MD Core Sandbox Engine Features
MetaDefender Sandbox technology is available as part of an integration with MD Core. The integration is available with two different engine types: embedded and remote sandbox engine (with full reporting). The embedded engine is deployed with MD Core, similar to other engines (CDR/DLP). The remote engine requires a side-by-side installation of the full standalone sandbox platform.
| Feature | Embedded Engine | Remote Engine |
|---|---|---|
| MetaDefender Core: Installation OS | Windows, Linux | Windows, Linux |
| MetaDefender Sandbox: Installation OS | Ubuntu (Linux) | |
| File parsers | Yes | Yes |
| Second-stage file downloads | No | Yes |
| File certificate validation | Yes | Yes |
| Image text analysis (OCR) | No | Yes |
| Microsoft Office file emulation | Yes | Yes |
| Powershell script emulation | No | Yes |
| URL emulation (ML based phishing detection) | No | Yes |
| Fuzzy hash lookup | Yes | Yes |
| Google safe browsing | No | Yes |
| OPSWAT reputation lookup | Yes | Yes |
| YARA pattern matching | Yes | Yes |
Note: for a full list of engine features of the MetaDefender Sandbox standalone product, then visit here.
Was this page helpful?