A Complete Guide to Content Disarm and Reconstruction (CDR) Technology

Eliminate File-borne Threats without Disrupting Productivity.

File-borne threats remain a primary vector for injecting malware and ransomware into an enterprise via unsuspecting, everyday documents. From Microsoft Office files to PDFs and EMLs, to complex file types such as archives, ZIPs, and even password-protected files, a single hidden script or malicious payload can allow threat actors to exfiltrate sensitive information, lock down entire systems, and demand payment for relinquishment of control.

To this day, traditional defenses like antivirus, sandboxing, EDR, and DLP continue to struggle to detect zero-day attacks on their own, and more often than not, they hinder productivity by outright blocking or flattening essential files.

This guide explores the evolution of Content Disarm and Reconstruction (CDR) technology, and introduces Menlo Security’s Positive Selection® tech—a breakthrough approach that assumes all files are malicious, then rebuilds them using only known-good content while maintaining full file functionality. The result is safe, functional, and free-flowing files that never compromise the end-user.