Is Metadefender Endpoint an antivirus? What does it scan exactly?

Is Metadefender Endpoint an antivirus?

No, Metadefender Endpoint itself is not an antivirus engine in the typical sense. It is instead an antivirus detection tool, remediation tool, and second line of defense.

Metadefender Endpoint detects any of the thousands of possible anti-malware products that could be installed on an endpoint, and reports the following:

  • Installed product brand, name, version
  • Virus definition version and up-to-date status
  • Real-time protection status
  • Last scan date

In addition to detecting the antivirus installed, and details about it, Metadefender Endpoint can automatically remedy several of these conditions:

  • Attempt to enable real time protection if disabled
  • Attempt to update antivirus definition files if more than 3 days old


SECOND-LINE-OF-DEFENSE -- What does it scan?
Metadefender Endpoint is a unique and very effective second line of defense for catching advanced malware. This is done with two methods. Options for these are located in Configure > Device Policy > Advanced Threats

1. Multi-scanning of Running Processes
What: Every 24 hours, Metadefender Endpoint will enumerate all running processes and linked libraries on the endpoint. It hashes and uploads them to for scanning with up to 40 anti-malware engines. If any hashes are not found, Metadefender Endpoint can subsequently upload the binary of the running process or DLL for scanning.

Why: No single anti-malware engine is perfect 100% of the time. Using multiple engines to scan for threats allows you to take advantage of the strengths of each individual engine and to guarantee the earliest possible detection. 

When: If enabled, this scan occurs once every 24 hours.

2. Repeated Threat Detection
What: If a local antivirus is installed on the machine, Metadefender Endpoint will parse the logs from the antivirus engine and scan for threats showing up repeatedly within 7 days. When this situation occurs (a repeated threat), Metadefender Endpoint Management will flag the device as having a persistent infection. When available, Metadefender Endpoint Management will also report what action, if any, was taken by the local antivirus.

Why: This happens the local antivirus cannot completely clean the malware, or the device user is doing something to cause reinfection.

When: This is checked at every device reporting interval (configurable between 5 and 60 minutes).

This article applies to Metadefender Endpoint Management.
This article was last updated on 2014-10-14
(This article was changed to reflect the new name of Metadefender Endpoint on 2016-02-23)


Powered by Zendesk