User Guide


MetaDefender Kiosk helps protect your network by enabling control over the flow of data into and out of your organization. It can be used as a media scanning station on your own hardware or on OPSWAT's custom-made kiosks. Typically, media such as USB devices, DVDs, card readers, SD cards, flash drives, or floppy disks, are scanned by MetaDefender Kiosk by inserting the media device into the appropriate drive. After the scan is complete, Kiosk generates a detailed report.

Data Diode Use Case

This user guide covers installing, configuring, upgrading, using, and troubleshooting MetaDefender Kiosk.

Key Features

  • Protection against zero-day attacks (MetaDefender Core integration)

  • Customized data security policies

  • Control over data flow

  • System restore

  • Active Directory authentication

  • Custom Authentication

  • Portable Media including floppy disks, SD cards, CDs, DVDs, encrypted USB and disc, and more

  • UI localization/internalization (comes with English, Arabic, Hebrew, Japanese, Korean and the ability to manually add any other language)

  • Securely wipe USB drives

  • Easier system hardening

User authentication

MetaDefender Kiosk has the following authentication features:

Peripheral media

MetaDefender Kiosk automatically detects multiple peripheral media insertions for the following media types:

  • USB devices*

  • CDs/DVDs/Blu-ray

  • Card readers

  • SD cards

  • Floppy disks

* Not all USB devices are currently supported. If you have a specific device you need supported, please contact OPSWAT support.

Encrypted USB devices

MetaDefender Kiosk can unlock encrypted USB devices with a given password. MetaDefender Kiosk supports the following encrypted USB devices:

  • Biocryptodisk-ISPX

  • Buffalo RUF2-HSCT and RUF3-HSL

  • IronKey S200

  • IronKey S1000

  • IronKey D250

  • IronKey D300

  • Kanguru Defender Elite 30

  • Kanguru Defender Elite 300

  • Kanguru 2000 and 3000

  • Kingston DataTraveler 2000

  • Kingston DataTraveler Vault Privacy

  • Kingston DataTraveler Vault Privacy 3.0

  • Kingston DataTraveler 4000 G2

  • Kingston DataTraveler 4000 G2 Managed

  • SanDisk Cruzer Enterprise FIPS Edition

  • SanDisk Cruzer Contour

  • U3 based USBs

  • EncryptDisc CDs/DVDs

  • Microsoft BitLocker: MetaDefender Kiosk supports BitLocker To Go using passwords. MetaDefender Kiosk does not support BitLocker encryption using key files, smart cards, or VHD (Virtual Hard Drive) BitLocker encryptions.

  • McAfee Complete Data Protection when McAfee File and Removable Media Protection client is installed

  • USB Flash Security

  • DataLocker Sentry 3 FIPS

Media handling

MetaDefender Kiosk's media handling features include the following:

  • Can process drives with multiple partitions

  • Can process full or partial media

  • Can wipe/format USB drives

  • Supports integration with MetaDefender Vault for accessing and downloading processed files

  • USB device soft eject

  • CD/DVD eject

Processing files

MetaDefender Kiosk uses MetaDefender Core to process files. MetaDefender Core has the following processing features:

  • Scanning with multiple anti-malware engines

  • Data sanitization

  • Application vulnerability detection

  • Heuristics for zero-day threats

  • Archive extraction

  • File type verification

  • Workflow engines

Processing session results

After processing media, MetaDefender Kiosk allows you to view detailed logs and print results.

Customizable interface

The MetaDefender Kiosk interface includes English, Arabic, Hebrew, Japanese, Korean, German, and Vietnamese translations and supports the addition of other languages.

System hardening

MetaDefender Kiosk comes with a variety of system hardening features for maximum security.

  • Disables autorun

  • Users can only exit by pressing ALT+F4 and, if Kiosk is configured to require a password to exit, entering the exit password

  • Blocks the ability to copy files to the system

  • Blocks the ability to execute files on the system

  • Runs automatically on system startup

  • Configurable file policy by file type

  • Select allowed/blocked and skipped files by file type and size

  • Select file extensions to be taken under consideration when a file type mismatch is performed