Overview

Reputation Engine

Faster Remediation For False Detections

Reputation Engine matches file hashes against our global database of known good and bad files; and leverages advanced analyses to remediate false detections faster.

Benefits of the Reputation Engine:

  • Advanced threat detection - Identify uploaded files as Known Good, Known Bad by matching hashes against our database of known malicious or safe files. If the file is not yet part of our database, the engine will identify it as Unknown.
  • Minimized false positives/negatives - Leverage advanced analyses conducted by malware analysts and reverse engineering experts for faster verdicts on suspicious files.

Layered security powered by Reputation Engine

The Reputation Engine, while formidable in its own right, truly shines when incorporated into a comprehensive cybersecurity strategy that emphasizes defense-in-depth.

OPSWAT's MetaDefender platform is designed to safeguard file uploads with a multi-layered defense approach. It leverages a robust reputation engine alongside other complementary capabilities:

  1. Reputation Inspection: This feature draws upon a real-world database to assess the trustworthiness of files.
  2. Static File Analysis: Utilizing advanced algorithms, this component identifies potentially suspicious patterns and attributes within files.
  3. Dynamic Analysis with Adaptive Sandbox: By observing files in a controlled, isolated environment, this tool can monitor their behavior in real-time, providing valuable insights into potential threats.

By combining these elements, MetaDefender Core offers comprehensive protection that addresses multiple vectors of attack, ensuring a more resilient defense against cyber threats.

Mechanism of Reputation Engine

The Reputation Engine serves as the primary defense for file upload security by cross-referencing against a real-world database. When users submit their files to MetaDefender Core, it generates hashes and it assess the uploaded file against the Reputation Database, our engine rapidly categorizes hashes as "Known Good," "Known Bad," or "Unknown." This capability enables users to promptly decide whether to allow, block, or scan files with other detection engines based on their predefined security policies. This prevents threats from entering your environment.

In case of Known Good or Known Bad verdict, the user can choose whether it is the final verdict for the uploaded file or user chooses to run the other engines of MetaDefender Core.
Reputation Engine Mechanism

Reputation Engine Mechanism

Displaying engine results

Below you will be shown examples of how the three types of file reputation results are displayed inside MetaDefender Core

Known Good: The hash matches an entry of known good files in OPSWAT's the real world database.

Known Good result example

Known Good result example

Known Bad: The hash matches an entry of known malicious files in OPSWAT's real-world database.

Known Bad result example

Known Bad result example
Known Bad detailed result example

Known Bad detailed result example

Unknown: There aren't any matches on this hash in OPSWAT's real-world database.

Unknown result example

Unknown result example
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Licensing
On This Page
OverviewReputation EngineFaster Remediation For False DetectionsLayered security powered by Reputation EngineMechanism of Reputation EngineDisplaying engine results