Definition

Content Disarm and Reconstruction (CDR) takes incoming files - email attachments, web downloads, uploads - and strips any active or executable content (macros, scripts, embedded objects, exploit payloads), then rebuilds the file in a known-safe format. The output is functionally equivalent to the original but with no executable threat surface. CDR is particularly effective against zero-day exploits in document formats (PDF, Office macros, etc.) because it removes the entire category of executable content rather than trying to detect specific malicious patterns. Symantec offers CDR through the Content Analysis System integrated with Cloud SWG and Email Security. Common use cases: financial services attachment processing, defense industry document workflows, healthcare PHI handling.

Symantec products that implement this

  • Symantec Cloud Secure Web Gateway - Cloud-delivered web security with SSL inspection, URL filtering, sandboxing, content disarm, and CASB integration. The cloud successor to the ProxySG appliance.
  • Symantec Email Security.cloud - Cloud-based email protection with anti-phishing, BEC defense, attachment sandboxing, URL rewriting, impersonation detection, and email continuity.

Related terms

  • DLP (Data Loss Prevention) - Security capability that discovers, monitors, and protects sensitive data across endpoints, networks, storage, cloud, and email.
  • RBI (Remote Browser Isolation) - Security technique that renders web content in disposable cloud containers; malicious code never reaches the endpoint.

Deep-dives on CDR