4.6. Selecting How to Handle Processed Files

The File Handling page is divided into two sections: actions to take on blocked files and actions to be taken on allowed files.
You can set different file handling options for each, including copying to either new media or a network path.


Sanitized file handling

If file sanitization has been configured on the MetaDefender Core, there are three selections for handling a sanitized file with the original media.

  • Do not copy the sanitized version to the original media (the default selection) Specifies that a sanitized file will not be copied to the original media and the original file will be left untouched.

  • Attempt to replace the original file with the sanitized version Specifies that the sanitized file will be copied to the original media and the original file will be deleted.

  • Copy the sanitized version to the media and keep the original version Specifies that the sanitized file will be copied to the original media and the original file will be left untouched.

For a copy-to destination or custom command line script set:

  • Copy\use the sanitized version (the default selection) If a sanitized version of a file exists, that will be copied to the destination, or utilized in the script, configured in favor of the original file.

  • Copy\use the sanitized version & original file If a sanitized version of a file exists, it will be copied to the destination or utilized in the script configured along with the original file.

Stop processing if a blocked file is found

Selecting this option will cause a Kiosk session to stop processing immediately after the first blocked file is found. Kiosk will alert the user that a blocked file was found and go directly to the session summary after the user has acknowledged the message.

Taking no action or removing files

To take no action on blocked or allowed files, select the No Action radio button.
To remove any non-sanitized blocked files, select the Remove file radio button and select an option from the drop-down menu:

  • Kiosk Quarantine: blocked file will be added to the Kiosk quarantine and removed from the original media

  • Core Quarantine: blocked file will be added to the Core quarantine (if configured on Core) and removed from the original media

  • Delete: blocked file will be removed from the original media

    • Prompt User for Confirmation: user will be prompted whether to delete all blocked files at the results screen

Copying Allowed files to Original Media

"Wipe and Copy To Original Media" is only available for Allowed Files and will copy only allowed files back to the original media after the original media has been formatted.

WARNING: This option will delete all files and perform a disk format on the original media before copying ONLY the allowed files back to the original media.

After selecting this option, you can then choose from the standard wipe options of Format, 1 pass, 3 pass, or 7 pass wipe. Please note that the 1, 3, and 7 pass wipe options will take significantly more time to complete.


Copying files to a designated location

Note: If a file has been sanitized by MetaDefender Core's Data Sanitization and Copy to is selected here, the sanitized file will be copied to the desired location, not the original file.

You can configure files to be copied to a designated location in the Copy to section.


The copy to directory uses AD user's credentials that is logged into the Kiosk session for copying privileges.
An Admin can enable utilizing the OS logged in user's credentials if the copy initially fails with the AD user credentials.

Prompt user before copying

By default, a user will have to initiate copying files from session results screen. If prompting is disabled, files will be copied automatically before the session results are displayed.

Folder structure

MetaDefender Kiosk will copy files to the location specified by one of the three naming conventions selected:

  • Directory named with the unique session ID: Copies files to a directory identified by the session ID.

  • Directory named with the session start time (GMT): Copies files to a directory identified by the session start time.

  • Keep the same folder structure as on original media (no subfolders): Copies files to the same directory as in the original media.

Allow user to select folder structure for copy to directory and user media

This allows users to select the folder structure (outlined above) before copying files.

Allow user to select copy option

This allows users to select which enabled copy option to run at the end of a session.
For example, if copying to a Directory and User Media is set, a user can choose to run both, neither or only one.
If multiple directories are configured, a user will be able to choose among the list of configured directories.


The Directory option allows you to specify locations for blocked or allowed files.
Files will be copied to all configured directories by default.
If Allow user to select copy option is enabled, then the user will select which directories will be utilized.
Path indicates the destination location files will be copied to.
Display Name indicates the value that is displayed on the UI to the user for selection .

The predefined ‘%%%username%%%’ variable can be used within the designated location in the Path field to allow MetaDefender Kiosk to copy files to a folder (e.g. ‘username’).
This is for the user logged into the session.

Responses to user questions can also be utilized in the Path field via the predefined '%%%userresponse#%%%' variable, where '#' is the number of the response to the corresponding user question.
For example, to utilize the answer to the question 2, the variable to use would be '%%%userresponse2%%%'.
If no response to the question was given or no such question exists for the user response to exist (e.g. %%%userresponse999%%%), then the variable will exist in the path created.

You can copy files to a remote server (i.e. network share) by providing a UNC path.
To allow for more restrictive permissions on a network share, a MetaDefender Kiosk workflow will need to be created containing users that have, at minimum, write permission to the network share.
When a user logs into a session, MetaDefender Kiosk will attempt to use the permissions of the user to copy files to the network share.

User media

You can also enable files to be copied to media that the Kiosk user provides.
Supported media are USB, CD/DVD (must be blank and non-finalized), and Floppy.
If you select the User media checkbox, the user will be prompted to insert media that the files are to be copied to.
By default, a floppy drive cannot be used as the destination media but this can be enabled by selecting the checkbox.

Note: EncryptDisc is not supported as destination media

If the option to wipe media before copying is selected, the destination media will be wiped using MetaDefender Kiosk's secure wipe technology.

Note: that this process may take a long time if the destination media is large or multiple pass wipes are configured.

Note: the following encrypted media types do not support secure wipe, Bitlocker, McAfee, EncryptDisc, and Flash Security


MetaDefender Vault Server

  • Vault Server: See 6. Configuring with Vault for instructions and more details

  • Select a Vault account option for file uploads: Choose a Vault account option in this section

  • Select how files will be uploaded to Vault: Choose a file upload option

  • File Chunk Upload Size: Size of chunks a file will be broken into for uploading to Vault

  • Synchronize with Data Diode: Alleviates any issues seen with uploading files through a data diode (note: this will increase overall upload time)

Vault account options for file uploads

  • Always upload to a Vault guest account A temporary guest login ID is created and displayed to the Kiosk user both on the scan results screen as well as in the digital and printed logs

  • Attempt to use user credentials if they are available Kiosk uploads files to the user account that matches the one used during authentication

  • Enter Vault user to upload files to Kiosk uploads files to the user account supplied (this can be useful when custom authentication users do not match users synced with Vault)

  • If upload authentication fails, files will be uploaded to a Vault guest account

Vault file upload options

  • Upload files and preserve directory structure Files are upload to Vault while maintaining the directory structure

  • Upload files, preserve directory structure and send scan results In addition to the previous option, files are uploaded along with their scan result obtained from Core. Vault will opt to use these results rather than rescanning the uploaded files.

  • Upload a zip archive containing the allowed files Files are packaged into one zip resulting in one file upload to Vault

Only Copy Sanitized Files

This option only exists for blocked files.
If enabled, only sanitized versions of blocked files will be copied to the destination.
Any blocked file that was not sanitized will not be copied.

SHA-256 Verification

If enabled, MetaDefender Kiosk compares the hash value of files on the target directory with the ones from the original directory.
Any mismatches are displayed and logged.
No retry of the copy is performed in the case of a hash value mismatch.

Delete after copy

Select this checkbox if you want MetaDefender Kiosk to delete the blocked or allowed file after copying it to the specified location.