Anti-malware engines included in MetaDefender Core v4 do not install real-time protection agents. If you already have an anti-malware product installed on your system which may also be one of the anti-malware engines in your version of MetaDefender Core v4, it will interfere with the scanning process performed by MetaDefender Core v4. For this reason, it is recommended that you disable the real-time protection of your anti-malware product.
If your corporate policy does not allow you to disable your real-time anti-virus product, you will need to add some exception rules.
As part of your exception rule, you need to exclude the following from the real-time protection:
the OPSWAT installation folder which by default also includes the folder where MetaDefender Core is creating its temporary files
the ometascan, ometascan-node, engineprocess, engineprocess32 and nginx processes (note that some engines will need to run on different process instances (e.g.: ClamAv) that are managed by the engineprocess parent process )
If you do not add this exception or if you do not disable real-time protection, results returned by MetaDefender Core v4 for scanning will not be consistent and the return value of the scans would be one of the following:
Clean: If your existing anti-malware product was able to clean the threat
Failed (or other errors): If your existing anti-malware product removed the file before MetaDefender Core could scan it
If you are using Symantec Endpoint Protection as your local AV, please adjust the settings as instructed in this KB article.
If you need help on how to add an exception rule to exclude a given folder from scanning for an anti-malware product, please tell us what product you are using and we may be able to help you. Be sure to include the product version.
This article applies to MetaDefender Core v4
This article was last updated on 2020-07-16