Use the Security Scanning page on the Managed Host Settings dialog to define when an agent is to perform the initial security scan and when to watch for changes to the structure and security of the file system. Where possible, schedule the scan to low peak hours to avoid heavy network traffic.
The default behavior for security scanning is different depending on the type of agent deployed:
- Local agents: By default, local agents begin scanning immediately when the agent is deployed. Subsequent scans occur on the configured schedule, which is daily at 2:00 A.M. by default.
- Remote agents: Remote agents scan the target computer on a configured schedule. By default, scans are daily starting at 2:00 A.M.
- SharePoint farm agents: SharePoint farm agents scan the target computer on a configured schedule. By default, scans are daily starting at 2:00 A.M.
You can modify the scan schedule and define the time and frequency with which the agent scans the target computer using the options available on the Security Scanning page. In addition to defining the security scan schedule, you can specify whether to ignore files and only store folder security data, as well as continuously monitor the file system and apply real-time updates to scanned security data.
Note: The schedule times for security scanning are based on the agent's local time.
Use the options in the Scanning Schedule pane to define the frequency at which the agent performs a full security scan on the target managed host.
For remote managed hosts and SharePoint managed hosts, managed paths must be defined for scanning to occur. For more information, see Managed paths page.
Scan start time
Specifies the local time of day, with respect to the machine on which the agent is running, when the security scan is to start. The default start time is 2:00:00 AM. To change this time, use the arrow controls to specify a new time.
When the Immediately scan on agent restart or when managed paths change option is selected, the scan start time is ignore for the initial scan.
Select this option to scan the target computer on a daily schedule. Use the days of the week check boxes to define when the scan will occur during the week and the Scan start time field to specify the time the daily scan is to begin.
For all agents, this option is selected by default along with a scan start time of 2:00 A.M. However, since local agents also have the Immediately scan on agent restart or when managed paths change option selected by default, the initial scan starts immediately when a local agent is deployed. This daily schedule is then used for subsequent scans by the agent. For remote and SharePoint agents, this daily schedule is used for the initial and subsequent scans.
Run on an interval
Select this option to scan the target computer on an hourly interval instead of a daily schedule. Selecting this option enables the Every control to specify the interval to be used.
When using the Run on an interval option, it is possible to select a frequency such that the agent is still busy completing the last scan when the next scan should start. In this case, the scan that could not start on time is skipped and the next scan starts as normal.
Select this option to schedule a single security scan of the agent.
When the Run once option is selected, the Collect activity for real-time security updates option is automatically selected. This is to ensure that changes to the structure and security of the file system on the target managed host are applied to the scanned data.
|Immediately scan on agent restart or when managed paths change
Select the Immediately scan on agent restart or when managed paths change option if you want the agent to scan immediately when it is added, when the agent is restarted and when any managed paths are changed.
For local agents, this option is selected by default. To delay the initial scan and use a configured scan time, clear this check box and use the options in the Scanning Schedule pane to define when to start the agent scan.
|Ignore all files and only store folder security data
The Ignore all files and only store folder security data indicates whether the agent is to capture file security data for the target managed host during an agent scan. When this option is cleared, the agent will include file security data in the agent scan.
For all supported managed host types, this option is selected by default, indicating that only folder security data is to be scanned.
NOTE: This option is not available for NFS host types.
|Collect activity for real-time security updates
Select the Collect activity for real-time security updates option to have the agent watch for changes to the structure and security of the file system on the target managed host (that is, monitor create, delete, and rename operations, as well as DACL, SACL, and Owner changes). This results in a more up-to-date security index.
When the Run once option is selected, this option is automatically selected to ensure that change to the structure and security of the files system on the target host are applied to the scanned data.
NOTE: When using Change Auditor to collect resource activity, it is not recommended to enable the Collect activity for real-time security updates on EMC or NetApp managed hosts. The agents managing these host types should be configured to scan on a schedule and not run once. The performance gain in using Change Auditor's event collection will be lost if the Data Governance agent is also collecting activity from these storage devices for security updates.
NOTE: This option is not available for Generic, SharePoint Farm, SharePoint Online or OneDrive for Business host types.
NOTE: When changing this setting, the agent starts watching for changes during and following the next scheduled full scan.