Recently started a DLP project and after first couple small deployments....lots of questions.
Wondering if anyone can share their experiences.
1) After the first, initial scan is performed on endpoint, subsequent scans are deltas.
What if I wanted to re-scan an endpoint as if it was the first time again? How would I go about making
Scenario: If email scan was impacting end-user, i stop the scan by apply a no-email scan policy. It stop, user is
happy. However, scan state shows "completed", which is not really true. I want a full scan to happen again - how?
2) I'm observing that scans do not kick off unless a user is logged onto the endpoint. Is that correct?
3) If there are multiple profiles on an endpoint, the scans only scan the PSTs and files for that user's profile.
If any suspicious data exist on the other profiles, it would be missed. Am I correct in saying that?
4) When a DLP Local Email Scan (PST and OST files) occurs, the end-user may have trouble with Outlook.
i.e. when a PST is being scanned that PST is locked and not accessible. In other cases, Outlook is totally unavailable (due
to OST being scanned I'm presuming??? But not sure).
5) Given the above, how does everyone get their initial scans completed for their entire user population??
I see it as either:
a - impact the users and get the scan done no matter how long it takes or how troublesome it is to users
b - or try not to impact users in which case trying to complete a scan for that endpoint may take forever.
What am I missing here???
Thanks for any help and suggestions.