDefender flagged some Windows DLL files as infections, I looked up information online and needed to whitelist them if they run directly from the Windows folder. If I could not resolve that, I would reach out for support, but I have not raised any tickets with MetaDefender yet.

I have previously used other endpoint products like Fortinet's FortiEDR, but only in a virtualized environment. I could do similar use cases with that one as well.

The initial deployment is straightforward, as there is an enroll link on the portal. Clicking that gives me options to enroll in MetaDefender Core, Endpoint, or Industrial File. I receive a QR code, and for devices like phones, scanning it enrolls them automatically. For Windows devices, it provides links to download the EML or EXE files, enabling easy Active Directory use. This straightforward enrollment process applies to Linux and macOS as well. However, for IoT devices, it is not so straightforward since it requires building the application from a downloaded file and running it, especially for Linux-based IoTs.

I have previously used other endpoint products like Fortinet's FortiEDR, but only in a virtualized environment. I could do similar use cases with that one as well.

I am not using the Expanded File Type and Archive Coverage feature, as it is not part of the free version. I was wondering if I could enroll more devices and replace McAfee with MetaDefender if it can serve as antivirus as well.

On the free version, I can only monitor device compliance, which includes the total enrolled devices and my compliance dashboard showing critical issues and warnings. It compiles data by desktops, laptops, virtual machines, servers, and mobile devices, including my enrolled Windows, Android, and one iOS device. The reports show compliant and non-compliant devices, allowing me to fine-tune my policies and group my devices for different policy applications.

I would rate this product an 8 out of 10.

I have been working with MetaDefender for the past year. I am a customer of MetaDefender. I use MetaDefender for CDR in an Azure Blob environment. The features of MetaDefender that I have found the most valuable include the option to connect to the storage account and create a connection between different blobs and containers, as well as creating a CDR policy and workflow that works for us.

I am using the Expanded File Type and Archive Coverage feature. I am using the Enhanced Reporting and Audit Visibility features. The Enhanced Reporting and Audit Visibility features help us to understand what exact type of files are uploaded to the blob and which type of files are blocked or get scanned. We can understand exactly where we might miss the business logical flow and correct it.

The impact of MetaDefender on my organization's scanning process is great because I have the option to harden the platform. If the developers make mistakes in the application development cycle and miss hardening the types of files or the archive levels on the application layer, with MetaDefender, I can restrict it on my end and be sure that no other files are accepted except those that I permit. It will not even be considered to be scanned.

MetaDefender could be improved in the future regarding the notification issue. OPSWAT delivers an API structure that you can query via APIs for a lot of data from OPSWAT. However, many customers, including us, are looking for more responsive notifications. If OPSWAT sees that the file uploaded has failed because it doesn't fit the policy or the file types, we would like to get a notification about it rather than developing something on our own that would query OPSWAT for the data.

The stability and reliability of MetaDefender are good. I have not yet tested it for disaster recovery. I am planning to do so to understand how it really works in different recovery solutions, such as a cluster or an active-active solution. Therefore, I cannot tell you about this because I have not tested it yet.

When considering the scalability of MetaDefender, I cannot really size it because when you are planning a CDR solution in your company, you should understand where you could have a bottleneck of the files or the hardware. Is it possible to upload a lot of files and still have OPSWAT scan them all, or would they be queued and how much time would it take? You need to plan it. You need to do some sizing before installation and understand exactly what you are seeking from the solution and how it fits your organization.

I do not often communicate with the technical support of MetaDefender, only with the integration team. I am happy with my interaction and communication with MetaDefender's team. The communication was great and understanding. It was easy because I was familiar with OPSWAT Core, not so much with MetaDefender, but with OPSWAT Core I was familiar, and the policy and everything else that you configure on OPSWAT Core. The communication was great.

Before MetaDefender, we were using Sasa, which is a platform for CDR, but we use Sasa not exactly for the same business logic. We use Sasa on a different path inside the company, and OPSWAT is really convenient for use via APIs and connecting with storage accounts and other resources that we can upload files from.

