Is MetaAccess an antivirus? What does it scan exactly?

No, MetaAccess itself is not an antivirus engine in the typical sense. It is instead an antivirus detection tool, remediation tool, and second line of defense.

MetaAccess detects any of the thousands of possible anti-malware products that could be installed on an endpoint, and reports the following:

  • Installed product brand, name, version

  • Virus definition version and up-to-date status

  • Real-time protection status

  • Last scan date

In addition to detecting the antivirus installed, and details about it, MetaAccess can automatically remedy several of these conditions:

  • Attempt to enable real time protection if disabled

  • Attempt to update antimalware definition files if more than X days old


SECOND-LINE-OF-DEFENSE -- What does it scan?
MetaAccess is a unique and very effective second line of defense for catching advanced malware. This is done with two methods. Options for these are located in Policies > Policy_Name > Infections

1. Multi-scanning of Running Processes
What: Every 24 hours, MetaAccess will enumerate all running processes and linked libraries on the endpoint. It hashes and uploads them to for scanning with multiple anti-malware engines. If any hashes are not found, MetaAccess can subsequently upload the binary of the running process or DLL for scanning.

Why: No single anti-malware engine is perfect 100% of the time. Using multiple engines to scan for threats allows you to take advantage of the strengths of each individual engine and to guarantee the earliest possible detection.

When: If enabled, this scan occurs once every 24 hours.


2. Repeated Threat Detection
What: If a local antimalware is installed on the machine, MetaAccess will parse the logs from the antivirus engine and scan for threats showing up repeatedly within 7 days. When this situation occurs (a repeated threat), MetaAccess will flag the device as having a persistent infection. When available, MetaAccess will also report what action, if any, was taken by the local antimalware.

Why: This happens the local antimalware cannot completely clean the malware, or the device user is doing something to cause reinfection.

When: This is checked at every device reporting interval (configurable between 5 and 60 minutes).

This article was last updated on 2017-10-25