Scanning devices for at-risk file content

If the required permissions are associated with your user role, you can submit a request to perform a single and immediate Endpoint Data Discovery (EDD) scan of a device. For example, you may want to run a one-time EDD scan to verify that the user of a device has "cleaned up" the at-risk files that were reported in a prior EDD scan.

An EDD Scan request prompts an EDD scan The Secure Endpoint Agent process that opens and analyzes files on a device's hard drive to identify at-risk content, as defined in an Endpoint Data Discovery policy. See also DAR component. that supplements the scheduled full and delta scans that are defined in the device's policy configurations. The requested scan will run on the device after its next agent connection, which typically occurs at 15 minute intervals.

EDD Scan requests use the rule and scan level configurations set in the EDD policy of the device's policy group. For example, if a device's EDD policy is configured to perform a Targeted scan for Credit Card Numbers and Personal Financial Information, an EDD Scan request performs this same scan. However, you do have the option of performing a delta scan or a full scan.

You can submit an EDD Scan request from the Devices area or a device's Device Details page. You can also select devices in a device group or a device report and submit a request for all selected devices.

Requesting an EDD scan of a device

To submit an EDD Scan request:

Log in to the Secure Endpoint Console as a user with Publish permissions for Endpoint Data Discovery.
Do one of the following:

To request an EDD scan for a single device

On the device's Device Details page, click > Perform EDD scan.
To request an EDD scan for multiple devices
1. From the navigation bar, open a page that supports the Request EDD Scan action. For example, click Devices to open the All Devices page.
2. In the work area, use the search field or filters to find the devices you want to scan.
3. Select the checkbox next to each device you want scan. To select all devices, select the Select All checkbox in the result grid header. You can select up to 5000 devices. To remove all selections, clear the Select All checkbox or click Clear all.
4. Click > Perform EDD scan.
Alternatively, you can upload a file of device identifiers and submit a request.
On the Perform EDD Scan dialog, select one of the following options:
- Delta scan: Scans only those files on a device's hard drive that were added or edited since the last full scan
- Full scan: Scans "all" files on a device's hard drive. Depending on the number of files on the device's hard drive, and the size of those files, a full scan may take between a few hours and a day to complete.
The file types and file locations to be scanned are determined by the scan level configuration set in the EDD policy.
Click Scan x devices.

If any of the devices you selected do not meet the prerequisites, the devices are ineligible for EDD scanning and the Device Eligibility for EDD Scan dialog shows. Each device's reason for ineligibility shows in the Status column.
If one or more devices are eligible for EDD scanning and you want to scan those devices, click Proceed with Eligible Devices.
Click Close to close the confirmation message.

Your EDD Scan request is submitted. The request is deployed to each device on its next successful connection to the Absolute Monitoring Center, which is typically within a few minutes for Absolute Resilience accounts, or within 15 minutes for Absolute Control accounts, assuming the devices are online.

If you requested a full scan, your request supersedes all pending scans. Similarly, if a scan is currently in progress, that scan is terminated allowing the requested full scan to run. If you requested a delta scan while a full scan is pending or in progress, the delta scan request is ignored.

You can track the status of your requested EDD scan on each device's Policies tab.

After the scan is completed, you can view the scan results on the following reports and pages: