System Requirements
Hardware Requirements
| Minimum | Recommended | |
|---|---|---|
| CPU | 4 cores | 16 cores |
| RAM | 8 GB | 32 GB |
Free Disk Space | Sufficient to temporarily hold at least double the size of the file you wish to process. For instance, to process a 1 TB file, ensure at least 2.1 TB of free space is available. Once processing is complete, the space will be restored. | |
| DB CPU | 4 Cores | 8 Cores |
| DB RAM | 8 GB | 16 GB |
| DB storage | Determined by log retention policies (default: 90 days). Unlikely to exceed 1 GB. Examples:
Note: files themselves are not stored in the database. |
Operation System Requirements
Operating Systems
- Microsoft Windows 11
- Microsoft Windows 10
- Microsoft Windows Server 2012 R2 / 2016 / 2019 / 2022
Bitness: 64-bit only
MetaDefender Managed File Transfer™ has been tested and works as expected on CIS-hardened images. This ensures compliance with the CIS standard for security and configuration
Support will be discontinued for the following Operating Systems in MetaDefender Managed File Transfer™ starting October 2025:
- Microsoft Windows Server 2012 R2
- Windows 10
- Windows Server 2016
Software Requirements
Minimum Supported Browsers
- Chrome 67 or later
- Microsoft Edge last two major version
- Safari last two major version
- Firefox 68 or later
Additional Installation of Third-Party Frameworks/Components
MetaDefender Managed File Transfer automatically installs the following frameworks/components which should not be removed:
For MetaDefender Managed File Transfer™ version 3.9.2 Microsoft Visual C++ 2015-2019 redistributable needs to be manually installed if:
- This is the first time MetaDefender Managed File Transfer™ is installed on the host machine
- and the operating system doesn't have it installed already. For example with Windows Server editions.
| Name | Details |
|---|---|
| .NET Framework | Microsoft .NET Framework 4.8, |
| Microsoft Visual C++ 2015-2019 redistributable | Microsoft Visual C++ Redistributable 2015-2019 |
| .NET Runtime | .NET 8 |
| ASP.NET Runtime | ASP.NET Runtime |
Database
Before installing MetaDefender Managed File Transfer, you must first set up a Microsoft SQL Server database. The table below lists the supported Microsoft SQL Server editions (including Express):
| Name | Editions | Supported |
|---|---|---|
| SQL Server 2016 | All | Yes |
| SQL Server 2017 | All | Yes |
| SQL Server 2019 | All | Yes |
| SQL Server 2022 | All | Yes |
An SQL Server local account must have the CREATE ANY DATABASE permission during installation and uninstallation, and db_owner permission during normal operation.
Windows Authentication (Integrated Security) is supported, and the service account should have "Logon as Service" rights.
Azure SQL Managed Instance can serve as the database for MetaDefender Managed File Transfer™. However, network speed and the physical distance between MetaDefender® MFT and the database instance can result in slower response times for MetaDefender® MFT
About SQL Server Express LocalDb
Starting from version 3.9.2:
- LocalDb can't be selected for a new installation
- SQL Server Express LocalDb is not bundled or installed by MetaDefender Managed File Transfer™ installer
- Existing deployments using LocalDb may upgrade to a newer version as long as the version being upgraded to supports LocalDb.
Microsoft SQL Server 2019 Express LocalDb is primarily designed for testing and development purposes and is not recommended for production environments.
Using this database in a production setting can result in data loss and significant performance issues, especially under high load.
For reliable and secure operation, we recommend using a more robust database solution. We strongly advise against deploying this backend in live production systems.
For information about how to migrate from Microsoft SQL Server 2019 Express LocalDB, refer to our documentation.
Web Server Configuration
MetaDefender Managed File Transfer uses NGINX as the embedded HTTP(S) and reverse proxy server. The web server is embedded in the application and is not shared with other processes running on the machine. After uninstalling MetaDefender Managed File Transfer, all NGINX processes will be stopped, and the program will be physically removed from the hard drive.
On startup, the web server will listen on the configured HTTP(S) port or on the default HTTP port (8010 if free) in case of a clean install.
From versions 1.3.7 onwards, REST API calls should be made to the Web UI port because TLS/SSL connections are no longer supported and the REST API service connection is thus unsecured. NGINX acts as a TLS/SSL termination proxy for the REST API service.
Port Usage
MetaDefender Managed File Transfer requires two free ports to run.
| Service name | Port | Firewall Rule |
|---|---|---|
| MetaDefender Managed File Transfer Web UI | 8010 | Needed |
| MetaDefender Managed File Transfer REST API | 8000 | Not needed; Internal usage only |
| MetaDefender Managed File Transfer Next | 8001 | Not needed; Internal usage only |
Whitelisting Requirements
- To access the user interface externally, open port 8010 (default).
- Whitelist any processes running from the MetaDefender Managed File Transfer install directory. Exclude the folder from any real-time protection.
- Exclude the file storage (permanent and temporary) or the installation folder from real-time protection.
- The service account should have "Logon as Service" rights to:
- Start, stop, and interact with services without requiring interactive logon privileges.
- Log on and run scheduled or automatically executed batch jobs.
- Connect to the database using Windows Authentication.
Recommended deployment setups
When planning where to install MetaDefender Managed File Transfer™ and the supporting SQL Server instance, consider the expected scale of your deployment:
Small environments
For small teams, lab, or testing environments it's acceptable to run a collocated SQL Server (for example SQL Server Express) on the same host or VM as MetaDefender Managed File Transfer™ . This keeps deployment and management simple and reduces resource needs.
Use this setup only when load is light and you understand the limitations of SQL Server Express.
Medium & Large production environments
For medium and large environments we strongly recommend running SQL Server on a separate VM or physical server with dedicated, fast (SSD) storage. The SQL Server workload for MetaDefender Managed File Transfer™ is often heavy on RAM and disk I/O; these two resources have the largest impact on real-world performance.
- Adding many CPU cores alone does not linearly improve SQL performance and can sometimes exacerbate contention (locks and context switching). Prioritize generous RAM and high I/O throughput (low latency, high IOPS) over simply increasing core counts.
- We recommend that an experienced database administrator be responsible for sizing, deploying, and maintaining the SQL Server instance used by MetaDefender Managed File Transfer™ . Common operational tasks include backups, statistics updates, monitoring for long-running queries, and tuning tempdb. In our experience, maintenance of the SQL Server instance can often prevent downtime, avoiding disruptions to production.
- Ensure an adequately sized, low-latency network link between the MetaDefender Managed File Transfer™ server and the SQL Server instance. Network latency and bandwidth between MetaDefender Managed File Transfer™, the database, and your clients directly affect end-user performance.
- Other OPSWAT products (for example, MetaDefender Core™ and its own database) should live on separate VMs or hosts. Collocating multiple product databases or services on the same host increases IO and memory contention and can mask the true source of performance issues.
Additional operational tips
- Monitor database metrics (memory utilization, disk queue length/latency, waits, and transaction log growth) and tune retention/cleanup settings to control growth.
- Use regular backups and test restores; ensure the service account used by MetaDefender Managed File Transfer™ has the required permissions and that SQL Server maintenance windows are coordinated with your MetaDefender Managed File Transfer™ support plan.
