Devices with At-Risk Files in Cloud report
NOTE Depending on the permissions associated with your user role, this report may not be available.
The Devices with At-Risk Files in Cloud report shows information about file content, detected by the Endpoint Data Discovery policy, that may be at risk of being shared using a cloud storage A computing model in which data is stored on remote servers that are managed by a cloud storage service provider. Users of the service access their data using the Internet or "cloud". service.
The report uses a simple set of filters to show detected EDD data that resides in a folder typically created when cloud storage software is installed on a device. Device users use this folder to synchronize files on their device with an online version of the folder in the cloud.
NOTE For Windows devices using OneDrive Files On-Demand, only synchronized files are scanned. The EDD component does not download unsynchronized files to the device during an EDD scan. For Mac devices using OneDrive Files On-Demand, a limitation of the Mac platform prevents the EDD component from scanning any files in the OneDrive folder.
On the Reports page, you can access this report from Absolute view or the Data Visibility category.
IMPORTANT Be aware that if a user changes the name of the cloud storage software's local folder, any EDD data detected in the folder may not be included in the report. Similarly, if a user creates a folder that includes a text string defined in the report's filters, such as "Dropbox", any EDD data detected in the folder is included in the report. Depending on the user's purpose for this folder, the files in the folder may not necessarily be at risk of being shared using a cloud storage service. Therefore, when assessing a device's level of risk, pay close attention to the value in the report's File Path column.
The Devices with At-Risk Files in Cloud report applies only to supported Windows and Mac devices with an active Endpoint Data Discovery policy and an Agent status The operating condition of a device's Secure Endpoint Agent. Possible values are Active (indicates that the device's agent has connected to the Absolute Monitoring Center), Inactive (indicates one of the following: the device was moved to another account; the device was unenrolled, but it is now set to be reactivated; or the device had Persistence enabled at the factory, but it has not yet called in to the Absolute Monitoring Center), and Disabled (indicates that the agent is either flagged for removal or removed from the unenrolled device). Inactive and Disabled devices do not consume a license. set to Active.
To view information in the Devices with At-Risk Files in Cloud report you first need to activate the Endpoint Data Discovery (EDD) policy in one or more policy groups.
NOTE For new activations, it may take up to two days before data is available in this report.
By default, the following filters are used to generate this report:
- File Match Status is Current
- File Path contains Box Sync
- File Path contains Dropbox
- File Path contains iCloudDrive
- File Path contains OneDrive
These filters generate a report that contains the data collected during the most recent full EDD scan The Secure Endpoint Agent process that opens and analyzes files on a device's hard drive to identify at-risk content, as defined in an Endpoint Data Discovery policy. See also DAR component. of your devices and all subsequent delta scans. If an EDD scan is currently in progress, you can view the data available so far by setting the File Match Status A report column and filter that applies to select Endpoint Data Discovery reports. The column provides an indication of how current a device's EDD data is. It may contain the following values: Current (data from the most recent full and delta scans), Incoming (data from a scan that is in progress), Historical (data from the previous full and delta scans), or Delta-Deleted (previously detected matches that were removed from the file prior to the last delta scan). filter to Incoming. Similarly, you can view the information collected during the previous full EDD scan and all subsequent delta scans by setting this filter to Historical.
The information collected from each device is organized in the following columns:
Column | Description |
---|---|
Device name |
Includes the device's device name The name assigned to the device in the operating system. For Chromebooks, device name is not applicable and therefore shows as "Chrome" in the Secure Endpoint Console. and serial number The identification number assigned to the device by the device manufacturer. For Windows devices, this value may correspond to the serial number of the BIOS, the motherboard, or the chassis, depending on the manufacturer. To view the device's Device Details page, click the linked device name. |
Username |
The username of the user who was logged in to the device when an agent connection occurred. If no user was logged in during the most recent agent connection, the last detected username shows. |
File Name |
File name of the file To view details about all detected matches in the file, and the file path on the device, click the file name. |
Match Score |
Computed value indicating the number of matches detected in the file for the associated EDD rule The calculation of Match Score varies depending on rule type and content type. |
Rule |
Name of the default or custom EDD rule for which a match was detected If unscannable shows, the file wasn't scanned because it was in use at the time of the scan, or it resides in an encrypted file directory. |
Encryption > Status |
The summarized encryption status of the device Statuses
|
Policy Group | Name of the policy group that the device belongs to |
Scan Date | Date (local time) when the device was scanned using the scan configurations set in the Endpoint Data Discovery policy |
File Path | The directory, including the file name, where the file resides on the device. All files in this report reside in a directory that contains one of the following text strings: Box Sync, Dropbox, iCloudDrive, or OneDrive. |
File Type | Internet Media Type Similar to a MIME type, an Internet Media Type is a standard identifier to indicate the type of content contained in a file on the Internet. The format of the identifier is type name/subtype name (for example, application/zip or text/plain). of the file |
File Owner |
Name of the user who controls permissions on the file By default, the file owner is the user who created the file. |
File Created | Local date and time when the file was created |
File Modified | Local date and time when the file was last edited |
You can use some of this information as search criteria to search for specific information in the report. You can also view other EDD scan information by adding more columns to the report. For example, to view more information about the file, such as the file owner and file path, add the applicable columns to the report.
NOTE If No Data shows in a column, the information was not detected on the device.
By default, the report data is sorted by Scan Date, in descending order. You can change the sort order by clicking a column heading.
You can perform the following tasks on the Devices with At-Risk Files in Cloud report:
- Open and view the report
- Search for and view individual devices in the report
- View EDD information about a particular file, including a summary of all detected matches on the device
- Adjust the columns on the report
- Add or remove filters
- Export the report
- Email the report on a set schedule
- Favorite the report
- Save changes to report filters and columns to create a custom view or a new report