Scanning devices for at-risk file content

If the required permissions are associated with your user role, you can submit a request to perform a single and immediate Endpoint Data Discovery (EDD) scan of a device. For example, you may want to run a one-time EDD scan to verify that the user of a device has "cleaned up" the at-risk files that were reported in a prior EDD scan.

An EDD Scan request prompts a EDD scan The Absolute agent process that opens and analyzes files on a device's hard drive to identify at-risk content, as defined in an Endpoint Data Discovery policy. See also DAR component. that supplements the scheduled full and delta scans that are defined in the device's policy configurations. The requested scan will run on the device after its next agent connection, which typically occurs at 15 minute intervals.

NOTE  EDD Scan requests use the rule and scan level configurations set in the EDD policy of the device's policy group. For example, if a device's EDD policy is configured to perform a Targeted scan for Credit Card Numbers and Personal Financial Information, an EDD Scan request performs this same scan. However, you do have the option of performing a delta scan or a full scan.

You can submit an EDD Scan request from the Assets > Devices area or a device's Device Details page. You can also select devices in a device group, roll-up folder, or device report and submit a request for all selected devices.

To submit an EDD Scan request for a device, the following prerequisites must be met:

  • The device must be running a supported version of the Windows or macOS operating system
  • The device's policy group must be assigned the Absolute Resilience license
  • The Endpoint Data Discovery policy must be activated in the device's policy group
  • The device's Absolute agent must be actively connecting to the Absolute Monitoring Center

To submit an EDD Scan request:

  1. Log in to the Absolute console as a user with Publish permissions for Endpoint Data Discovery.
  2. Do one of the following:

    On the device's Device Details page, click > Perform EDD scan.

    1. From the navigation bar, open a page that supports the Request EDD Scan action. For example, click to open the All Devices page.
    2. In the work area, use the search field or filters to find the devices you want to scan.
    3. Select the check box next to each device you want scan. To select all devices, select the Select All check box in the result grid header. You can select up to 5000 devices. To remove all selections, clear the Select All check box or click Clear all.
    4. Depending on the page you're on click either or Device Actions, and then click Perform EDD scan.

    Alternatively, you can upload a file of device identifiers and submit a request.

  3. On the Perform EDD Scan dialog, select one of the following options:
    • Delta scan: Scans only those files on a device's hard drive that were added or edited since the last full scan
    • Full scan: Scans "all" files on a device's hard drive. Depending on the number of files on the device's hard drive, and the size of those files, a full scan may take between a few hours and a day to complete.

    NOTE  The file types and file locations to be scanned are determined by the scan level configuration set in the EDD policy.

  4. Click Perform EDD Scan.

    If any of the devices you selected do not meet the prerequisites, the devices are ineligible for EDD scanning and the Device Eligibility for EDD Scan dialog shows. Each device's reason for ineligibility shows in the Status column.

  5. If one or more devices are eligible for EDD scanning and you want to scan those devices, click Perform EDD Scan.
  6. Click Close to close the confirmation message. Your EDD Scan request is submitted. The scan will run on each device on the next agent connection.

    NOTE  If you requested a full scan, your request supersedes all pending scans. Similarly, if a scan is currently in progress, that scan is terminated allowing the requested full scan to run. If you requested a delta scan while a full scan is pending or in progress, the delta scan request is ignored.

You can track the status of your requested EDD scan on each device's Policies tab.

After the scan is completed, you can view the scan results on the following reports and pages: