It exists only as long as the file is scanned. MetaDefender does not store your file.The file never resides or passes the Admin By Request cloud service in any form the file goes directly to MetaDefender.If the file is flagged, the execution is blocked. The upload time depends on the file size and bandwidth on the endpoint, but the scanning itself typically takes less than 10 seconds. What happens is that the actual file is sent to the MetaDefender cloud service for real-time scanning using all the engines listed above. If you use this setting, the splash screen on the endpoint will change to look like this after a few seconds and the user has to wait for a MetaDefender cloud file scan: If a checksum falls into the unknown 25%, you can opt to run a real-time cloud scan of the files. But the more common a file is, the more likely it is to be known. Statistically, about 75% of checksum of files are known. MetaDefender has about 10 billion records of scan results from checksums of files. This means there is no time penalty for your end user at all, no matter how many engines there may be in the future. This checksum lookup takes less than 0.1 second, because the file itself is not scanned – the checksum is simply looked up in a MetaDefender central database of current scan results across all their customers in the world. You will see an entry in the auditlog that the file was blocked, and which engine(s) flagged it. If the checksum of the file is known by MetaDefender and is flagged as malicious, the endpoint gets the message back to block the file and stop the process. This means you cannot rebuild the original file, but you get a world-unique identification of the file. A checksum is an industry-standard way to uniquely identify a file by making a hash of the binary content of the file. At this time, the file is not executed yet. This call includes the SHA256 checksum of the file the user intends to run. How is it possible that this can magically be done without any performance or time penalty for the end user? When a user attempts to run a file with administrative privileges using Run As Administrator, an API call is made from the endpoint to our backend servers. If we run the same scenario in an Admin Session running the same PST password recovery setup file, not only is it still blocked, but it also kills off the entire session right away, as shown in the video, and your email notification will notify you. This is transparent to the end user (no splash screen), simply because it so fast that the splash screen would just be a quick flicker. If you allow Admin Sessions for expert users, the malware checks are also performed, when users use Run As Administrator in the session. You can also set up an email notification to yourself in your portal settings, when malware is blocked. With this insurance in mind, it is not necessary to enable approval for every request from end users, unless you have other reasons to do so. Knowing that you are running the file against so many engines means that you can reasonably be assured that files your users run with administrative privileges are not malicious. Have a look at the video to see how shockingly fast (1 minute) it is to get malware. The file passed Windows Defender on the endpoint, but was luckily caught by MetaDefender. Your user tries to install a PST password recovery tool and luckily this is caught by Admin By Request. Your user forgot the password for an Outlook PST file and Googles a free tool for this one-time problem. Let’s take a realworld example shown in the video. Malware is often hidden in “too good to be true” freebies, such as free PDF generators, ISO tools or cleaner tools. This blog OPSWAT explains the integration in greater detail: The list of engines will increase over time as OPSWAT signs more vendors. nuclear power facilities and this technology is also integrated into Cisco products. OPSWAT is a front-runner in the cloud threat protection space and is used by 98% of U.S. You can read about the strategic partnership between Admin By Request and OPSWAT here. The ability to scan and detect malware is technically a transparent integration between the Admin By Request cloud service and our partner OPSWAT’s MetaDefender cloud service. If a program passes through all engines without any flags raised, you can reasonably assume that the file is not malicious and is safe to run. In many cases, malicious files will be caught by your endpoint anti-virus product, but as everyone knows – no single anti-virus product is perfect and if it doesn’t catch it, the result is disastrous. If a file is flagged as malicious, execution is blocked in real-time on the endpoint before it runs with administrative privileges and does the damage.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |