Configuration and Settings

Why are Japanese TXT files detected as "application/octet-stream" instead of "text/plain"?

How to Connect a MetaDefender Core Container to the same instance in Shared Database Mode?

Can local AVs interrupt ongoing scans?

Can I create new workflows?

Can I control access to the RAM disk in MetaDefender Core v5?

Can I view configuration changes on the Core side (audit)?

How can I add a mail server to the Core deployment?

How do I prevent Symantec Endpoint Protection from interfering with the optimal functioning of MetaDefender Core?

How can I find a sanitized file scanned with MetaDefender Core v5?

What is the retry mechanism for MetaDefender Core connecting to the remote Postgres Database?

How to use MetaDefender Core V5 Blocklist/Allowlist feature?

How can I configure the maximum queue size in MetaDefender Core v5 ?

How do I remove an engine from my MetaDefender instance?

How can the Temp folder be changed?

How can I increase parallel count and Max queue size?

How can I change MetaDefender Core Deep CDR's timeout settings?

My scans keep failing due to an exceeded archive file number, how do I determine the number of files in an archive and then configure my process settings accordingly?

Why are password protected archives blocked and how do I unblock them?

How to disable WEB UI file scan without user authentication?

How To Allow Only Certain Files to be Scanned with MetaDefender Core?

How to generate an API key on the Core deployment?

How to Modify the Hostname of Your MetaDefender Core Server and Potential Impact?

What are the permissions on the shared folder for the temp directory?

How to implement a numerical escape function for HTML?

How to reset password for users?

How to Block/Allow Custom Extensions using RegEx?

How to migrate MetaDefender Core from PostgreSQL local to PostgreSQL remote?

How to change Core Web Management Interface Address Port?

Does MetaDefender Core store original files?

Why Japanese characters are not recognized or displayed correctly in archives?

How to install pre-built libgdiplus on RedHat 9?

Does Deep CDR support sanitizing split archives?

How to exclude OPSWAT folder from Anti-Virus Windows Defender?

Where are MetaDefender Core Install Directories and Registry?

Under what circumstances does the scan result not show the username?

How to send MetaDefender Core logs to NAS ( Network Attached Storage ) Path?

Why is a file blocked by Deep CDR or Proactive DLP but I can still download the sanitized version?

Does Deep CDR support Adobe Illustrator (AI) files in PostScript format?

How to add the source IP in scan details?

How do I integrate Jenkins with MetaDefender Core?

Can I apply a new license key before the current one expires?

How to automate backup configuration settings for MD Core? (API)

Why I can't push configuration due to password storage?

How do I install MetaDefender Core in Rocky Linux 9

How to properly configure Syslog Server for MetaDefender Core?

Why MetaDefender Core’s nginx ssl.conf changed to ssl.mdcore.conf?

How to configure SMTP server with authentication under MetaDefender Core to send notification to M365?

How to manage Disk Space Usage in pg_data\base directory in MetaDefender Core for Windows?

What storage type should I use on MetaDefender Core in K8S?

How do I setup Hot Swap Backup Configuration between MetaDefender Core instances?

Where are MetaDefender Core Install Directories and Advanced Configurations?

How to retrieve the CRL and OCSP URLs for the Server and ICA Certificates?

Is Import Password Mandatory When Using Ignition File for MetaDefender Core installation?

How does the recursion level work in MetaDefender Core?

How to Enable Debug Mode in a MetaDefender Core Kubernetes Deployment?

How to Select a Specific MetaDefender Core Instance in a PostgreSQL Database with Multiple Instances?

Can you import configuration settings from the latest version to the previous version of Core?

How to Local whitelist a file using AllowList?

What Is exiftool_win.exe and Why Is It Falsely Detected?

How to relocate installation folder in MetaDefender Core on Windows?

How to Set Up MetaDefender Core to Connect to Syslog via TLS?

How to Work with Role Restrictions in MetaDefender Core Workflows?

How Do I Setup Syslog connect to Splunk Cloud by using Universal Forwarder?

How do I customize the bundled PostgreSQL server configuration in MetaDefender Core?

How do I detect PUP/PUA as infected?

Errors and Troubleshooting

What can I do when MetaDefender Core (Windows) has an insufficient disk space error?

Why is MetaDefender Core unable to connect to the database?

What can I do if MetaDefender shows a high number of files that failed to scan?

What should I do if an engine is in "failed" or "permanently failed" status?

What are the engine clean-up instructions?

Why is the scan stuck in "processing" state on WebScan UI, when the Core Processing History shows that it is already finished?

Why have the ESET and Kaspersky scan engines failed to initialize on the hardened Linux OS?

Why has the Symantec custom engine failed to deploy?

What are common reasons for Deep CDR scan/sanitization failures and how do I fix them?

What do the various error messages mean in MetaDefender Core RestAPI?

Why are some modules not appearing in my MetaDefender Core inventory?

Why does my MetaDefender Core install fail?

Why do you sometimes see a discrepancy between the File Type and MIME Type information?

Why files are not sanitized?

Why am I receiving a “400” error for API file submission?

How to Mitigate Scan Failures in MetaDefender Core Triggered by Real-Time Protection Systems?

How to Resolve MetaDefender Core Service Start-up Failures on IPv6-Disabled Linux Systems?

How to Understand OPSWAT's Multiscanning AV Detection Differences Compared to Other Scanners?

How to Troubleshoot Inaccessible Management Console?

How do I fix module update error “Error parsing metadescriptor, message='Could not download metadescriptor'”?

Why does ClamAV show "permanently failed" after enabling the daemon log file?

How to troubleshoot HTTPS failure on MetaDefender Core?

How to Remove Engines from MetaDefender Core using command line?

How to enable debug logging for MetaDefender Core?

Why did the deployment of the Threat Intelligence Module Fail?

Why did the deployment of the Reputation Module Fail?

Why is MetaDefender Core not starting after moving or deleting the certificates from the initial location?

Why doesn’t CDR detect the JavaScript I appended to a PDF file?

Why Deep CDR is not Sanitizing Files Inside a ZIP?

Why does the “deleteafterimport” error appear when importing an MD Core configuration from standalone mode to shared database mode?

What is the meaning of action_ran and action_failed in JSON scan result?

Why can't I sanitize HEIC files?

Why Am I Getting "No Rows to Show" When Using a Proxy Without Authentication in Browser Settings?

How Does TLS 1.0/1.1 Deprecation Affect Compatibility Across OPSWAT Products?

Why can small file changes bypass the Antivirus detection?

How do I verify if MetaDefender products are sending out syslog messages to the syslog server?

How do I fix files being blocked due to unexpected "File type mismatch" verdict?

Why are MetaDefender Core engines permanently failed?

Why Does MetaDefender Core Fail to Connect to the Database After a System Restart?

What do you do if your engine fails to update?

What is causing my Scans to be slow on MetaDefender Core?

What do I do if my modules disappear from the Core UI?

Why Is Core Receiving HTTP 403 or Timeout Errors when downloading engine updates from OCM?

What do I do when licensed engines are not detected despite active licenses?

Why do I receive errors when I upload the Config file in MetaDefender Core?

How to access MetaDefender Core when SSO fails?

Why am I seeing error message "Validation failed" after saving Sandbox module settings?

What Are the Default Credentials for MetaDefender Core on Azure Marketplace VM?

Why does the MetaDefender Core service not start?

Why does Kiosk show "Invalid Core Setup"?

Why is my file rejected even though it appears to be under the configured size limit?

How Can I Solve a Database Indexing Issue?

Why Does MetaDefender Core Show a 'Calculate hash error' When Scanning Malicious Files?

Why MD Core is Not Reachable?

Why am I getting "invalid structure" or "archive corrupted" errors when extracting archives in Core?

Why are my script files being detected as ASCII TXT?

How to Resolve SSL/TLS Errors with MetaDefender Core Webhook Callbacks?

How to troubleshoot MetaDefender Core Service startup issues in Linux?

Why are MetaDefender Core configuration changes lost after pod restarts in Kubernetes?