I participated in the initial setup and deployment of MetaDefender. The initial setup process was pretty easy. There were a few problems with the SSO configuration, but everything else was pretty straightforward. To integrate the platform and install it very fast and in a good manner, you should plan it very well and understand exactly what your environment is in the company. Whether you are going to install it on-premise or in the cloud environment as a VM or any other solution that they are suggesting. I did not see any problems except the SSO configuration. Everything else was pretty fast and convenient.

I am not much aware of the pricing and licensing of MetaDefender. I know that the SaaS platform is very expensive, and we did it on the IaaS platform in Azure. So I am not very familiar, but because it is IaaS, most of the money goes for the VM and the infrastructure in Azure, and of course the license for the CDR engines. I am not very familiar with the prices.

Before choosing MetaDefender, I evaluated other options and other vendors for these use cases, and there are not many vendors doing a great CDR. I know only two that really do the job. We chose MetaDefender because it gives us the option to do more with the CDR, and of course, because of the APIs and the storage accounts because this is the environment that we looked for. We looked for a solution for a specific cloud environment, so MetaDefender was a better solution.

From the beginning, I worked with OPSWAT MetaDefender for other customers at my other job a few years ago. From the last year that we integrated OPSWAT in our company, I have not seen any improvements. It is still okay. It still does the job and makes a good assurance that the files that are coming are really whitelisted and content disarmed. It has not become worse, but it has not become better either. The percentage of accuracy is great. I do not miss anything, but I have not felt any improvement. The effectiveness of MetaDefender in blocking or sanitizing content based on policy is effective. I did not see any problems with the sanitation or something that should be blocked in the test. I did not have such issues.

Before deployment, when looking for a safe path to upload files, you will definitely look for CDR solutions because it depends on the workflow that you are trying to achieve. If there are customers at the end that will upload the files, or some internal business logic that your partners inside the company will upload the files, it depends on what you are trying to achieve. If the files are coming from outside the company, of course, CDR will be the best solution because you would want to restrict the type of files, even the size of the files, and be very restrictive on that end because those files are from the outside, and this path is published outside and is external. When you are looking from the inside, when you are working with partners inside the company, such as different departments, you will not always use the CDR solution. The integration of multi-scanning and Content Disarm and Reconstruction affects my data security operations effectively. If you are trying to disable any active links or anything that could be malicious, OPSWAT did that. It blocks the file types that we are not willing to have inside the company or are not approved. Therefore, it helped us. My impression of the detection rates provided by MetaScan Multi-scanning is great. I have not seen a lot of malicious content on those files that we are scanning, but in the test, I had a pretty high assurance that MetaDefender would find the content that is not welcome at our application end. It is quite easy to research and understand what exactly happened.

I describe the effectiveness of Deep CDR in reconstructing files safely and without signatures as very effective. That is why we chose a CDR platform for those specific workflows that our business wants to accomplish, and not any sandbox or EDR solution that will block the files because they are malicious or suspicious. The CDR still gives us the option to retrieve the file but without any malicious content inside. I do not think I am using Adaptive Sandbox analysis. My overall rating for this solution is eight out of ten.

The use cases for MetaDefender involve checking an endpoint, such as a laptop or USB, to ensure that they are safe, clean, and meet security policy before they connect to the network. I can use it for malware and unknown devices' security status.

The best feature of MetaDefender is that it can isolate USB devices from the connected network, blocks malware and unsafe files, and ensures all endpoints follow security policy, so that my organization remains safe and reduces the risk of these threats.

I find MetaDefender effective when it comes to blocking or sanitizing content based on the policies in place because it removes hidden threats and scans devices and endpoints, protecting the environment against unknown and advanced attacks.

The integration of Multi-Scanning and Content Disarm and Reconstruction affects my data security operations positively as it is easy to integrate into my environment.

I find the multi-scanning mechanism and content disarm and reconstruction features beneficial for data security, as MetaDefender's endpoint creates a secure layer to protect my organization from threats and attacks.

The main benefits that MetaDefender brings include isolating USB devices from attacks, removing hidden threats such as malware and malicious attacks, and protecting against unknown and advanced attacks.

