Skip to content

Sensitive data scans

Remotely scheduled Data Loss Prevention (DLP) hard drive scan policies can be configured for Windows and macOS devices. These policies allow you to schedule DLP hard drive scans on a device at a specified time and frequency, for example, every Friday at 3 a.m.

Configuring scheduled DLP hard drive scan policies

To configure a new remotely scheduled DLP hard drive scan policy:

  1. From the Device Posture tab, select + ADD:

Add new device posture policy

  1. Select the operating system to which the new policy will be added (Add to macOS or Add to Windows).

    The Add new device policy dialog is displayed.

  2. Select Sensitive Data Scans from the Select policy type dropdown:

    Sensitive data scans policy attributes

  3. Configure the following attributes:

    • Every (days): Specifies how often the remote scheduled DLP scan runs (maximum value 21 days.)
    • Preferred time: Specifies the time to start the remote scheduled DLP scan. The time corresponds to the current time zone of the device
    • Apply to: Specifies which drives are scanned for DLP in the remotely scheduled scan:
      • Unencrypted Drives: Only unencrypted drives are included in the remote scheduled DLP scan.
      • All Drives: All drives are included in the remote scheduled DLP scan.
  4. Enter label names (predefined or custom) to the Labels field listed under Apply policy to devices with these labels to apply the new policy to specific groups of devices.

    Apply the device posture policy to groups of devices

  5. Select SAVE to save your new policy with the configured settings.

    The policy is created.

The policy can be viewed by selecting the dropdown next to Sensitive Data Scans on the Device Posture tab. See Device posture.

The following policy details are displayed:

  • Device labels applicable to the policy
  • The frequency of the scheduled scan, for example, Everyday

    View sensitive data scan policy.

Policy enforcement

After the policy is configured, the Coro Agent displays a notification in the UI when a remote scheduled DLP scan initiates:

Sensitive data scan initiated

After the scheduled DLP scan completes, the Coro Agent displays the following notification:

Sensitive data scan ended

If any tickets were generated by the scheduled DLP scan, you can view them from the Open Tickets section of the device’s Activity Log.

Sensitive data scan tickets