Exclude configuration

There are two types of scans in Data Risk Assessment:

• Full scan: This scan is initiated when a server and its shares are configured. This is only required once.
• Incremental scan: This includes subsequent scans that are periodically carried out in new files, and files that were modified after the previous scan.

Both scans will take into account all discovery rules and policies, and implement all configured classification profiles.

Note: In some older installations of ManageEngine DataSecurity Plus (installed prior to build 6050 and updated to the latest version), Incremental File Scan must be enabled manually. For steps, refer to this help page.

Since data discovery is a CPU-intensive task, DataSecurity Plus offers the ability to add certain entities and times to exclusion lists to omit scans in those entities, thereby minimizing load and avoiding disruptions.

There are three types of exclusion lists:

• Scan folder exclusion: Shares added to this list will not be scanned for sensitive and business-critical data. Further, no automatic classification actions will be performed by DataSecurity Plus in these folders.
• Scan time exclusion: No scans will be performed during the configured length of time. This option can be used to pause scans during peak business hours and avoid overloading the CPU.
• File type exclusion: The file types added to this list will not be scanned and will not be classified automatically.

To view or modify these settings,

• Select Risk Analysis from the application drop-down.
• Go to Configuration > Scan Configuration > Exclude Configuration. Here, you will see the three exclusion lists.
• To add entities to these lists:
• Excluded Folders
• Click + next to the field.
• Add the paths to the shares you want to exclude from scans.
• To add more than one path, separate them with a comma.
• Click Add.
• Excluded Scan Time
• Click + next to the field.
• Select the frequency of the period you wish to exclude from scans.
• Set the Start and End times of this period.
• Click Add.
• Excluded File Types
• Click + next to the field.
• From the File Types pop-up, select the file categories and types that you want to exclude from scans.
• Click Add to close the pop-up.
• Click Save.

To manually initiate a full data discovery and classification schedule in a server or a share, view the status of the last scan, and to list the complete history of scans in a server:

• Select Risk Analysis from the application drop-down.
• Go to Configuration > Data Source Configuration > File Server.
• From the table listing the configured servers, you can:
• Manually initiate the scan in a server, by clicking the Rescan Server icon under the Actions column.
• Manually initiate scans in specific shares in a server by clicking edit next to the server containing the target shares, then clicking the Rescan Share icon next to the target shares.
• View the status of the last scan under the Last Schedule Status column.
• View the history of scans in a server by clicking View History under the Execution History column.

Note: In some older installations of DataSecurity Plus (installed prior to build 6050 and updated to the latest version), the status of previous scans and scan history can be viewed under Risk Analysis > Configuration > Scan Configuration > Schedule Configuration.