Viewing a device's at-risk file content

The Endpoint Data Discovery page applies only to Windows and Mac devices with an active Endpoint Data Discovery policy.

To view at-risk file content:

1. On any page that shows linked device identifiers in the first column of the results grid, such as the All Devices page in the Devices area, click the link for the device that you want to view. Summarized information about the device shows in the page header.
2. Click EDD Summary under the Summary area. The page opens to show two subtabs:
   • EDD Summary
   • EDD History

On the EDD Summary page, you can view a summary of the matches detected on a device during the last EDD scan The Secure Endpoint Agent process that opens and analyzes files on a device's hard drive to identify at-risk content, as defined in an Endpoint Data Discovery policy. See also DAR component..

The page shows information about the files where confidential or at-risk data was detected. For those files that require further investigation, you can view more detailed EDD information, which allows you to evaluate each match individually to identify false positive A result on an EDD-related report or page in which a match is detected in a file, but upon further investigation, you do not consider the matched content to be at-risk data.s and determine a device's level of risk.

After you activate an EDD policy on a device, it may take several days before data is available on the EDD Summary page. The data includes information collected during the last full EDD scan of the device and all subsequent delta scans. EDD scans can take between a few hours and a few days to complete. If a scan is in progress when you view this page, data from that scan is not included.

To see the results of the last EDD scan:

1. Click the EDD Summary tab.

   The information on this page is organized in the following columns:

   Column	Description
   File name	File name of the file To view details about all detected matches in the file, click the linked file name. You can't view additional details about Unscannable files.
   Match score	Computed value indicating the number of matches detected in the file for the associated policy rule The calculation of Match Score varies depending on rule type and content type.
   Rule	Name of the predefined or customized EDD rule for which a match was detected If Unscannable shows, the file was not scanned due to a lack of system resources at the time of the EDD scan.
   File path	The full file path of the file on the device
   File type	Internet Media Type Similar to a MIME type, an Internet Media Type is a standard identifier to indicate the type of content contained in a file on the Internet. The format of the identifier is type name/subtype name (for example, application/zip or text/plain). of the file
   File owner	Name of the user who controls permissions on the file By default, the file owner is the user who created the file.

   The following summary information shows in the page footer:

   • Total file count
   • Total match score: the total matches detected on the device for all applicable policy rules during the most recent EDD scan. A higher value may indicate that an unacceptable amount of confidential or at-risk data is stored on the device.
   • Last scan date: the date when the most recent EDD scan was completed on the device
2. To filter the information by policy rule, click the Rule is Any filter and select one or more policy rules. Click outside the filter to apply your changes. To filter by match score, click and add a filter.

3. The results are sorted by Match Score, in descending order. To sort the results by another column, click the applicable column header. To reverse the sort order, click the column header again. An icon indicates whether the list is sorted in ascending or descending order.

4. To add or remove columns, click > Edit columns. You can add the following columns to the page:
   • File accessed
   • File created
   • File extension
   • File match status
   • File modified
   • Scan date
5. To view details about all detected matches in a file, click the linked file name.
6. To export the page to a report, click (Export) on the page's action toolbar. Note that the following columns are automatically included in the exported report: Scan date, Device name, Serial number, and Identifier.
7. To save the page as a new report, click (Save as) on the page's action toolbar. The new report is added to My Reports view of the Reports page and to the Data Visibility report category.
8. To delete an at-risk file from the device:
   1. Click the file's file name.
   2. In the dialog that opens, click Delete file from this device and submit a File Delete request.

On the EDD History page, you can view a history of the files for which matches were detected during an EDD scan The Secure Endpoint Agent process that opens and analyzes files on a device's hard drive to identify at-risk content, as defined in an Endpoint Data Discovery policy. See also DAR component..

A device's EDD history is limited to the last two full EDD scans of the device's hard drive and all subsequent delta scans. If a scan is in progress on the device when you run the report, any data collected up to that point is available.

After an EDD policy is activated on a device, it may take up to two days before data is available on the EDD History page.

To view the results of the last two full EDD scans:

1. Open the EDD Summary tab and click EDD History. The information on the page is aggregated by Scan Date The date (local device time) when a device was scanned according to an Endpoint Data Discovery policy..
2. Click a Scan Date. The page shows information, in grid format, about each file where one or more content matches are detected.

   Column	Description
   Match Score	Computed value indicating the number of matches detected in the file for the associated policy rule The calculation of Match Score varies depending on rule type and content type.
   File Name	File name of the file To view details about all detected matches in the file, and the file path on the device, click the file name. You can't view additional details about Unscannable files.
   Rule	Name of the predefined or customized EDD rule for which a match was detected If Unscannable shows, the file was not scanned due to a lack of system resources at the time of the EDD scan.
   File Type	Internet Media Type Similar to a MIME type, an Internet Media Type is a standard identifier to indicate the type of content contained in a file on the Internet. The format of the identifier is type name/subtype name (for example, application/zip or text/plain). of the file
   File Path	The full file path of the file on the device
   File Owner	Name of the user who controls permissions on the file. By default, the file owner is the user who created the file
   File Created	Local date and time when the file was created
   File Modified	Local date and time when the file was last edited

   Information is collected according to the EDD policy associated with the device on the Scan Date. If the device is subsequently moved to another policy group, and different EDD policy rules now apply, those rules are not reflected in the information on the EDD History page until after the next scan.

   Click a Scan Date to view the files where confidential or at-risk data was detected during an EDD scan.

3. To view details about all detected matches in a file, click the linked file name.
4. To delete an at-risk file from the device:
   1. Click the file's file name.
   2. In the dialog that opens, click Delete file from this device and submit a File Delete request.