4.5. Selecting a Server to Process Files

Using MetaDefender Core Server

MetaDefender Kiosk requires a MetaDefender Core server in order to use the multi-scanning functionality.
The MetaDefender Core server can be installed on the same system as MetaDefender Kiosk or on another machine.
The MetaDefender Core server used is configured in the Primary MetaDefender Server option on the Configuration settings page.

Workflow Rule

The Workflow Rule drop-down menu determines which MetaDefender Core workflow rule is used to process files from MetaDefender Kiosk.

There are two processing methods to utilize a MetaDefender server:

1. Files are only processed with the available MetaDefender server chosen at the start of a session

The default behavior is an available MetaDefender server will be selected at the beginning of a session.
Any errors encountered with the server will cause Kiosk to retry processing the file with the server.

Include Media Manifest

When used with MetaDefender Core version 4.8.0+, a media manifest can be added to media processed by MetaDefender Kiosk.
This setting enables the creation of a signed Media Manifest that contains the scan results for all files that were scanned as part of the session.
This manifest can be validated by other MetaDefender products.

2. Files are processed with any available MetaDefender server during a session

The second processing method allows Kiosk to choose any available server (Primary + Backups) during a session.
If any connection failure occurs during the session, Kiosk will re-attempt processing the file on the next available server.
With this method selected, the Media Manifest feature cannot be carried out.
When viewing files processed under this method in Core's history, they will be displayed individually rather than being grouped into a session entry.
All other features are allowed regardless of the processing method selected.

Copy & Go

Files to process are copied from the media to the system for processing later. Users are informed to remove their media when the copy has finished.
Once the session is finished, all processed files are removed from the system.
The system must have enough free space to accommodate all the files to process.

Use file results from media manifest if available

Kiosk can also validate files according to the Media Manifest file that exists on the media to be processed.
If a file is found on the media but not found within the manifest, it will be sent to MetaDefender for processing.
The certificate with which the manifest is signed by needs to be trusted on the system, else Kiosk cannot trust the manifest and will send files for processing.

Use existing process results if available

Kiosk can retrieve previously existing results for files by performing a hash lookup instead of uploading a file to MetaDefender for processing.
This cannot be used in conjunction with Media Manifest since the manifest always contains the latest results.

Do not process files larger than ## [MB/GB]

A maximum file size can be specified for files to be processed by MetaDefender, all files larger than this will still be processed by Kiosk without being processed by MetaDefender.
The files that are larger are treated as configured (allowed or blocked).


Using Vault Server

To reduce user time spent at the Kiosk, processing files can be offloaded to a Vault server connected to a MetaDefender Core.
Files will be uploaded directly from Kiosk to Vault, once uploading is done, the session will complete and the user may remove their media and proceed.
Meanwhile, Vault will send the uploaded files to MetaDefender to process and, based on the configuration, notify the user when the files are ready for retrieval.


  • Workflow Rule: Core workflow rule that Vault will use to process the uploaded files

  • Vault Server: See 6. Configuring with Vault for instructions and more details

  • Select a Vault account option for file uploads: Choose a Vault account option in this section

  • File Chunk Upload Size: Size of chunks a file will be broken into for uploading to Vault

  • Maximum File Upload Size: files exceeding the maximum size is not uploaded to Vault server

  • Maximum Number Of Upload Files: upload files until the upload count reaches the maximum

Vault account options for file uploads

  • Always upload to a Vault guest account A temporary guest login ID is created and displayed to the Kiosk user both on the scan results screen as well as in the digital and printed logs

  • Attempt to use user credentials if they are available Kiosk uploads files to the user account that matches the one used during authentication

  • Enter Vault user to upload files to Kiosk uploads files to the user account supplied (this can be useful when custom authentication users do not match users synced with Vault)

  • If upload authentication fails, files will be uploaded to a Vault guest account

Using no processing server

In the case of no scan requirements, the admin can choose neither MetaDefender nor Vault.
With this option, only file handling can be executed.
The hash calculation of files can be disabled to speed up the duration of the session.