10.9 Full-Disk Sensitive Information Scan Tasks

Administrators can configure full-disk scan tasks for multiple clients simultaneously. These tasks scan local disks on target clients, identify and log files containing sensitive information, and optionally encrypt the identified files.

Administrators with the permission Function Permissions → Sensitive Information → Configure Full-Disk Sensitive Information Scan Tasks can access the full-disk scan task settings via Sensitive Information → Full-Disk Scan Tasks in the menu.

10.9.1 Set Task

Steps to set up a full-disk sensitive information scan task:

  • Click the Add button Add icon in the top-right corner to open the Create Scan Task dialog.
  • In the General tab, configure the basic settings.
  • Switch to the Advanced tab to configure advanced settings.
  • After finishing the configuration, click OK to create the scan task successfully.

General Settings Explanation:

Setting Option Description
Task Name The name of the current task. The system provides a default name, which can be modified.
Select Target Choose the target computers for the task. Click the button Select icon at the top of the selection window and enter keywords in the dialog to quickly locate and select targets.
Sensitive Information Configure the sensitive information to scan for.
Sensitive Content Check this option and specify the information classification. Files containing the specified sensitive content classification will be considered a match.
Document Classification Check this option and set the classification range. Files within this classification range will be considered a match.
Match Any Condition By default, all selected sensitive information criteria must be met for a file to be considered a match. Checking this option allows a file to be considered a match if it meets any one of the selected criteria.
Scan Path Specify the paths to scan. By default, all local drives are included. You can set local paths, network paths, or mapped drive paths, using commas or semicolons to separate multiple paths. Example: C:\;D:\ — only scans drives C and D. You can also use predefined identifiers to scan specific types of drives:
  • Local Drives: _local — scans all local drives on the client machine.
  • Removable Drives: _portable — scans connected removable devices, including USB drives, secure USB drives, encrypted drives, and external hard drives. (Encrypted workspaces, mobile phones, and optical drives are not supported.)
  • Mapped Drives: _map — scans all local mapped drives on the client machine.
Included Files Files within this scope will be scanned. You can select from the predefined file types or click the Browse icon button to manually enter file paths, supporting wildcards. Examples: *.doc, C:\*, D:\test\*.txt.
Search Files in Archives Check this option to identify documents containing sensitive content within compressed archives.
Excluded Files Files within this scope will not be scanned. You can select from the predefined file types or click the Browse icon button to manually enter paths using wildcards. Examples: *.doc, C:\*, D:\test\*.txt.

Note:

  • The exclusion scope takes priority over the inclusion scope.

Advanced Settings Explanation:

Setting Option Description
Task Options Configure the specific actions the task will perform.
Scan Mode Select the scanning mode from the dropdown:
  • Scan All Files — Scans all files on the client, including encrypted and unencrypted files.
  • Scan Encrypted Files — Scans only encrypted files on the client.
  • Scan Regular Files — Scans only unencrypted files on the client
Backup Copies Scan documents on the client, back up files that match the specified information classifications, and record them. Logs with a pin icon in the sensitive information logs allow viewing and downloading of the backup documents.
Encrypt Plaintext to Ciphertext Scan documents on the client; any plaintext matching the specified information classifications will be encrypted. The operation is recorded in the Encrypted Document Operation Log as "Encrypted – Sensitive Content Scan Task." The encrypted file's attributes are set according to the File Attributes specified below.
Modify Security Attributes of Encrypted Files Scan documents on the client. Encrypted files matching the specified information classifications will have their security attributes modified. The operation is recorded in the Encrypted Document Operation Log as "Modify Document Attributes – Scan Task." There are three modes for changing security attributes:
  • Public – Standard Attribute Change: Only modifies encrypted files whose access permission is set to Public – Standard.
  • Upgrade Lower-Level Attributes: Compares the file's current permissions with the new settings. If the current permission is lower than the new permission, it will be updated. Security Attribute Comparison Rules:
    • If in the same security zone, compare security levels.
    • If in different zones, the public security zone is considered lower than other zones.
    • If in different zones and neither is public, no comparison is made and no change occurs.
  • Force Attribute Change: Modifies all selected files to the new security attributes, regardless of their original attributes.
The new security attributes are defined under File Attributes below.
Set Document Classification Scan documents on the client. Files matching the specified information classifications will have a document classification added, defaulting to "Unclassified" (no classification). You can modify this under Set Document Classification below, with options for Specified Classification, Automatic Classification, and whether to allow Downgrading.
  • Specified Classification: Enable this option to activate the Select Classification dropdown, where you can choose a specific classification. Options include:
    • Unclassified — the triggered file is set as unclassified.
    • Other classifications, ranked from low to high: Public, Internal, Confidential, Secret, Top Secret.
  • Automatic Classification: The system sets the document classification based on the classification level associated with the triggered sensitive content.
    • If a file matches multiple sensitive content classifications with different levels, the highest classification is applied.
  • Allow Downgrade (default unchecked):
    • If unchecked, only files with an existing classification lower than the task-specified classification will be updated. Files with the same or higher classification remain unchanged.
    • If checked, all matched files will be set to the task-specified classification, regardless of their current level.
Scan Settings Configure the scanning task.
Scan Schedule Set the task start time by selecting the appropriate category from the dropdown, which aligns with the categories in Time Type Management.
Scan Frequency Set the scan frequency:
  • One-time Scan: The task starts immediately after being issued and ends once the scan is complete.
  • Recurring Scan: Specify dates for regular scans. Tasks unfinished within a cycle will resume at the start of the next cycle.
Performance Settings Configure system performance during the scanning task.
Scan Speed Priority Scanning is faster but may impact system performance. Recommended for non-working hours.
System Performance Priority Scanning is slower to minimize resource usage and maintain system performance. Recommended for working hours.
Scan Only When Idle Scans specified files only when the client is idle. Idle status is shown as "Running (Idle)" on the console.
File Size Only files within the specified size range will be scanned.
File Security Attributes When scanning and encrypting, defines the security attributes of sensitive files after encryption, including permissions and access rights. Encrypted files inherit these settings.

Note:

  • 1. The "Encrypt" option will not appear if the encryption module is not purchased.
  • 2. A scan task cannot be created if any of the selected computer objects, included files, sensitive content, or document classification fields are empty.
  • 3. When an administrator creates a full-disk sensitive information scan and selects "Encrypt," the document security attributes are subject to the security zones and levels of the files themselves.
  • 4. Once a full-disk sensitive information scan task is created, its settings cannot be modified. Ensure all configurations are correct before creating the task.

10.9.2 View Task Information

Current Task Information

In the upper section of the full-disk scan interface, you can view the task's basic information.

Item Description
Task Name The name of the scan task.
Computer The client computer's name.
Group The group to which the client belongs.
Status The current running status of the client.
Start Time The time the task started.
End Time The time the task ended.
Task State The current state of the task:
  1. 1. "Started" when scanning is enabled and the task is running.
  2. 2. "Paused" when scanning is disabled.
  3. 3. "Starting" / "Pausing" during transitions.
  4. 4. "Completed" when the task finishes.
Progress Shows the task completion progress, updated automatically.

Other Task Information

By selecting a client in the lower view under the "Task Information" tab, you can view detailed settings for that client's scan task, including all configurations set when the encryption task was created.

Note:

  • Full-disk sensitive information scan tasks run only once and cannot be repeated.

10.9.3 View Task Logs

In the full-disk sensitive information scan interface, select a client and go to the "Task Logs" tab in the lower view to see the task execution logs for that client. Use the refresh button on the toolbar to update the log.

Item Description
Time The time when the log entry was generated.
Task Name The name of the task being executed.
Content Includes the task's completion percentage, the directory currently being scanned, and key details such as the number of documents scanned and the number of sensitive items matched.

10.9.4 Enable/Disable Scan Function

Disable

By default, the scan function on a computer is enabled. In the full-disk scan interface, select one or more tasks and click the "Disable" button Disable icon, or choose "Disable Scan Function" from the right-click menu. The selected tasks will be paused.

Enable

Select one or more paused tasks and click the "Enable" button Enable icon, or choose "Enable Scan Function" from the right-click menu. The selected tasks will resume execution.

10.9.5 Delete Task

Select one or more tasks and click the "Delete" button Delete icon, or choose "Delete Computer Task" from the right-click menu. The selected tasks will be removed.

10.9.6 Search Computer Tasks

Click the "Search" button

Click the "Search" button Search icon to open the query selection dialog. Choose the specific computer or computer group and click "OK." The computer list will then display only the computers that match the query criteria for focused viewing.

Mode

Click the "Mode" toggle button Mode icon to switch between displaying all computers or only those with assigned tasks.

Don't see what you're looking for?

Visit our knowledge base
Know more about AnySecura
Read latest news
Discover what's happening now
Need assistance?
Contact us now