My impression of the detection rates provided by MetaScan Multi-Scanning is that they are good, as the scanning of MetaDefender removes hidden threats, detects known issues, and protects devices from unknown malware and attacks.

I assess the effectiveness of Deep CDR in reconstructing files safely without signatures. CDR used in MetaDefender effectively removes dangerous and unsafe attacks by taking a file, removing risky parts, and delivering a clean version to the user, as it removes scripts, hidden links, and malicious components.

I use Adaptive Sandbox Analysis and a sandbox to detect advanced threats, as it receives files, runs them in a VM environment, and discovers the behavior of these files, allowing safe files to return while blocking any that behave poorly.

I find that the features of MetaDefender are strong, and its work is effective for scanning and securing the environment from malware and operates well.

I am not using the expanded file type and archive coverage feature because I was unaware of it.

I am not using the enhanced reporting and audit visibility features, and I am unsure about them.

Regarding the reporting, analytics, and audit visibility, I cannot provide a comprehensive answer. I do not know if the audit requirements help me with deep enhanced reporting and audit visibility in MetaDefender.

I have not noticed any improvements in workflow automation with recent enhancements to policy orchestration and engine parallelization.

What I would like to see improved in MetaDefender includes reducing the high cost of the license, as the pricing is very high.

Functionality-wise, I find installation and setup very difficult, and I needed support to help me understand the setup of MetaDefender. The process requires good planning and understanding of the environment to configure it, as the integration with policies takes more time to build and requires more experience.

I have been using MetaDefender for one year.

When it comes to stability, I find it stable as it maintains good external stability with good availability and no major issues. The setup is difficult, but generally, the product stability is good.

I find it scalable, as more users can work smoothly without any crashing or slowing down.

I evaluate customer service and technical support as good, as they respond in a timely manner.

Before MetaDefender, I used EDR, which is the product that I used before switching to MetaDefender.

The deployment process was difficult; I needed a vendor to help me because the setup of MetaDefender is complex.

SIS helped me to deploy MetaDefender.

I believe it is worth the money, as it brings time-saving, cost-saving, and efficiency improvements, especially in large environments. However, in smaller environments, it incurs high costs. Overall, it is good because it has many features for scanning and cleaning the environment from malware and saves time.

I do not find it cost-effective, as the costing is high.

I decided to switch to MetaDefender because Kaspersky could only detect malware but not take action, whereas MetaDefender detects and prevents threats simultaneously.

I chose MetaDefender because it is capable of adding multi-layered security that prevents threat detection and removes unknown threats, working without signature-based detection, which is beneficial.

I recommend MetaDefender to others because it is effective, has high stability, and is beneficial for environments. I have rated this review a ten out of ten.

My main use case for MetaDefender is for our client's environment, which is using MetaDefender for their OT security or for their email side. All clients use MetaDefender, and it is especially great for Content Disarm and Reconstruction, which they want to leverage.

For example, one of our clients is using MetaDefender for their email gateway site as their mail gateways, scanning emails. Generally, they use MetaDefender's Content Disarm and Reconstruction property for that email scanning.

None of my customers are using the reporting and audit visibility features on MetaDefender platform.

Integrating multi-scanning and Content Disarm and Reconstruction positively affects my clients' data security operations, prioritizing security over potential delays experienced by end users.

The best features MetaDefender offers include its Content Disarm and Reconstruction, which is a key feature chosen by our clients because many other products claim to provide that functionality, but generally, they cannot do it as cleanly. Through Proof of Concept sessions with our clients and the OPSWAT team, they see that MetaDefender's Content Disarm and Reconstruction is strong, usable, and valuable for our customers, making them want to work with OPSWAT specifically for this feature.

For example, one of our customers was not using any Content Disarm and Reconstruction technology but was receiving emails containing PDF documents or XLSX documents, some with malicious content. MetaDefender's technology worked effectively, disarming and reconstructing PDFs to deliver clean copies to their users, while allowing their analysts to see the malicious code.

MetaDefender has positively impacted my clients' organizations by saving time for their SOC teams who were previously receiving false positives and unnecessary alarms from other products, allowing them to focus on analyzing real threats, which has led to fewer incidents.

