Sensitive data scans¶
Remotely scheduled Data Loss Prevention (DLP) hard drive scan policies can be configured for Windows and macOS devices. These policies allow you to schedule DLP hard drive scans on a device at a specified time and frequency, for example, every Friday at 3 a.m.
Configuring scheduled DLP hard drive scan policies¶
To configure a new remotely scheduled DLP hard drive scan policy:
- From the Device Posture tab, select + ADD:
Select the operating system to which the new policy will be added (Add to macOS or Add to Windows).
The Add new device policy dialog is displayed.
Select Sensitive Data Scans from the Select policy type dropdown:
Configure the following attributes:
- Every (days): Specifies how often the remote scheduled DLP scan runs (maximum value 21 days.)
- Preferred time: Specifies the time to start the remote scheduled DLP scan. The time corresponds to the current time zone of the device
- Apply to: Specifies which drives are scanned for DLP in the remotely scheduled scan:
- Unencrypted Drives: Only unencrypted drives are included in the remote scheduled DLP scan.
- All Drives: All drives are included in the remote scheduled DLP scan.
Enter label names (predefined or custom) to the Labels field listed under Apply policy to devices with these labels to apply the new policy to specific groups of devices.
Select SAVE to save your new policy with the configured settings.
The policy is created.
The policy can be viewed by selecting the dropdown next to Sensitive Data Scans on the Device Posture tab. See Device posture.
The following policy details are displayed:
After the policy is configured, the Coro Agent displays a notification in the UI when a remote scheduled DLP scan initiates:
After the scheduled DLP scan completes, the Coro Agent displays the following notification:
If any tickets were generated by the scheduled DLP scan, you can view them from the Open Tickets section of the device’s Activity Log.