Scanning devices for at-risk file content

If the required permissions are associated with your user role, you can submit a request to perform a single and immediate Endpoint Data Discovery (EDD) scan of a device. For example, you may want to run a one-time EDD scan to verify that the user of a device has "cleaned up" the at-risk files that were reported in a prior EDD scan.

An EDD Scan request prompts a EDD scan The Absolute agent process that opens and analyzes files on a device's hard drive to identify at-risk content, as defined in an Endpoint Data Discovery policy. See also DAR component. that supplements the scheduled full and delta scans that are defined in the device's policy configurations. The requested scan will run on the device after its next agent connection, which typically occurs at 15 minute intervals.

NOTE  EDD Scan requests use the rule and scan level configurations set in the EDD policy of the device's policy group. For example, if a device's EDD policy is configured to perform a Targeted scan for Credit Card Numbers and Personal Financial Information, an EDD Scan request performs this same scan. However, you do have the option of performing a delta scan or a full scan.

You can submit an EDD Scan request from the Assets > Devices area or a device's Device Details page. You can also select devices in a device group, roll-up folder, or device report and submit a request for all selected devices.