Configuration Field Descriptions and Default Settings

The following table provides a brief description and default values for the Kiosk Configuration screen.

Basic Configuration

Configuration Setting

Description

Default Value

Range

Primary MetaDefender Server

URL of the primary MetaDefender server

(Blank)

 

API Key

The API Key of the primary MetaDefender server, if one is set

(Blank)

 

Server is a load balancer

Indicates that the primary server is a load balancer for MetaDefender
If checked, the API key is disabled

Unchecked

 

Periodically test Core servers every # hours

Periodic interval in which Kiosk will send an eicar to test the Core server detection.
An alert will be logged if no engines detect the eicar file.

1 hour

0 disables the periodic check
Min: 1 hour

 

 

 

 

Backup Server

Additional MetaDefender servers for the Kiosk to use if the primary is inaccessible (URL & API Key)

Empty

 

 

 

 

 

Vault Server

Vault servers to be used among different workflow profiles (URL & Admin api key)

Empty

 

 

 

 

 

Printer Setup

Select the color of the printing output: Black & White or Color

Black & White

 

Side margins

Left and right margin length

Recommended settings:
3 for zebra printer
200 for laser jet

3

0 or greater

Display the MetaDefender URL in the session printout

The URL of the MetaDefender server (Core or Vault) used for a session will be displayed on the printout

Disabled

 

Include page numbers

Include the page number on each printed page

Enabled

 

Custom introduction message

Add a special header message to the first page of the printout

Disabled

 

Custom logo

Add a logo image to the first page of the printout

Disabled

Recommended max image size of 400 x 400

 

 

 

 

Save session log file to local system

Enables a session text/PDF log to be created at the end of a session in a location on the system

Enabled

Logging directory: <kiosk install dir>\Client\Log

 

Save session log file to processed media

Enables a session text/PDF log to be created at the end of a session on the media processed

Disabled

If enabled, the log will be saved to the root of the media

 

Save as Text File / Save as PDF

Specifies whether the session log file will be a text or PDF file

Text file

 

Display the MetaDefender URL in the session log

The URL of the MetaDefender server (Core or Vault) used for a session will be displayed in the log file

Disabled

 

 

 

 

 

Wipe Method

Specifies which wipe options to display to the user

Format
1 pass wipe
3 pass wipe
7 pass wipe

All wipe methods shown

0,1,3,7 pass wipe

 

 

 

 

Exit Password

Require password when terminating the Kiosk UI (ALT + F4)

Disabled

 

 

 

 

 

Watchdog

Custom action watchdog that will run when the Kiosk UI is unexpectedly terminated

Do nothing
Restart MetaDefender Kiosk
Log out of Windows
Lock Windows
Restart Windows

Restart Windows

 

 

 

 

 

Export Session History

Enables auto export of session history (in CSV)

Disabled

 

Export File History

Enables auto export of files history (in CSV)

Disabled

 

Frequency

Interval between history exports

1 hour

Min: 1 hour
Max: 365 Days

Export Path

Directory where the history will be exported to

(Blank - <kiosk install dir>\Client\Log)

 

 

 

 

 

User authentication

Requires users to provide login credentials when starting a Kiosk session

Enabled

 

None

No AD server used for logging in users

Disabled

 

Windows user login

Enables users to log in against the same domain the system is on and the local system

Enabled

 

  • Restrict to domain users

Only allow users to enter authentication information for the domain; local system users denied

Disabled

 

Remote Active Directory

Enables the use of authenticating to remote AD servers

Disabled

 

  • Server address

The url of the AD server

(Blank)

 

  • Username

Username to connect to the AD server

(Blank)

 

  • Password

Password to connect to the AD server

(Blank)

 

  • SSL

Enables the use of SSL communication

Disabled

If a port is not specified in the server address, the default port used is:
Enabled: 636
Disabled: 389

Default login

Enables authenticated users not assigned to any workflow to use Kiosk

Enabled

 

Guest login

Enables users with no authentication credentials to use Kiosk

Enabled

 

Custom Authentication

Enables using your custom authentication module for verifying a user's log in

Disabled

(Hidden until authenticationModule.dll exists in <install dir>\Client\Authentication)

 

  • Use Kiosk UI to obtain login credentials

Kiosk username prompt will be used instead of requiring the custom auth module to display a UI to obtain user information

Disabled

 

  • Prompt for a password

Kiosk password prompt will be used

Disabled

 

 

 

 

 

Enable (image media)

Enables an image of the inserted media to be taken with the FTK Imager configured

Disabled

 

FTK Imager Path

The full path to the FTK Imager executable that handles imaging the media (ftkimager.exe)

(Blank)

 

Image Type

The image type FTK will output

RAW/DD

 

Fragment Size

The size of chunks the image will be separated into

1 GB

0 disables fragmenting the image
Min: 1
Max: 1024
(Min\Max per unit: KB - TB)

Compression Level

The compression applied to the image

0

Min: 0 (no compression)
Max: 9 (best compression)

Encrypt with password

Enables the image to be encrypted with a password.
The password is the name of the user logged in to the session and the id of the session: "<username><sessionID>"

Disabled

 

Encryption certificate path

The full path to a X.509 certificate to encrypt the image with.