For one of my clients, a major bank in Turkey, they reported saving approximately 30 percent of their SOC time on analyzing emails since implementing MetaDefender.

MetaScan multi-scanning feature is excellent because it provides multiple vendors for scanning. If one vendor fails, the others remain operational, ensuring continued protection.

Assessing the effectiveness of Deep Content Disarm and Reconstruction in reconstructing files safely and without signatures reveals it to be effective, as clients receive identical documents without changes other than the removal of malicious code.

MetaDefender's file-based vulnerability assessment analyzes binaries and installers for known vulnerabilities before they enter a network, providing a proactive defense that is highly valuable for our customers.

While MetaDefender's mail gateway already gives fewer false positives, there is still room for improvement in reducing those even further.

Additionally, MetaDefender could benefit from a better graphical user interface for administrators, making it more usable, although this is not an urgent need but an area for potential improvement.

I have been using MetaDefender for three years.

It was a fresh sell to our customers for MetaDefender, and I evaluated other options before choosing MetaDefender.

I have not seen a direct return on investment, but clients have noted that the product saves time and may reduce the need for fewer employees since the SOC team focuses on critical incidents as MetaDefender handles current analyses efficiently.

Pricing, setup costs, and licensing are handled by my sales team, but feedback indicates that our pricing is better than other vendor solutions.

I can specify that my clients considered other options before choosing MetaDefender.

I do not have anything else to add about how my clients use MetaDefender. My review rating for MetaDefender is ten out of ten.

MetaDefender is used in one of our client environments where every file upload to their web portal goes through the scanning process. It scans using multiple engines and applies CDR before allowing the file into the system. This has helped us stop suspicious documents even before users interface with them.

With the increase in phishing and document-based attacks recently, this kind of file sanitization layer has become very important for us.

MetaDefender offers some of the best features such as multiple engine malware scanning, content disarm and reconstruction (CDR), deep file inspection, and strong API-based integrations. Deep file inspection is the feature I find myself using the most, as it helps in my workflow significantly. The multi-engine approach gives more confidence compared to relying on a single antivirus engine, especially for zero-day threats.

MetaDefender's effectiveness in blocking or sanitizing content based on policy is very strong. A combination of multi-engine scanning and CDR makes a big difference. It does not just rely on a signature; it enforces policy at the file level. Policies like blocking files with high-risk indicators, sanitizing documents with embedded macros, and allowing only clean files into the environment show its strengths. MetaDefender is very effective in sanitizing files without breaking usability. The integration of multi-scanning and Content Disarm and Reconstruction affects our data security operations. MetaDefender plays a very important role in today's threat landscape, which heavily uses documents and file-based payloads.

The UI can be more user-friendly, and initial steps and policy tuning take some time. Reporting can be improved as extracting detailed insights for management reports takes extra effort.

I have been using MetaDefender for 1.5 to 2 years.

MetaDefender is stable. We have not faced major downtime.

MetaDefender's scalability is excellent, as it handles larger volumes of file scanning without major issues.

Support for MetaDefender is very responsive, though sometimes complex issues take time to resolve.

We evaluated sandbox-based solutions and some email security tools, but MetaDefender's CDR approach was more practical.

MetaDefender has positively impacted my organization by reducing the risk of file-based attacks, which has significantly improved our overall defense against phishing and malware delivery techniques. We have seen around a 40% drop in malicious file incidents, and our SOC team is spending less time on manual file analysis now.

MetaDefender is a very time-saving and effort-saving tool. I advise others looking into using MetaDefender to understand their file flow properly before deployment. If integrated correctly, it becomes a very strong layer against modern file-based attacks.

Threats in a file are cleaned before they reach the core, creating a silent shield in place. The SOC workload has reduced because fewer suspicious files reach analysis, and users do not complain much since files still open normally after sanitization. I would rate this review an 8.

Our use case is for threat protection.

I appreciate the unique features of MetaDefender since it uses multiple scanning in a single engine. The scanning capability, which combines different antivirus and scanning engines integrated into a single engine by OPSWAT, is particularly valuable.

