1.1 System Requirements

Hardware Requirements





4 cores

16 cores


8 GB

32 GB

Free Disk

Based on storage requirements. Vault requires (temporarily) at least double the size of a file you wish to process.
For example, if you plan to process a 1 TB file at least 2.1 TB should be available temporarily in order to successfully process and encrypt the file. Once the file is processed disk space will be restored.

Software requirements

  • Operating Systems

    • Windows 10

    • Windows Server 2012 R2 / 2016 / 2019

  • Bitness: 64-bit only

  • Windows Installer 5.0 or higher

Minimum supported browsers

  • Chrome

  • Microsoft Edge 38 or later

  • Internet Explorer 11 or later

  • Safari 5.1 or later

  • Firefox 52.9.0 or later

Additional installation of 3rd party framework/components

The following frameworks/components are being automatically installed by MetaDefender Vault and should not be removed:



.NET Framework

Microsoft .NET Framework 4.8

Microsoft Visual C++ 2015-2019 redistributable

Microsoft Visual C++ Redistributable 2015-2019

Database installation

By default, MetaDefender Vault bundles Microsoft SQL Server 2019 Express LocalDB but the recommended deployment is to use an SQL Server from the table above:




SQL Server 2017



SQL Server 2019



Windows Authentication (Integrated Security) is not a supported authentication mechanism.
An SQL Server local account must be created with at least the following server roles (public, sysadmin).

Web server configuration

NGINX is used as our underlying HTTP(S) and reverse proxy server. The web server is embedded in the application and is not shared by other processes running on the machine. All NGINX processes will be stopped, and the program itself physically removed from the hard drive, following a successful uninstall of MetaDefender Vault.

On startup, the web server will begin listening on the previously configured HTTP(S) port or on the default HTTP port (8010 if free), in case of a clean install.

Following MetaDefender Vault version 1.3.7, REST API calls should be made to the Web UI port.
The reason is that the REST API service connection is no longer secured (TLS/SSL connections are no longer supported).
NGINX acts as a TLS/SSL termination proxy for the REST API service.

Port usage

MetaDefender Vault requires two free ports in order to run:

Service name


Firewall Rule

MetaDefender Vault Web UI



MetaDefender Vault REST API


Not needed;
Internal usage only

Whitelisting requirements

  • In order to be able to access the user interface from outside, the port 8010 (default) should be opened

  • Any process running out of the MetaDefender Vault install directory should be whitelisted. It is best to exclude the folder from any real-time protection

  • File storage (permanent and temporary) or the installation folder should be excluded from real-time protection