Deleting files from devices
NOTE Depending on the Absolute product licenses associated with your account, the Delete File feature may not be available.
The Delete File feature lets you remotely delete files and folders from your Windows and Mac devices to protect your organization's confidential and sensitive data. Depending on the criteria you enter in a request, you can delete individual files, folders, or file types, or you can use patterns to delete items in multiple locations.
Eligibility requirements
Delete File requests are supported on devices that are running:
- A supported version of the Windows or Mac operating system
- Absolute agent version 7.18 or higher
These devices must also be regularly connecting to the Absolute Monitoring Center.
Also see Special instructions for Mac devices.
This action is not supported on:
- Chromebook and Android devices
- Devices with an open theft report
- Devices with an Agent Status The operating condition of an Absolute agent. Possible values are Active (indicates that the agent has connected to the Monitoring Center), Inactive (indicates that the agent has started its first connection to the Absolute Monitoring Center and agent activation is in progress and when activation is completed, the status is updated to Active), and Disabled (indicates that the agent is either flagged for removal or removed from the device). set to Inactive or Disabled
Also note that Delete File requests are not supported on devices with an outstanding Wipe request.
Permissions
To submit Delete File requests, your user role must be granted the Perform permission for Delete File. The System Administrator, Security Administrator, and Security Power User default user roles are granted this permission.
To track the status of your request and view and download log files, your user role must be granted the View permission for Delete File. All default Administrator roles and the Security Power User role are granted this permission.
About Delete File security actions
You can create a Delete File request to delete specific files and folders from one or more devices.
The Delete File security action performs one or more data overwrites before it deletes a file. When a device is scanned and a file matches the criteria set in the Delete File request, the Absolute agent overwrites all content in the file with a unique pattern of data values for each overwrite, essentially making the file unreadable and unrecoverable. It then deletes the file, freeing up disk space.
The Delete File security action conforms to the Clear standard defined in NIST Special Publication 800-88, Guidelines for Media Sanitization, and it is HIPAA compliant. After the action is processed on a device, a Certificate of Sanitization and a log file are uploaded to the console. You can then download these files from Action History to demonstrate compliance.
NOTE If you want to remove all sensitive data from devices before you reuse, resell, or dispose of them, submit a Wipe request instead of a Delete File request.
Before you submit a Delete File request, familiarize yourself with the following considerations:
- Deleting a folder deletes all files in the folder before deleting the folder.
- If hidden files match the criteria set in the Delete File request, the files are deleted.
- Removable media and network drives are not scanned.
- A device can have multiple Delete File requests outstanding at the same time.
- Delete File requests run silently in the background, but a device that is processing a request will not enter sleep mode.
Ignored files
The following system files are always ignored, regardless of whether they match a file pattern specified in a Delete File request. These system files cannot be deleted using the Delete File security action.
|
Windows |
Mac |
|
|---|---|---|
|
\WWANSVC\ \WLANSVC\ *.PAC |
*.DocumentRevisions-V* *.fseventsd *.Spotlight-V* /bin /Darwin /dev /etc /home /net |
/private/Developer /System /tmp /Users/Shared/.rpc /usr /var mach_kernel |
Special instructions for Mac devices
To enable the Delete File feature to be supported on your Mac devices, you first need to configure a custom profile and deploy it to the devices using your Mobile Device Management (MDM) application. Specifically, you need to complete the following key steps to be able to delete files in the Desktop, Documents, and Downloads folders on these devices:
Step 1: Download the custom profile. Ensure that you save the file (FileDelete_MDMProfile_v1_0.mobileconfig) with the .mobileconfig file extension.
Step 2: Upload the custom profile and configure it on your MDM server. For more information, refer to MDM documentation.
Step 3: On the MDM server, assign the profile to the applicable Mac devices for deployment. For more information, refer to MDM documentation.
Finding files to delete
If you unsure which files reside on a particular Windows device, you can run a Reach script to get a list of the device's files. You can also upload files that you want to retrieve.
NOTE Depending on the Absolute product licenses associated with your account, Reach scripts may not be available.
Get a list of files
To get a list of the files stored on a Windows device, run the following Reach script:
Retrieve a list of files from a device
This script generates a report file containing details about each file, including its full file path, creation time, last write time, and file size. You can use this information to run a file upload script.
For more information about this script, go to Settings > Script Library and search for the script name. Detailed information is provided in the script.
Upload files
To retrieve files from a Windows device, you can run one of the following scripts:
|
Script name |
Description |
|---|---|
| Upload files to Dropbox |
Uploads files from a Windows device to Dropbox using the permissions of a custom Dropbox app. |
| Upload files to FTP server |
Uploads files from a Windows device to a FTP server. |
| Upload files to network shared folder |
Uploads files from a Windows device to a network shared folder using a UNC path. |
These scripts generate a report file that is uploaded to the same location as the uploaded files. It contains the number of successful file uploads, along with details about any errors that occurred, such as duplicated file, file not found, and file failed to upload.
For more information about each script, go to Settings > Script Library and search for the script name. Detailed information is provided in each script.
Deleting files and folders
To submit a Delete File request to delete files or folders from your devices:
- Do one of the following:
- To delete files or folders from a single device:
- On the device's Device Details page, click
> Delete File.... - If the device does not meet the system requirements, the device is ineligible for the action. Click Cancel.
