Configure OPSWAT

OPSWAT (MetaDefender Core) provides advanced malware detection capabilities by scanning files with multiple anti-malware engines simultaneously. OPSWAT is disabled by default. As an administrator, you can enable and configure OPSWAT on the endpoint servers.

Note: You need to deploy the following OPSWAT app rules from Live services to log decoder for successful configuration of OPSWAT on endpoint servers:

  • opswat reported infected
  • opswat reported suspicious
  • process with opswat reported suspicious
  • process with opswat reported infected

IMPORTANT: Ensure that OPSWAT is configured in all endpoint servers and the configuration parameters are consistent across all endpoint servers.

To enable and configure OPSWAT:

  1. Go to (Admin) > Services.

  2. In the Services view, select the Endpoint Server service.

  3. Click netwitness_service_icon.png and select View > Config.

  4. Click the 3rd Party Scan tab.

  5. Select Enable OPSWAT Scan.

  6. Enter the URL.

  7. Click Save Configure.