Supported certificate formats:

  • PKCS#12 / PFX (*.p12, *.pfx)

  • PEM (*.pem)

  • Stand-alone public key only (*.cer, *.crt, *.der)

(Blank)

 

Vault Server

Vault entry to upload the image to

(Blank)

 

Directory

Directory to upload the image to

(Blank)

 

Advanced Configuration

Configuration Setting

Description

Default Value

Range

Max number of parallel scans

Maximum amount of concurrent process requests Kiosk will make to a MetaDefender server

20

0 or greater

Max number of retries when Metadefender Core is too busy

Maximum amount of retries that Kiosk will attempt on a file when the Core server notifies that it is too busy to handle new requests
Once the maximum amount of retries is reached for a file, the session will be canceled

0

0 for infinite

100 or greater

Boot sector processing

Allows processing of the first 512 bytes of an input media's partitions\disks.
When enabled, these boot sector files can be selected during browse or are automatically included when 'Process All' is selected.
Boot sector files cannot be included in file handling operations at the end of a session.

Enabled

 

Display warning for network errors

Display a warning to the user regarding network issues with the Core server while files are being processed

Enabled

 

Allow decryption of encrypted archives

Allows you to input passwords when encrypted archives are detected

Enabled

 

Allow user to skip entering a password for McAfee Encrypted USB

In the case that a McAfee encrypted drive is set to unlock via other means instead of a password, a user can skip entering a password

Disabled

 

Skip processing locked system files

Enables skipping of system files on media that Core cannot access and will typically result in a failed scan

Disabled

 

Continue processing media with inaccessible content

Action to take when media has deeply nested directories that Kiosk cannot access

Disabled

 

Mount and scan Virtual Hard Disks

Allow processing of the contents within an VHD\VHDX file

Disabled

 

  • Scan original Virtual Hard Disks

Enables sending the entire VHD\VHDX file to MetaDefender after all contents have been processed

Enabled

 

Mount and scan Virtual Machines

Allow processing of the contents within a VMDK file

Disabled

 

  • Scan original Virtual Machines

Enables sending the entire VMDK file to MetaDefender after all contents have been processed

Enabled

 

Mount and scan Acronis disk backups

Allow processing of the contents within an Acronis disk backup

Disabled

 

  • Scan original Acronis disk backups

Enables sending the entire Acronis disk backup to MetaDefender after all contents have been processed

Enabled

 

Acronis Executable Path

The full path to the Acronis executable that handles mounting the disk backup (acrocmd.exe)

(Blank)

 

Heuristic File Type Detection

Kiosk will heuristically group similar file type extensions for reporting

Disabled

 

 

 

 

 

User Interface Timeout

The time the Kiosk UI will wait for a session to begin before automatically switching back to the idle screen

5 minutes

60 seconds or greater

Display disclaimer screen

Display the disclaimer screen to a user when a new session is started

Enabled

 

Allow user to browse for files

Allow user to select files before processing media

Enabled

 

Allow user to process all files

Allow user to select to process the entire media

Enabled

 

Alert user if MetaDefender Core license is close to expiration

Alerts you on the Kiosk idle screen if the Core license is close to expiration

Disabled

 

Alert user if MetaDefender Kiosk license is close to expiration

Alert you on the Kiosk idle screen if the Kiosk license is close to expiration

Disabled

 

Reboot at end of session

Specifies if the system should reboot after a session completes

Disabled

 

Allow user to select languages

Allow user to select which language the Kiosk UI's text will be displayed as
If this setting is disabled, the default language selected will be locked in

Enabled

 

Available Keyboards

The keyboards allowed for users to select within the on-screen Kiosk keyboard

All keyboards enabled

 

Choose Language

The default language to be used for the UI

English

 

 

 

 

 

Multiple Partitions

Selects the method for processing files on partitions

Process files on all accessible partitions

 

 

 

 

 

Host

IP or DNS of SMTP server

127.0.0.1

 

Port

Port of the SMTP server

25

 

Enable SSL

Enable the use of SSL

Disabled

 

Username

Username to authenticate to the SMTP server

(Blank)

 

Password

Password to authenticate to the SMTP server

(Blank)

 

 

 

 

 

Boot Hardening - [Enable] [Disable]

Enables/Disables the process that causes the taskbar on the desktop not to load when Windows is logged in to run Kiosk, thereby disallowing any PC functionality until the Kiosk starts.

Disabled

 

 

 

 

 

Enable (pop up detection)

Enables Kiosk to detect any windows / pop ups open on the system

Disabled

 

Time Open Threshold

Threshold, in minutes, for a pop up to be open to trigger notification

5 minutes

Min: 1 minute
Max: 60 minutes

Notification Action

Action to be taken when a pop up exceeds the time open threshold

Display warning

 

Process Whitelist

Ignore pop ups from the processes listed

(Blank)

 

 

 

 

 

Enable (file integrity monitor)

Enables the File Integrity Monitor, which will shut Kiosk down if any unauthorized changes are made in the Kiosk install directory

Kiosk: disabled
Kiosk Secure Image: enabled

 

Server

File Integrity Monitor server location

Kiosk: (blank)
Kiosk Secure Image: localhost

 

Port

Port to connect to the File Integrity Monitor server

Kiosk: 0
Kiosk Secure Image: 3749

 

Username

User name to log into File Integrity Monitor server

Kiosk: (blank)
Kiosk Secure Image: admin

 

Password

Password to log into File Integrity Monitor server

Kiosk: (blank)
Kiosk Secure Image: (hashed value for default password)

 

 

 

 

 

Verify SSL Certificates

Enables verification of SSL certificates when connecting to MetaDefender via HTTPS

Enabled

 

 

 

 

 

Log Retention - Application Log

Specifies the length that Application Log entries will exist before being automatically deleted.

Never

Never - 12 months

Log Retention - Session History

Specifies the length that Session History entries will exist before being automatically deleted.
File history associated with the expired session history will also be deleted.

Never

Never - 12 months