The integration of multi-scanning and Content Disarm and Reconstruction is truly helpful because we can utilize it in other products such as email integration with ICAP capability, and we are also using it in web scanning. The integration is flexible and perfect for our needs.

We are not yet using the expanded file type and archive coverage feature.

Enhanced reporting and audit capabilities are not fully utilized. We use only the simple reporting features, such as viewing viruses that were scanned and found, and how they were removed and disinfected.

At this time, I cannot determine specific areas where MetaDefender should improve because it is already nearly perfect.

We have been using this solution for two years.

I can rate the stability at 10.

One hundred users use the solution.

The technical support can be rated at 9.5 from one to 10, with 10 being the best.

Comparing MetaDefender with other antivirus vendors, it is not comparable because of the unique features of using multiple scanning, which I cannot see in other products.

The engine requires constant updates for analysis purposes, which is why we need to maintain it regularly.

The detection rate of MetaDefender is 99.99 percent. It is truly effective because although we are not relying on signatures for scanning, we rely on the behavior of threats, and they are perfectly removed or we are perfectly protected from that scanning. Even though it is not signature-based and scans based on threat behavior, that approach is effective.

We are using adaptive sandbox analysis. Using sandbox analysis helps describe the impact on analyzing any suspicious files and extends the capabilities for how to disinfect or detect threats. It helps us detect zero-day attack threats, so we are protected from that.

The effectiveness of the solution in blocking or sanitizing any content based on our policies is excellent.

I would recommend this product to other users. It should be integrated with AI for enhancement. I would rate this review at 10.

MetaDefender serves as a file security gateway that scans, cleans, and sanitizes files before they are allowed on the network, which stops malware, ransomware, zero-day attacks, and any kind of malicious files from entering the network.

For one of our partners, we were dealing with a large financial services business handling mortgage applications. When files were scanned into the network, every single file that was sent was then scanned by the multi-scanner, and if any contained even a slight amount of malware, we performed deep CDR file sanitization that removed everything that could be malicious and rebuilt the file.

The main use cases that we tend to see are all the antivirus engines as part of the multi-scan, and the second use case that is emerging frequently is file sanitization, also known as deep CDR.

In my experience, the best features MetaDefender offers include the number of different antivirus engines that can scan files through multi-file scanning, often using 20 to 30 engines, with the top premium package around 33 engines, capturing 80 to 90% of malware in all those files. If any engine detects malware, the file is blocked, which increases detection because different engines catch different malware.

When dealing with central government and defense, we find that if there is any kind of malware on the network or the file, whether that is a software file, hard disk file, or a pen drive, it cannot be allowed on the network. This is when we put it into the sandbox and perform file sanitization to ensure that nothing malicious comes into the network.

Whenever we are dealing with central government or defense contracts, MetaDefender's core philosophy of trusting no file means it scans files, rebuilds them, and verifies their reputation, ensuring they contain no malicious content. This positively impacts our organization by detecting malware and stopping any kind of data leaks through the network.

In terms of measurable outcomes across central government and defense, we are seeing saved time when files go through the antivirus file scanners. In financial services, such as with mortgage applications, the process sends files straight into MetaDefender file scanning that cleans out any malicious content.

I don't think there are many feature improvements needed; it's a great solution. The main thing is just the pricing because it's such a top-end enterprise product. For smaller partners with a customer base that isn't as affluent, the price can be a barrier, making it more of a 'nice-to-have' for their budgets compared to cheaper competitors.

I've been using MetaDefender for just under 18 months.

MetaDefender is 100% stable, making it one of the best cybersecurity solutions we offer, which provides confidence in promoting and recommending it to others.

MetaDefender's scalability is considerable. We handle vast amounts of traffic from banking, defense, and critical national infrastructure, ensuring that even one malicious file does not enter our networks.

Customer support from Opswat is commendable. Their customer service team, distribution team, and regional sales managers provide excellent aftercare and set us up for upselling across the entire MetaDefender portfolio.

From a partner's perspective, the channel team and customer service have delivered strong support. I would rate it a nine because I have not interacted with customer support directly, though the support provided has been strong.

