1. Getting Started with MetaDefender Drive


Boot the device with MetaDefender Drive

  • Insert MetaDefender Drive into the device's USB port.

  • Power up the target device and enter the BIOS (Most devices require holding F-12 or similar key immediately on system boot to enter the BIOS).

  • Select the USB as the boot option, exit and save settings within the BIOS.

  • Alternatively some BIOS' allow for one-time boot from a selected drive, this may vary based on the target system you are trying to process

Accept Terms

images/download/attachments/1970803/Screenshot_from_2019-10-14_14-42-29.png wait for several seconds after a delay the MetaDefender Drive UI should prompt to "Skip Internet Connection" via pops up. Please click the skip button to proceed.

  • Upon first use the MetaDefender Drive will ask you to accept the terms of usage.

Configure the internet connection

  • With the wired connection, MetaDefender Drive detects internet connection and proceed to the next step automatically.

  • To connect WiFi, click the Network connection icon on the bottom-right, and select the WiFi network with which you would like to connect .

  • To start an offline analysis, you should continue to advanced past the Connect to CM and Update Engine dialogs and move directly to scanning you media.

Connect to CM


  • To connect MetaDefender Drive to OPSWAT Central Management (OCM) you must provide the IP address where OCM resides along with an API Key (Found in OCM under General Settings)

  • Once needed information is provided then clicking Connect should initiate the on-boarding

  • To continue with MetaDefender Drive unmanaged you must click the Continue Unmanaged button at the bottom of the dialog.



  • MetaDefender Drive will automatically update if an active internet connection is enabled

  • You may see a message "Require engines are initializing" at the bottom of the dialog. MetaDefender Drive requires a minimum subset of internal drives to function, you must wait for this to finish to perform even a minimal scan.

  • It is highly recommended that you update your engines regularly via an online connection or using Update Downloader for Offline Environment as described in 1.5 (Provide Link)

Disk Status & Remediation

images/download/attachments/1970803/2019-11-04-135307_1920x1200_scrot.png images/download/attachments/1970803/2019-11-04-135305_1920x1200_scrot.png images/download/attachments/1970803/2019-11-04-135316_1920x1200_scrot.png

  • MetaDefender Drive will auto detect each partition and file system on the target machine to be scanned

  • MetaDefender Drive will then attempt to determine if the Disk is encrypted, then determine if it already knows the decryption key as indicated in 1.6 (Provide Link)

  • If MetaDefender Drive cannot determine an encryption key it will allow the user to know its most-likely classification of the encryption system and provide steps to unlock that Drive based on encryption type.

    • Enter password

    • Enter Bitlocker recovery key

  • If MetaDefender Drive determines the drive is unencrypted then it will simply mount it and display it as Ready.

  • Finally, you must click Continue to move onto scanning the target system

Scan Selection

images/download/attachments/1970803/2019-11-04-135332_1920x1200_scrot.png images/download/attachments/1970803/2019-11-04-135420_1920x1200_scrot.png

  • The user can opt to scan all disks that are Ready for scanning by clicking Start under Full Device Processing

  • If you would like to select a specific subset of files to scan you can press the Select button under Custom Processing then select the appropriate files from the tree view shown.

Scan in Progress

images/download/attachments/1970803/React_App_002.png images/download/attachments/1970803/React_App_003.png

  • During this phase of processing the MetaDefender Drive is processing every file on the underlying system (assuming encryption keys have been provided, and no other access barriers are present). Each file is submitted to the underlying MetaDefender system to process with a variety of Antivirus, Vulnerability, and Utility engines

  • This stage can take several minutes to hours. ETA provided is a best guess based on previous rate of processing, and file size, this ETA may update as processing continues.

  • Once the scan has finished the user may click on View Report and see the scan results.


images/download/attachments/1970803/React_App_004.png images/download/attachments/1970803/React_App_005.png

  • MetaDefender Drive will provide a summary of any scan results, and any problems found during scanning.

  • Once processing has finished you will be instructed that a final report has been written and its location on the NTFS "MetaDefender Drive" partition under /reports

  • Persisting the report to the external partition is required to make sure data is not lost once the target system is powered off and MetaDefender Drive is removed

  • Alternatively, if you have configured the MetaDefender Drive to be managed under OPSWAT Central Management then you can press Sync All Reports to send all reports on MetaDefender Drive to OCM.

  • In OCM you can select and view all the reports this particular MetaDefender Drive has generated.