4.6. Selecting How to Handle Processed Files

The File Handling page is divided into two sections: actions to take on blocked files and actions to be taken on allowed files.
You can set different file handling options for each, including copying to either new media or a network path.

images/download/attachments/33438723/blocked_files.png

Sanitized file handling

If file sanitization has been configured on the MetaDefender Core, there are three selections for handling a sanitized file with the original media.

  • Do not copy the sanitized version to the original media, the default selection, specifies that a sanitized file will not be copied to the original media and the original file will be left untouched.

  • Attempt to replace the original file with the sanitized version, specifies that the sanitized file will be copied to the original media and the original file will be deleted.

  • Copy the sanitized version to the media and keep the original version, specifies that the sanitized file will be copied to the original media and the original file will be left untouched.

For a copy-to destination set:

  • Copy the sanitized version, the default selection, if a sanitized version of a file exists, that will be copied to the destination configured in favor of the original file.

  • Copy the sanitized version & original file, if a sanitized version of a file exists, it will be copied to the destination configured along with the original file.

Stop processing if a blocked file is found

Selecting this option will cause a Kiosk session to stop processing immediately after the first blocked file is found. Kiosk will alert the user that a blocked file was found and go directly to the session summary after the user has acknowledged the message.

Taking no action or removing files

To take no action on blocked or allowed files, select the No Action radio button.
To remove any non-sanitized blocked files, select the Remove file radio button and select an option from the drop-down menu:

  • Kiosk Quarantine: blocked file will be added to the Kiosk quarantine and removed from the original media

  • Core Quarantine: blocked file will be added to the Core quarantine (if configured on Core) and removed from the original media

  • Delete: blocked file will be removed from the original media

Copying files to a designated location

Note: If a file has been sanitized by MetaDefender Core's Data Sanitization and Copy to is selected here, the sanitized file will be copied to the desired location, not the original file.

You can configure files to be copied to a designated location in the Copy to section.

images/download/attachments/33438723/Copy_to.png

Prompt user before copying

By default, a user will have to initiate copying files from session results screen. If prompting is disabled, files will be copied automatically before the session results are displayed.

Folder structure

MetaDefender Kiosk will copy files to the location specified by one of the three naming conventions selected:

  • Directory named with the unique session ID: Copies files to a directory identified by the session ID.

  • Directory named with the session start time (GMT): Copies files to a directory identified by the session start time.

  • Keep the same folder structure as on original media (no subfolders): Copies files to the same directory as in the original media.

Allow user to select folder structure for copy to directory and user media

This allows users to select the folder structure (outlined above) before copying files.

Allow user to select copy option

This allows users to select which enabled copy option to run at the end of a session.
For example, if copying to a Directory and User Media is set, a user can choose to run both, neither or only one.

Directory

The Directory field allows you to specify a specific location for blocked or allowed files.

The predefined ‘%%%username%%%’ variable can be used within the designated location in the Directory field to allow MetaDefender Kiosk to copy files to a folder (e.g. ‘username’). This is for the user logged into the session. When Windows authentication is not enabled, or guest login is used, the %%%username%%% variable is replaced by the session ID.

Responses to user questions can also be utilized in the Directory field via the predefined '%%%userresponse#%%%' variable, where '#' is the number of the response to the corresponding user question.
For example, to utilize the answer to the question 2, the variable to use would be '%%%userresponse2%%%'.
If no response to the question was given or no such question exists for the user response to exist (e.g. %%%userresponse999%%%), then the variable will exist in the path created.

You can copy files to a remote server(network share) by providing a UNC path. To allow for more restrictive permissions on a network share, a MetaDefender Kiosk profile will need to be created containing users that have, at minimum, write permission to the network share. When a user logs into a session, MetaDefender Kiosk will attempt to use the permissions of the user to copy files to the network share.

User media

You can also enable files to be copied to media that the Kiosk user provides.
Supported media are USB, CD/DVD (must be blank and non-finalized), and Floppy.
If you select the User media checkbox, the user will be prompted to insert media that the files are to be copied to.
By default, a floppy drive cannot be used as the destination media but this can be enabled by selecting the checkbox.

Note: EncryptDisc is not supported as destination media

If the option to wipe media before copying is selected, the destination media will be wiped using MetaDefender Kiosk's secure wipe technology.

Note: that this process may take a long time if the destination media is large or multiple pass wipes are configured.

Note: the following encrypted media types do not support secure wipe, Bitlocker, McAfee, EncryptDisc, and Flash Security

images/download/attachments/33438723/copy_to_user_media_setting.png

MetaDefender Vault Server

If you select the MetaDefender Vault Server checkbox, you must also enter the following information:

  • Vault Server: See 6. Configuring with Vault for instructions and more details

  • Select a Vault account option for file uploads: Choose a Vault account option in this section

  • Select how files will be uploaded to Vault: Choose a file upload option

  • File Chunk Upload Size: Size of chunks a file will be broken into for uploading to Vault

  • Synchronize with Data Diode: Alleviates any issues seen with uploading files through a data diode (note: this will increase overall upload time)

Vault account options for file uploads

  • Always upload to a Vault guest account , Kiosk creates and provides a temporary guest login ID to the Kiosk user both on the scan results screen as well as in the digital and printed logs

  • Attempt to use user credentials if they are available , Kiosk uploads files to the user account that matches the one used during authentication

  • If authentication fails, files will be uploaded to the Vault guest account

Vault file upload options

  • Upload files and preserve directory structure , files are uploaded to Vault while maintaining the directory structure

  • Upload files, preserve directory structure and send scan results , same as the previous option. In addition, files are uploaded along with their scan result obtained from Core. Vault will opt to use these results rather than rescanning the uploaded files.

  • Upload a zip archive containing the allowed files , files are packaged into one zip resulting in one file upload to Vault

Only Copy Sanitized Files

This option only exists for blocked files.
If enabled, only sanitized versions of blocked files will be copied to the destination.
Any blocked file that was not sanitized will not be copied.

SHA-256 Verification

If enabled, MetaDefender Kiosk compares the hash value of files on the target directory with the ones from the original directory.
Any mismatches are displayed and logged.
No retry of the copy is performed in the case of a hash value mismatch.

Delete after copy

Select this checkbox if you want MetaDefender Kiosk to delete the blocked or allowed file after copying it to the specified location.