Post actions in MetaDefender core V4.8.0 and above


This sample script is provided for illustrative purpose only and is not guaranteed to be functional in a production environment.

MetaDefender core V4.8.0 has a new feature "Post Actions".

You can define a "Post Action" which is a command line executable or script that will be called after each scan is finished.

The documentation of this feature can be found here:

For this script to work properly, we need to call Powershell in the Post Actions screen of MetaDefender core:


You will need to specify the location from where Powershell is running in your system followed by:

  • ExecutionPolicy Bypass

  • -File TheNameAndPathOfYourScriptFile.ps1

We created a sample Powershell script that sorts the files according to their result. (Allowed/Blocked)

The script is called after the scan is finished.

It accepts as its input:

  1. The current scan results JSON from STDIN.

  2. The full path to the currently scanned file as the last argument on the command line.

And returns the following return values:

0 - Success
1 - Json Parse error - The script was unable to parse the expected JSON from STDIN
2 - Copy error - file copy to failed
3 - file path of currently scanned file is invalid
4 - the destination path of either allowed/blocked or both is invalid.

The script itself can be found and downloaded from the following link:


This article applies to MetaDefender Core v4 Windows
This article was last updated on 2018-03-26