Scanning devices for sensitive file content
If the required permissions are associated with your user role, you can submit a request to perform a single and immediate Endpoint Data Discovery (EDD) scan of a device. For example, you may want to run a one-time EDD scan to verify that the user of a device has "cleaned up" the at-risk files that were reported in a prior EDD scan.
An EDD Scan request prompts an EDD scan The Secure Endpoint Agent process that opens and analyzes files on a device's hard drive to identify confidential or at-risk content, as defined in an Endpoint Data Discovery policy. See also DAR component. that supplements the scheduled full and delta scans that are defined in the device's policy configurations. The requested scan will run on the device after its next agent connection, which typically occurs at 15 minute intervals.
EDD Scan requests use the rule and scan level configurations set in the EDD policy of the device's policy group. For example, if a device's EDD policy is configured to perform a Targeted scan for Credit Card Numbers and Personal Financial Information, an EDD Scan request performs this same scan. However, you do have the option of performing a delta scan or a full scan.
You can submit an EDD Scan request from the Devices area or a device's Device Details page. You can also select devices in a device group or a device report and submit a request for all selected devices.
Prerequisites
To submit an EDD Scan request for a device, the following prerequisites must be met:
- The device must be running a supported version of the Windows or macOS operating system
- The device's policy group must be assigned the Absolute Resilience license
- The Endpoint Data Discovery policy must be activated in the device's policy group
- The device's Secure Endpoint Agent must be actively connecting to the Absolute Monitoring Center
Requesting an EDD scan of a device
To submit an EDD Scan request:
- Log in to the Secure Endpoint Console as a user with Publish permissions for Endpoint Data Discovery.
-
Do one of the following:
To request an EDD scan for a single device
On the device's Device Details page, click
> 
Perform EDD scan.If the action is grayed out, one of the following conditions applies:
- The action isn't supported on the device's operating system
- A license upgrade is required to request the action
- The device's Agent status The operating condition of a device's Secure Endpoint Agent. Possible values are Active (indicates that the device's agent has connected to the Absolute Monitoring Center), Inactive (indicates one of the following: the device was moved to another account; the device was unenrolled, but it is now set to be reactivated; or the device had Persistence enabled at the factory, but it has not yet called in to the Absolute Monitoring Center), and Disabled (indicates that the agent is either flagged for removal or removed from the unenrolled device). Inactive and Disabled devices do not consume a license. is set to Disabled or Inactive
To request an EDD scan for multiple devices
- From the navigation bar, open a page that supports the Request EDD Scan action. For example, click
Devices to open the All Devices page. - In the work area, use the search field or filters to find the devices you want to scan.
- Select the checkbox next to each device you want scan. To select all devices, select the Select All checkbox in the result grid header. You can select up to 5000 devices. To remove all selections, clear the Select All checkbox or click Clear all.
- Click > Perform EDD scan.
Alternatively, you can upload a file of device identifiers and submit a request.
-
On the Scan for sensitive data dialog, select one of the following options:
- Delta scan: Scans only those files on a device's hard drive that were added or edited since the last full scan
- Full scan: Scans "all" files on a device's hard drive. Depending on the number of files on the device's hard drive, and the size of those files, a full scan may take between a few hours and a day to complete.
The file types and file locations to be scanned are determined by the scan level configuration set in each device's EDD policy.
-
Click .
If the request can't be processed on some devices due to ineligibility, a
notification shows in the top right of the window soon after submitting the request. Click View Devices to review each device's ineligibility reason.Your EDD Scan request is submitted. The request is deployed to each device on its next successful connection to the Absolute Monitoring Center, which is typically within a few minutes for Absolute Resilience accounts, or within 15 minutes for Absolute Control accounts, assuming the devices are online.
If you requested a full scan, your request supersedes all pending scans. Similarly, if a scan is currently in progress, that scan is terminated allowing the requested full scan to run. If you requested a delta scan while a full scan is pending or in progress, the delta scan request is ignored.
You can track the status of your requested EDD scan by going to each device's EDD Summary page and viewing the Scan status section on the Scan history and status tab.
After the scan is completed, you can view the scan results on the following reports and pages:
