Configuring Endpoint Data Discovery policies

To configure an EDD policy:

1. Log in to the Absolute console as a user with Manage permissions for Policies and Licenses.

2. On the navigation bar, click and click Policy Groups.

3. On the Policy Groups sidebar, search for and then click the policy group that contains the EDD policy you want to configure.
4. Click Settings. The policy group's Settings page opens in the work area.
5. Next to Endpoint Data Discovery, click Configure.
6. On the Configure EDD dialog, specify the rules you want to associate with the policy:
   1. Select each predefined rule you want to include:
      • Credit Card Number
      • Encrypted or Password Protected
      • GDPR Personal Data
      • Personal Financial Information
      • Personal Health Information
      • Social Security Number
   2. If you have created and published any custom EDD rules, they are also listed here. Select each custom rule you want to include in the policy.

   Alternatively to select all rules, select the check box next to Description. To exclude a rule, clear its check box.

7. Set the day and time to perform EDD scans:
   1. The current scan schedule shows under Set Scan Schedule. Click to expand the section.
   2. Set the day and time to perform full scans:
      1. Under Full Scan, click the Frequency field and specify how frequently you want to scan files on the device's hard drive:
         • Monthly
         • Quarterly - Jan, Apr, Jul, Oct
         • Quarterly - Feb, May, Aug, Nov
         • Quarterly - Mar, Jun, Sep, Dec

      NOTE  The system retains all data collected during the last two full EDD scans and all subsequent delta scans. To increase the amount of historical data retained by the system set the Frequency to one of the Quarterly options.

      2. Click the Day field and select the day of the month to perform the full scan. If you select day 31, all full scans are performed on the last day of the month. If you select day 29 or 30, full scans are performed on the last day of the month in February, and on the selected day in all other months.
      3. Click the Start Time field, use the Hour and Minute sliders to specify the time of day to perform the scan, and then click Done. This time is processed as local time on each device.
   3. Set the day and time to perform delta scans:
      1. Under Delta Scan click the Frequency field and specify how frequently you want to scan any new or changed files:
         • Daily
         • Weekly
         • Do not schedule (only full scans are performed)
      2. Click the Day field and select the day of the week to perform the delta scan. If you selected a frequency of Daily you can select multiple days of the week. To clear a selection, click the selected day.
      3. Click the Start Time field, use the Hour and Minute sliders to specify the time of day to perform the scan, and then click Done. This time is processed as local time on each device.
8. The current battery power setting shows under Battery Conservation. To change the setting, click Auto Pause Setting and select one of the following options:
   • Scan at any battery level
   • Scan while battery level is above the following percentage
   • Never scan while on battery power
9. The current scan level shows under Set Scan Level. To change the scan level, click to expand the section and select one of the following options:
   • Targeted
   • Moderate
   • Extended
10. Click Save. Alternatively, if the EDD policy is Inactive and you want to activate the policy now, click Save and Activate.

11. Click Close to close the confirmation message.

The updated policy configurations are applied as follows:

• If you activated the EDD policy for the first time, the Absolute agent's DAR component A lightweight software component of the Absolute agent that detects at-risk data stored on a Windows or Mac device during an EDD scan. The DAR component is deployed on a device only when the device is associated with a policy group in which the Endpoint Data Discovery policy is activated. is activated on the device. A full scan of the device is then performed. All subsequent scans follow the schedule set in the policy.
• If you updated the rules of an active EDD policy, a full scan starts within a few minutes to scan the devices according to the new rules.
• If you updated only the scan schedule of an active EDD policy, the new schedule is applied to each device (a full scan is not started as a result of this change).

Apple introduced new security features in macOS 10.15 that require applications to be granted explicit permission to access or modify user folders. On each Mac device, you need to grant this permission to the Absolute EndpointApp application to enable it to scan these folders.

To grant the required permission, complete the following steps:

1. On a Mac device with an activated EDD policy, open the Security & Privacy pane in System Preferences.
2. Click the Privacy tab and click Full Disk Access in the left column.
3. Click the Lock icon in the bottom right of the pane.
4. In the dialog that opens, enter your administrator password and click Unlock.
5. Below the application list box, click the + icon and navigate to /Library/Application Support/Absolute/CTES/Components/DLP.
6. Select EndpointApp and click Open.
7. Select the checkbox next to EndpointApp to grant the permission.
8. Click the Lock icon to stop editing Full Disk Access.

Alternatively, you can use a Mobile Device Management (MDM) solution, such as Apple Profile Manager or JAMF, to configure Full Disk Access for the Absolute EndpointApp application. For more information, see the applicable MDM documentation.