- On the device's Device Details page, click
- To delete files or folders from multiple devices:
- From the navigation bar, open a page or report that supports the Delete File action.
- In the work area, use the search field or filters to find the devices with the files you want to delete.
In the results grid, select the check box next to each device. To select all devices, select the Select All check box in the result grid's header. You can select up to 9,999 devices. To remove all selections, clear the Select All check box or click Clear all.
- Depending on the page you're on, click either or Device Actions and then click Delete File....
For example, click
to open the Devices > All Devices page, or click 
to open the Reports page and click Data Risk Assessment under Data Visibility.
Alternatively, you can upload a file of device identifiers and submit a request.
- To delete files or folders from a single device:
- [Optional] To help identify this request in Action History, click the field under the dialog title and enter a Description for this request.
- Click the field under Filename, folder and path and enter the files and folders that you want to delete, pressing Enter on your keyboard after each item. If you selected both Windows and Mac devices, a separate field shows for each platform.
You can delete a specific file, file type, or folder, in any location or a specific location. You can also use wildcard characters in filenames and file paths to delete multiple files, but use caution to avoid deleting unintended files.
For more information about supported syntax and glob patterns, and to view use cases and examples, click Learn more.
NOTE The "delete all files" (*.*) glob pattern is not supported. Consider submitting a Wipe request.
- Under Options, click the field and select how many times you want the file content to be overwritten with non-sensitive data (series of zeros and ones). You can select 1, 3, or 7 data overwrites.
- The generated log file can include the file's creation date and time, and the date and time it was last modified or accessed. If you want to include this information in the log file, select the checkbox next to Include File Date Attributes in the log file.
NOTE To comply with the Clear standard defined in NIST Special Publication 800-88, Guidelines for Media Sanitization only one data overwrite is required. Other data erasure standards may require more overwrites.
- Under Confirmation, select the checkbox to acknowledge that after this request is deployed to a device, you can't cancel the action.
- Click Delete File.
The Delete File request is submitted, its status is set to Pending in Action History, and a File delete requested event is logged to Event History. The request will be deployed to the applicable devices on their next check-in to the Absolute Monitoring Center. If the request requires dual approval, the request remains in the Pending Approval section in Actions History. The action isn't sent to the device until the request is approved.
After you submit your request, you can go to Action History to do the following:
-
Track the status of your Delete File request.
-
View a device's Certificate of Sanitization.
-
View the log file after the files are deleted.
-
Cancel a request for devices with a status of Pending.
NOTE Requests with a status of Pending have not been deployed to the device yet, so they can be canceled.
Deleting at-risk files found during an EDD scan
For Windows devices, you can select individual files detected during an Endpoint Data Discovery (EDD) scan and submit a File Delete request to remove the at-risk files from the device. For example, you may discover that a device has one or more files with exceptionally high Match Scores and you determine that the content should not reside on the device. You can select the at-risk files and delete them from the device.
NOTE Depending on the Absolute product licenses associated with your account, the Endpoint Data Discovery feature may not be available.
Deleting individual files
To submit a File Delete request for an individual at-risk file:
- Log in to the Absolute console as a user with Perform permissions for Delete File.
- Find the file by doing one of the following:
- From Device Details:
- On a Windows device's Device Details page, click EDD Summary.
- Click each section title to expand the section and see the files that contain matched content.
- From Device Details:
- From an EDD report:
- On the navigation bar, click to open the All Reports view of the Reports page.
In the page's Search Reports field, enter the name of the report. The report list updates dynamically as you type.
Alternatively, if you want to find the report by first filtering the report list, do one of the following on the Reports sidebar:
- If you saved the report, click My Reports.
- If you favorited the report, click Favorites.
- If you scheduled the report, click Scheduled.
- Under Categories, click the report category for the report, such as Security.
- Under Data Visibility, click History, Reporting Data, or Devices With At-Risk Files in Cloud.
- In the work area, use the search field or filters to find the Windows device with the at-risk file that you want to delete.
- On the navigation bar, click
- In the File name column, click the file that you want to delete.
- On the dialog that opens, click Delete File. The Delete File dialog opens to show the file path of the selected file.
- [Optional] Click the field under the dialog title and enter a description for this File Delete request.
- Complete steps 4 to 7 in Deleting files and folders.
Deleting multiple files
To submit a File Delete request for multiple at-risk files:
- Log in to the Absolute console as a user with Perform permissions for Delete File.
- On a Windows device's Device Details page, click EDD Summary.
- Click each section title to expand the section and see the files that contain matched content.
- Select the checkbox next to each file that you want to delete.
- Click > Delete File.... The Delete File dialog opens to show the file paths of the selected files.
- [Optional] Click the field under the dialog title and enter a description for this request.
- Complete steps 4 to 7 in Deleting files and folders.
After you submit your request, you can go to Action History to do the following:
Track the status of your Delete File request.
View a device's Certificate of Sanitization.
View the log file after the files are deleted.
Cancel a request for devices with a status of Pending.
NOTE Requests with a status of Pending have not been deployed to the device yet, so they can be canceled.