Why is MetaDefender Core SSO failing when HTTPS is handled by an external NGINX proxy?

Features and Functionality

How to Use a RAMDISK for the tempdirectory?

Why does ClamAV seem to be slower than other engines?

What temporary folder do Custom Engines use ?

What PDF file annotations are Supported/Non-Supported by MetaDefender Core’s Deep CDR?

What does "Potentially Vulnerable File" result mean?

What CAB files are Supported/Non-Supported by MetaDefender’s Deep CDR?

What are the MetaDefender Core Security Policies and how do they work?

Is Metadefender Core compromised while scanning files?

What is the Queue Mechanism on Metadefender Core?

How does the Post Actions feature work?

How does the External Scanners feature work?

How do I generate and save a MetaDefender Core scan result summary in JSON format?

How and why are my image files altered during processing with Deep CDR and Proactive DLP?

Does MetaDefender Core v5 offer real-time antivirus protection on the system where it is installed?

Does MetaDefender Core v5 Detect the NotPetya Ransomware?

Are there any limitations to the MetaDefender Core scan engines?

Can MetaDefender Core block renamed files (such as renamed .exe files)?

How can I export the processing history from the Core console?

How to Utilize YARA Rules with MetaDefender Core?

What is the Design of MetaDefender Core and Its Protective Measures?

What does the items sanitized/removed count in Deep CDR sanitization report mean?

Why image sanitization doesn't report any object in details?

What are the requirements to process XDW/XBD/XCT files with CDR?

How do we utilize API uploads so the correct file type and sanitization occurs every time?

What are the differences between AVs in OPSWAT and the other services?

Does OPSWAT Use Security Checks on Our Code, Libraries, Credentials, etc?

How to access and analyze detailed scan results for an infected file?

Why MetaDefender Core blocks Sandbox Verdicts that are not marked to be blocked?

How to scan multiple files at once with MetaDefender Core

Is MetaDefender Core able to extract, detect and block malicious embedded macros?

Does OPSWAT provide a file dataset that can be used to evaluate MetaDefender Core's capabilities?

How would discontinuing Threat Intelligence affect customers?

How do I Validate FileType Digital Signature on MetaDefender Core?

How to add custom detection for a file type?

What can I do if MetaDefender Core shows a high number of files that failed to scan?

Why did the required password pop up when scanning an unencrypted file?

How to Test the Syslog Server functionality from MetaDefender Core?

When and how to use “PDF to Image Configuration” Deep CDR feature?

How do I send specific log entries to syslog integration?

How do I send the MetaDefender Core logs in Windows event log?

Does installing an antivirus impact a containerized deployment?

Why does the DeepCDR engine delete the content of the HTML file?

What is the Document Encryption Timeout setting and how does it work?

How do I manually clean up the MD Core engine's local folder?

How can I handle a high CPU load on my Core server

Does MetaDefender Core generate a file download link after all scan sessions?

Can Workflow Settings Be Updated Globally Across Multiple Workflows?

Does MetaDefender Core support Elliptic Curve (EC) Private Key and Certificate for enabling HTTPS?

How to manage false positives in MetaDefender Core?

How to handle split archive files?

How to check the Nginx version used in MetaDefender Core?

How to Sanitize Non-Compliant MDZIP Files?

How do I receive MD Core scan results using a static callback URL without specifying the URL in request headers?

What is the difference between the Archive Extraction Engine V.S. Metascan Antivirus engines extraction?

What is the Engine download verification process for Update Downloader?

Feedback and Support

How do I obtain a Trial License for MetaDefender Core?

How long is the support lifecycle for a specific version of MetaDefender Core?

How do I get a False Detection (False Positive or False Negative) corrected?

What is Included in the MetaDefender Core Support Package?

Licensing, Setup and Deployment

What dependencies does MetaDefender’s Deep CDR for Linux have?

What links, target-services or target host-IPs need to be allowed for Metadefender Core to function accurately?

How do I set up exclusions on my anti-malware software to prevent disruption of the MetaDefender Core scanning process, when my corporate policy does not allow it?

How do I deploy MetaDefender Core to an offline Windows environment?