We have not used a different solution. We focus on best-in-breed vendors, with Opswat being our chosen solution due to its effectiveness in the market.

I believe we see a return on investment through time savings and reduced need for unnecessary personnel. Having both cloud and on-premise solutions enables effective file sanitization and vulnerability detection while preventing attacks that save costs and protect reputation.

Regarding pricing, setup cost, and licensing, I find the pricing for kiosks, cloud, deep CDR, and adaptive sandbox appropriate. We are seeking more service partners for Opswat's professional services to ensure smooth implementation.

Before choosing MetaDefender, we considered alternatives such as Reversing Labs but found their offerings to be inferior, especially for our defense and central government contracts, where Opswat stands out as far superior.

To achieve a perfect score of 10, MetaDefender would need to cater to every partner's ability to sell. While the price is a consideration, the benefits of scanning, removing, detecting, and sandboxing outweigh it significantly.

I advise those considering MetaDefender to reach out to reseller partners for guidance on file sanitization and to explore setting up a proof of concept to see the value MetaDefender brings, with demos available directly on their website.

My overall rating for this solution is 9.

I deploy it in different environments and manage a team of professional services that deploy MetaDefender products in customer environments. I talk with customers and am aware of use cases where new or additional needs arose after MetaDefender deployment. For example, customers needed to transfer files between source and destination using MetaDefender. I know that MetaDefender File Transfer Protocol, or MFT, is now supported, but in the past, it was not. There are products that have been developed from customer needs, such as products that can transfer files from source to destination with integration to MetaDefender.

The detection rate of the MetaScan multi-scanning feature is very high. When discussing Linux with five engines or ten engines, it can detect most of the viruses that are tested. I have seen very few instances where customers reported a virus that was not blocked after a PT scan. When we verify these cases, we confirm they occurred. Of course, every engine has its own detection rate, and you cannot achieve 100 percent detection. When using MetaDefender especially on Windows, the detection rate is very high, and it increases as you use more engines. Most customers I see using eight or twelve engines on Windows have good results with both configurations. When customers use a large number of engines, such as twenty engines with integration to external scanners, the results look almost perfect because in cyber security, there is no 100 percent, but it is close to that.

The effectiveness of Deep CDR in reconstructing files safely and without signatures is very effective. When people configure Deep CDR correctly, it performs as it should. Sometimes some files are negatively affected by CDR. If I must be specific about what could be helpful, it would be to create a policy or workflow in OPSWAT terminology that handles cases when CDR cannot be performed or harms the file. I am not certain if the system can check whether CDR has harmed a file, but I know of use cases where CDR was disabled because it made files unable to open or unable to open properly. I believe this is very effective and is the most effective engine of OPSWAT because customers ask for OPSWAT for two main reasons: the CDR capabilities and the multi-scanning engines.

Some feedback indicated that it takes too much time to configure certain policies because there are many options. Some people appreciate this because you can configure anything, but I believe MetaDefender should have a wizard or general policies that can be used for 80 percent of customers.

I use the expanded file type and archive coverage feature sometimes, especially for customers who try to scan large archives with the deep scan capabilities of OPSWAT and Deep CDR. This provides full protection because it scans every single file, but sometimes it takes too long. When discussing CAB files or archives for patching or server updates and BIOS updates and operating system updates, the scanning process takes too long, and it was difficult for customers who sometimes decided not to scan because the scanning time was excessive.

I use the reporting and audit visibility features. Some capabilities are lacking in reporting because we do not have full statistics that are easy for users to understand. If something requires checking and then referring to documentation to understand it, that is too much for most users. When looking at one of the statistics, you can see how many files have been scanned and then you see a number out of 500 or a different number if you change it. It is not a number of files or scan processes; it is a number of files inside a file. When you scan a PowerPoint presentation file, for example, it counts as forty different files because of all the sub-files. I understand from customers that when they look at the visualization data or statistics, they do not understand what is happening there.

Most customers I see do not use the file-based vulnerability assessment feature. It has some good results about vulnerabilities, but I am not certain if it is that helpful because many organizations, when they deploy a file and see that there are vulnerabilities, still deploy it because it is part of the code. It can produce results, but those results do not cause any action. Many products have something more advanced than vulnerabilities and static scoring. They have tools that can inform you about a vulnerability, whether the vulnerability is exploitable, if it is weaponized, and if someone can use this vulnerability in your environment. The file-based vulnerability feature works, but for most people, they do not take any action based on the results or block files because of file-based vulnerabilities.

I have used MetaDefender for one and a half years.

The stability of the system is very high. I have not experienced crashes or downloads when the server is rebooted, and the server runs well after rebooting. I have not seen errors frequently. I recall one problem with MetaDefender email where there was an unusual issue with some connections remaining open, but I found this kind of problem only once. Most of the time, it is very stable, and you can rely on MetaDefender Core and also email. The stability problems with OPSWAT occurred when they attempted to migrate one product, such as the email product, to a SaaS service; it was not stable in that environment.

MetaDefender is very scalable. From what I understand, when you use one database for all instances, you can deploy ten different servers or ten different instances with a separate database for each one. You cannot check the status of scans in each one; you have to check each specific instance. When discussing a shared database, it is scalable, but the performance is harmed. I do not know the specific impact, but it is just a feeling I have.

I have contacted the technical support of OPSWAT. The quality of answers from support has been very good most of the time. It can be useful when contacting support to mention what needs to be collected and what needs to be sent before opening the ticket. For example, if discussing an issue, support will probably ask for specific logs. This can save time because many vendors, when they check something and ask for logs, need those logs from the beginning. If you open a ticket and the answer is to proceed, and the answer after one day is that specific logs are needed, it is better to know that from the beginning.

The deployment of MetaDefender on Windows and Linux machines is very easy and quick. When discussing deployment of containers or deployment in Kubernetes environments, it sometimes takes too long. The deployment of the sandbox product takes too long. The deployment of MetaDefender email security, core, and MetaDefender kiosk has very easy and quick deployment.

One person can deploy MetaDefender. It is one of the products that can be managed by one person and managed easily, including the deployment.

The pricing of MetaDefender is about hundreds of dollars. If I remember correctly, when someone attempted to buy from us one instance of OPSWAT, it was about nine thousand dollars for multi-scanning with eight engines and also the CDR module. The pricing is good, but when you add additional engines, this is what causes most people not to use additional features. Every additional engine, not about scanning engines but other engines such as file-based vulnerabilities and so forth, requires another license. If customers could buy in one price the basic package, which includes CDR and multi-scanning, in one price, many people would prefer to do it. However, when it is necessary to pay for every single engine or single feature, I believe most customers do not want to use it for that reason.

I have used alternatives to MetaDefender, but not as an administrator, only as a user. I used some kiosk products similar to MetaDefender kiosk. There is an alternative called Sasa Software, I believe it is Sasa Scanner or Gateway Scanner. I used it, but the user interface is not as good as OPSWAT. The experience with this product is not as good as the experience with OPSWAT, and the time it took to scan some large files was very long. OPSWAT is the best alternative. I also see on customers' side another product called RESEC, and this product also was not a good experience. The user experience is not good enough in this field, and when users try to configure policies, it lacks features when compared to OPSWAT.

The sandbox helps in cases of suspicious files. However, the sandbox alert indicates suspicious activity for many different files. When we test some files that we download from vendors' official sites for server BIOS upgrades or firmware upgrades on servers, such as files from Dell or HPE, these files are also considered suspicious for many use cases. The sandbox is good only for specific areas. If discussing email, it can be good. However, if discussing large files, the sandbox can indicate suspicious activity in almost every executable file. This causes customers not to believe in the results. They say it is suspicious, but it is fine to them. Even if something is actually suspicious, it does not receive attention because of the many files that should be legitimate but are considered suspicious.

Perhaps the effectiveness of the sandbox and level of suspicious files can have two different levels. If asked how it can be better, a different score or different tag for suspicious files from known vendors and suspicious files from unknown vendors could help. Multiple levels of suspicious files, scores, or tags could be something that can be configured. For example, when using the sandbox to scan files that you download from the internet to different environments, such as air gap environments, and in this environment you manage IBM servers, if you scan the file and select that you are using it for IBM servers before scanning, it could be considered less suspicious. The system could also load a certificate of the file that you download and then determine whether it has a trusted certificate or a certificate that is probably good enough or probably not suspicious most of the time.

I am not certain if MetaDefender can do anything else. Perhaps if they want to improve vulnerability management, instead of managing static CVEs, they could have a different method involving CVEs but something else as well. For example, CVEs that can be harmful because they are exploitable could be differentiated. However, this is something that cannot be managed at the MetaDefender level because it is just about files on a perimeter and does not understand the deployment of the environment because it is not running in the real environment. I am not certain if there is a way to do this better.

There are some upgrades when MetaDefender has new features, so you have to upgrade. This is not about the upgrade of the engines that happen all the time if you have an internet connection or do it manually. The maintenance can take significant effort that causes most people not to upgrade and update it all the time. Considering offline users, offline environments, and environments with no internet, easier updates could be helpful. The upgrade of MetaDefender version, whether email or MetaDefender Core, is very quick. I would rate this review eight out of ten.

Our use case is pretty wide. We wanted to scan every file uploaded by our customers to our application. For example, our customers upload ID data files to the application, and our application contacts the Core server via API and scans the files. We have about 15 external-facing applications where a customer or agent can upload a data file.

We have also integrated some of our network devices with the ICAP server for the same purposes.

And we are scanning some files on our file shares.

We sleep well now because we are assured that the files that are coming into our organization are scanned.

I like the simplicity, the way it works out of the box. It's pretty easy to run and configure. The integration of the network devices with the ICAP server was easily done.

Also, we don't have many false positives. When a file really is malicious, it is blocked. There is a really low false-positive ratio.

It just works. We don't use it for extreme use cases, and we didn't want to make extreme modifications because it works. We like that we don't need to put too much effort into operating the server. We just installed it, did a little bit of configuration and customization, and it just works.

The documentation is not well written, and I often need to talk with support.

We have been using the OPSWAT Core and ICAP servers for about two years.

I haven't experienced any instability with MetaDefender. We are running it in high availability. We have two MetaDefender Cores, each one in a different data center, and there is a load balancer. We set it up with high availability in mind. We haven't experienced any problems. The stability is a 10 out of 10.

I believe it is scalable, but I don't know how much it can be scaled. I would rate this aspect a nine out of 10 because I'm not sure. My rating is based on what I have read in the documentation.

We are planning to integrate this solution to scan files that are not only uploaded by customers, but also by third-party companies we are working with.

The support is good, really responsive. They usually respond within two hours or less, and we fix issues in about two days.

There is a guy there named Vlad. He is a great technician who has helped me many times when I had trouble with licenses or questions on how to do something differently. The support is great.

We were using ESET. It was like a homemade solution from five or 10 years ago and really hard to operate.

The implementation was straightforward. MetaDefender is quite easy to use. Installing it is very simple. The basic concepts are easy to understand.

We spent about two weeks implementing and configuring this. We wrote custom libraries with some scripts, and that's all. And it has been running for two years so far. We enabled automatic updates and it just works.

We have it deployed fully on-prem because we have sensitive data. We have it in two separate data centers. One is in Warsaw and the second is in Krakow.

There is no maintenance involved.

I deployed it with a member of my platform team and a network administrator.

We don't treat this like an investment that will return something.

We bought a three-year license, and that was pretty expensive. We agreed that it was really worth buying. It could be cheaper, but we understand that quality comes at a price.

We bought three ICAP servers and three MetaDefender cores for three years, and that cost about 600,000 PLN (about $145,000). Support is included in the price, and the support is great. We didn't need any custom modifications or deployments.

It's not that MetaDefender has some super-unique features, because we also tested some other products. But its simplicity was the main factor in our choice of OPSWAT.

I would do a proof of concept because we are talking about cybersecurity. We ran tests for free for about three months. After our testing we were happy with the results.