Post actions in MetaDefender Core V4.8.0 and above


This sample script is provided for illustrative purposes only and is not guaranteed to be functional in a production environment.

MetaDefender Core V4.8.0 has a new feature "Post Actions".

You can define a "Post Action" which is a command-line executable or script that will be called after each scan is finished.

The documentation of this feature can be found here:

For this script to work properly, we need to call Powershell in the Post Actions screen of MetaDefender Core:


You will need to specify the location from where Powershell is running in your system followed by:

  • -ExecutionPolicy Bypass

  • -File <PathToYourScriptFile>

We created a sample Powershell script that sorts the files according to their results. (Allowed/Blocked)

The script is called after the scan is finished.

It accepts as its input:

  1. The current scan results JSON from STDIN.

  2. The full path to the currently scanned file as the last argument on the command line.

And returns the following return values:

0 - Success
1 - Json Parse error - The script was unable to parse the expected JSON from STDIN
2 - Copy error - file copy to failed
3 - file path of the currently scanned file is invalid
4 - the destination path of either allowed/blocked or both, are invalid.

The script itself can be found and downloaded from the following link:


This article applies to MetaDefender Core v4 Windows
This article was last updated on 2019-10-06