I assess the effectiveness of MetaDefender in blocking or sanitizing content based on policy as very good. It contains a lot of file types, and most of the file types are included, so that is acceptable. My impression of the detection rate provided by MetaScan multi-scanning is positive. I work mostly with the core, and my clients have not encountered false positives or those kinds of issues. I evaluate the effectiveness of Deep CDR in reconstructing files safely and without signatures as good. I measure if it is effective by processing a lot of files, verifying that the content I want to be removed is being removed, and confirming that the hash is different. To be honest, the file-based vulnerability assessment feature is more of a toggle option that we always enable, but we have not thoroughly tested it. I do see the effectiveness of this feature. I think the adaptive sandbox analysis of MetaDefender works well. We do not have many customers using it, but from the customers who are using it, it functions effectively. Some of my customers describe its impact on analyzing suspicious files as adding additional layers of security. The reviews were positive, and while it may slow the scanning time slightly, that is understandable. I rate this review an eight out of ten overall.
Senior Associate at a educational organization with 11-50 employees
Real User
Top 10
May 24, 2026
If anyone is using file transfers or wants to monitor their files and emails to scan attached files, MetaDefender is a useful tool where you can integrate your file transfer tool with MetaDefender, which is a plug-and-play solution supporting both cloud and on-prem involvement, making it very useful. I deducted those two points because there were a number of times where I was getting false positive results and it took time to scan files if the file size was greater than 1 GB. In multi-scanning engine, the best part is that it scans all the components of the file, removes the malicious content, and reconstructs the file, which is excellent. For sandbox analysis, there was another team working with it, so I was not using it actively. I was using audit visibility features, which helped me keep our systems error-free and bug-free. Whenever we found any file with malicious content, we reported it to the security team, they analyzed it further, and we informed relevant stakeholders who took further actions. I gave this review a rating of 8 out of 10.
Infrastructure Securiy & Cyber Engineer at a transportation company with 5,001-10,000 employees
Real User
Top 5
May 14, 2026
From the beginning, I worked with OPSWAT MetaDefender for other customers at my other job a few years ago. From the last year that we integrated OPSWAT in our company, I have not seen any improvements. It is still okay. It still does the job and makes a good assurance that the files that are coming are really whitelisted and content disarmed. It has not become worse, but it has not become better either. The percentage of accuracy is great. I do not miss anything, but I have not felt any improvement. The effectiveness of MetaDefender in blocking or sanitizing content based on policy is effective. I did not see any problems with the sanitation or something that should be blocked in the test. I did not have such issues. Before deployment, when looking for a safe path to upload files, you will definitely look for CDR solutions because it depends on the workflow that you are trying to achieve. If there are customers at the end that will upload the files, or some internal business logic that your partners inside the company will upload the files, it depends on what you are trying to achieve. If the files are coming from outside the company, of course, CDR will be the best solution because you would want to restrict the type of files, even the size of the files, and be very restrictive on that end because those files are from the outside, and this path is published outside and is external. When you are looking from the inside, when you are working with partners inside the company, such as different departments, you will not always use the CDR solution. The integration of multi-scanning and Content Disarm and Reconstruction affects my data security operations effectively. If you are trying to disable any active links or anything that could be malicious, OPSWAT did that. It blocks the file types that we are not willing to have inside the company or are not approved. Therefore, it helped us. My impression of the detection rates provided by MetaScan Multi-scanning is great. I have not seen a lot of malicious content on those files that we are scanning, but in the test, I had a pretty high assurance that MetaDefender would find the content that is not welcome at our application end. It is quite easy to research and understand what exactly happened. I describe the effectiveness of Deep CDR in reconstructing files safely and without signatures as very effective. That is why we chose a CDR platform for those specific workflows that our business wants to accomplish, and not any sandbox or EDR solution that will block the files because they are malicious or suspicious. The CDR still gives us the option to retrieve the file but without any malicious content inside. I do not think I am using Adaptive Sandbox analysis. My overall rating for this solution is eight out of ten.
I recommend MetaDefender to others because it is effective, has high stability, and is beneficial for environments. I have rated this review a ten out of ten.
To achieve a perfect score of 10, MetaDefender would need to cater to every partner's ability to sell. While the price is a consideration, the benefits of scanning, removing, detecting, and sandboxing outweigh it significantly. I advise those considering MetaDefender to reach out to reseller partners for guidance on file sanitization and to explore setting up a proof of concept to see the value MetaDefender brings, with demos available directly on their website. My overall rating for this solution is 9.
The sandbox helps in cases of suspicious files. However, the sandbox alert indicates suspicious activity for many different files. When we test some files that we download from vendors' official sites for server BIOS upgrades or firmware upgrades on servers, such as files from Dell or HPE, these files are also considered suspicious for many use cases. The sandbox is good only for specific areas. If discussing email, it can be good. However, if discussing large files, the sandbox can indicate suspicious activity in almost every executable file. This causes customers not to believe in the results. They say it is suspicious, but it is fine to them. Even if something is actually suspicious, it does not receive attention because of the many files that should be legitimate but are considered suspicious. Perhaps the effectiveness of the sandbox and level of suspicious files can have two different levels. If asked how it can be better, a different score or different tag for suspicious files from known vendors and suspicious files from unknown vendors could help. Multiple levels of suspicious files, scores, or tags could be something that can be configured. For example, when using the sandbox to scan files that you download from the internet to different environments, such as air gap environments, and in this environment you manage IBM servers, if you scan the file and select that you are using it for IBM servers before scanning, it could be considered less suspicious. The system could also load a certificate of the file that you download and then determine whether it has a trusted certificate or a certificate that is probably good enough or probably not suspicious most of the time. I am not certain if MetaDefender can do anything else. Perhaps if they want to improve vulnerability management, instead of managing static CVEs, they could have a different method involving CVEs but something else as well. For example, CVEs that can be harmful because they are exploitable could be differentiated. However, this is something that cannot be managed at the MetaDefender level because it is just about files on a perimeter and does not understand the deployment of the environment because it is not running in the real environment. I am not certain if there is a way to do this better. There are some upgrades when MetaDefender has new features, so you have to upgrade. This is not about the upgrade of the engines that happen all the time if you have an internet connection or do it manually. The maintenance can take significant effort that causes most people not to upgrade and update it all the time. Considering offline users, offline environments, and environments with no internet, easier updates could be helpful. The upgrade of MetaDefender version, whether email or MetaDefender Core, is very quick. I would rate this review eight out of ten.
Cyber Security Specialist at a insurance company with 1,001-5,000 employees
Real User
Nov 10, 2023
I would do a proof of concept because we are talking about cybersecurity. We ran tests for free for about three months. After our testing we were happy with the results.
Co Founder / CEO at a tech company with 11-50 employees
Real User
Apr 18, 2023
I give MetaDefender an eight out of ten. We do not utilize MetaDefender to detect attacks such as spam, blackmail scams, or malicious phishing attempts. While these types of attack prevention features are available with MetaDefender, we have not incorporated them as the feature is relatively new to the market, having been introduced within the last year. In this field, there are already major players such as Forcepoint, Trustpoint, and IronPort which are established brands that offer similar services. Therefore, we solely rely on email for data communication. Our customer base comprises several hundred clients. For average maintenance, two people are required. I recommend having a solution with Zero-day protection, but the add-on is not cheap. MetaDefender is a unique solution in the industry and I recommend it.
MetaDefender provides advanced multiscanning capabilities using 30+ anti-malware engines, ensuring high detection efficacy and robust prevention mechanisms.
MetaDefender's approach combines multiple security technologies like Metascan, Deep CDR, and adaptive sandboxing. These integrated solutions offer comprehensive protection against malware and vulnerabilities, catering to cloud, on-prem, and hybrid environments with enhanced performance and automation.
What are the key features of...
I assess the effectiveness of MetaDefender in blocking or sanitizing content based on policy as very good. It contains a lot of file types, and most of the file types are included, so that is acceptable. My impression of the detection rate provided by MetaScan multi-scanning is positive. I work mostly with the core, and my clients have not encountered false positives or those kinds of issues. I evaluate the effectiveness of Deep CDR in reconstructing files safely and without signatures as good. I measure if it is effective by processing a lot of files, verifying that the content I want to be removed is being removed, and confirming that the hash is different. To be honest, the file-based vulnerability assessment feature is more of a toggle option that we always enable, but we have not thoroughly tested it. I do see the effectiveness of this feature. I think the adaptive sandbox analysis of MetaDefender works well. We do not have many customers using it, but from the customers who are using it, it functions effectively. Some of my customers describe its impact on analyzing suspicious files as adding additional layers of security. The reviews were positive, and while it may slow the scanning time slightly, that is understandable. I rate this review an eight out of ten overall.
If anyone is using file transfers or wants to monitor their files and emails to scan attached files, MetaDefender is a useful tool where you can integrate your file transfer tool with MetaDefender, which is a plug-and-play solution supporting both cloud and on-prem involvement, making it very useful. I deducted those two points because there were a number of times where I was getting false positive results and it took time to scan files if the file size was greater than 1 GB. In multi-scanning engine, the best part is that it scans all the components of the file, removes the malicious content, and reconstructs the file, which is excellent. For sandbox analysis, there was another team working with it, so I was not using it actively. I was using audit visibility features, which helped me keep our systems error-free and bug-free. Whenever we found any file with malicious content, we reported it to the security team, they analyzed it further, and we informed relevant stakeholders who took further actions. I gave this review a rating of 8 out of 10.
From the beginning, I worked with OPSWAT MetaDefender for other customers at my other job a few years ago. From the last year that we integrated OPSWAT in our company, I have not seen any improvements. It is still okay. It still does the job and makes a good assurance that the files that are coming are really whitelisted and content disarmed. It has not become worse, but it has not become better either. The percentage of accuracy is great. I do not miss anything, but I have not felt any improvement. The effectiveness of MetaDefender in blocking or sanitizing content based on policy is effective. I did not see any problems with the sanitation or something that should be blocked in the test. I did not have such issues. Before deployment, when looking for a safe path to upload files, you will definitely look for CDR solutions because it depends on the workflow that you are trying to achieve. If there are customers at the end that will upload the files, or some internal business logic that your partners inside the company will upload the files, it depends on what you are trying to achieve. If the files are coming from outside the company, of course, CDR will be the best solution because you would want to restrict the type of files, even the size of the files, and be very restrictive on that end because those files are from the outside, and this path is published outside and is external. When you are looking from the inside, when you are working with partners inside the company, such as different departments, you will not always use the CDR solution. The integration of multi-scanning and Content Disarm and Reconstruction affects my data security operations effectively. If you are trying to disable any active links or anything that could be malicious, OPSWAT did that. It blocks the file types that we are not willing to have inside the company or are not approved. Therefore, it helped us. My impression of the detection rates provided by MetaScan Multi-scanning is great. I have not seen a lot of malicious content on those files that we are scanning, but in the test, I had a pretty high assurance that MetaDefender would find the content that is not welcome at our application end. It is quite easy to research and understand what exactly happened. I describe the effectiveness of Deep CDR in reconstructing files safely and without signatures as very effective. That is why we chose a CDR platform for those specific workflows that our business wants to accomplish, and not any sandbox or EDR solution that will block the files because they are malicious or suspicious. The CDR still gives us the option to retrieve the file but without any malicious content inside. I do not think I am using Adaptive Sandbox analysis. My overall rating for this solution is eight out of ten.
I recommend MetaDefender to others because it is effective, has high stability, and is beneficial for environments. I have rated this review a ten out of ten.
To achieve a perfect score of 10, MetaDefender would need to cater to every partner's ability to sell. While the price is a consideration, the benefits of scanning, removing, detecting, and sandboxing outweigh it significantly. I advise those considering MetaDefender to reach out to reseller partners for guidance on file sanitization and to explore setting up a proof of concept to see the value MetaDefender brings, with demos available directly on their website. My overall rating for this solution is 9.
The sandbox helps in cases of suspicious files. However, the sandbox alert indicates suspicious activity for many different files. When we test some files that we download from vendors' official sites for server BIOS upgrades or firmware upgrades on servers, such as files from Dell or HPE, these files are also considered suspicious for many use cases. The sandbox is good only for specific areas. If discussing email, it can be good. However, if discussing large files, the sandbox can indicate suspicious activity in almost every executable file. This causes customers not to believe in the results. They say it is suspicious, but it is fine to them. Even if something is actually suspicious, it does not receive attention because of the many files that should be legitimate but are considered suspicious. Perhaps the effectiveness of the sandbox and level of suspicious files can have two different levels. If asked how it can be better, a different score or different tag for suspicious files from known vendors and suspicious files from unknown vendors could help. Multiple levels of suspicious files, scores, or tags could be something that can be configured. For example, when using the sandbox to scan files that you download from the internet to different environments, such as air gap environments, and in this environment you manage IBM servers, if you scan the file and select that you are using it for IBM servers before scanning, it could be considered less suspicious. The system could also load a certificate of the file that you download and then determine whether it has a trusted certificate or a certificate that is probably good enough or probably not suspicious most of the time. I am not certain if MetaDefender can do anything else. Perhaps if they want to improve vulnerability management, instead of managing static CVEs, they could have a different method involving CVEs but something else as well. For example, CVEs that can be harmful because they are exploitable could be differentiated. However, this is something that cannot be managed at the MetaDefender level because it is just about files on a perimeter and does not understand the deployment of the environment because it is not running in the real environment. I am not certain if there is a way to do this better. There are some upgrades when MetaDefender has new features, so you have to upgrade. This is not about the upgrade of the engines that happen all the time if you have an internet connection or do it manually. The maintenance can take significant effort that causes most people not to upgrade and update it all the time. Considering offline users, offline environments, and environments with no internet, easier updates could be helpful. The upgrade of MetaDefender version, whether email or MetaDefender Core, is very quick. I would rate this review eight out of ten.
I would do a proof of concept because we are talking about cybersecurity. We ran tests for free for about three months. After our testing we were happy with the results.
I give MetaDefender an eight out of ten. We do not utilize MetaDefender to detect attacks such as spam, blackmail scams, or malicious phishing attempts. While these types of attack prevention features are available with MetaDefender, we have not incorporated them as the feature is relatively new to the market, having been introduced within the last year. In this field, there are already major players such as Forcepoint, Trustpoint, and IronPort which are established brands that offer similar services. Therefore, we solely rely on email for data communication. Our customer base comprises several hundred clients. For average maintenance, two people are required. I recommend having a solution with Zero-day protection, but the add-on is not cheap. MetaDefender is a unique solution in the industry and I recommend it.