How do I deploy MetaDefender Core to an offline Linux environment?

Does the Deployment ID change at any time?

How do I activate my offline deployment of MetaDefender Core?

How do I activate/deactivate a MetaDefender Core Deployment via API calls?

How do I update to a new license key on a Metadefender Core server?

What types of licenses are available for MetaDefender Core?

After license renewal does the product activation happen automatically (if the license key is the same)?

How to install .NET 8 Runtime dependencies on Linux Distributions?

How to connect LDAP via SSL on Linux

How to Backup and Restore standalone database for MetaDefender Core?

How to install msttcore-fonts on Linux systems?

How to upgrade Amazon Corretto JRE?

Can I activate the product license before the start date?

How to completely uninstall MetaDefender Core?

How to Trust MetaDefender Core’s Self-Signed Certificate When HTTPS Is Enabled?

How are MetaDefender Core AWS AMI images secured and updated?

How to handle high CPU load on MetaDefender Core server?

What will happen to the MD core after the license is expired?

What are the List of folders that should be removed after MetaDefender Core uninstallation on Linux?

What are the List of folders that should be removed after MetaDefender Core uninstallation on Windows?

Testing MetaDefender Core

Is there a virus test I could use to test MetaDefender Core engines?

How do I check if "noexec" flag exists on a Linux OS?

How can I run tests to see the different scan results on MetaDefender Core?

Updates, Patches and Bug Fixes

Are scan engine updates automatic?

What operating system patches should be applied to the system hosting MetaDefender Core?

How do I check the update status of MetaDefender Core’s licensed AV scan engines?

What is the frequency of signature/definition updates on MetaDefender Core?

Why does the Deep CDR engine keep failing to update?

What Happens After the Discontinuation of Kaspersky Support for Windows and Linux?

Does a CVE affect MetaDefender Core?

End-of-Life Support for CentOS 7 and RedHat 7 in MetaDefender Core and Engines

End of Life Support for Ubuntu 20.04 and Amazon Linux 2 in MetaDefender Core

Will MetaDefender Core Experience Downtime During Engine Updates?

How to Update Antivirus Engines in MetaDefender Core Manually?

Version Upgrades

Are MetaDefender Core v5 upgrades free?

Are MetaDefender Core version upgrades automatic?

How do I manually upgrade to the latest MetaDefender Core version?

What is the latest MetaDefender Core version?

How to upgrade an End-of-Life [EOL] MetaDefender Core?

Can I upgrade MetaDefender Core from an very old version such as version 4.x.x to the latest version 5.x.x?

Can I upgrade MetaDefender Core from a very old version directly to the latest available?

What is the impact of upgrading MetaDefender Core from version 5.12.0 to 5.13.3?

How do I detect PUP/PUA as infected?

This article applies to all MetaDefender Core releases deployed on Windows and Linux systems with the latest engine updates.

Description:

PUP stands for Potentially Unwanted Program

PUA stands for Potentially Unwanted Application

Software that isn't malicious by definition but could be, it is often:

Installed without clear user consent
Bundled with other software
Performs unwanted behavior (e.g., showing ads, tracking activity, slowing performance)

Common Examples:

Toolbars or browser hijackers (e.g., search engine changers)
Adware (injects ads or pop-ups)
System optimizers or registry cleaners (that fake "problems" to upsell)
Fake antivirus or driver updaters
Software that installs background processes without notice

How do I mark these detections as infected?

By default, PUP/PUA are labeled in their own category. MetaDefender Core separates unwanted detections into three categories: Suspicious, Infected, and PUP/PUA.

To place PUP/PUA into the infected category, please check the box below on the engine [not available for all engines].

Example:

Use case:

If you have a threshold built into the workflow to only mark a file as “Infected” if x or more engines find a malware signature, PUP/PUA will now be included in this detection threshold.

If Further Assistance is required, please proceed to log a support case or chatting with our support engineer.

Last updated on

Was this page helpful?

On This Page

How do I detect PUP/PUA as infected?Description:Common Examples:How do I mark these detections as infected?Use case: