Content Disarm & Reconstruction (CDR) is a computer security technology for removing malicious code from files. Unlike malware analysis, CDR technology does not determine or detect malware’s functionality but removes all file components that are not approved within the system’s definitions and policies.
It is used to prevent cyber security threats from entering a corporate network perimeter. Channels that CDR can be used to protect include email and website traffic. Advanced solutions can also provide similar protection on computer endpoints, or cloud email and file sharing services.
CDR works by processing all incoming files of an enterprise network, deconstructing them, and removing the elements that do not match the file type’s standards or set policies. A CDR technology then rebuilds the files into clean versions that can be sent on to end users as intended.
Because CDR removes all potentially malicious code, it can be effective against zero-day vulnerabilities that rely on being an unknown threat that other security technologies would need to patch against to maintain protection.