Using rules with scans

Remediation scans use rules to detect and take action on sensitive files.

Files crawled by a remediation scan are compared against active discovery rules. If the file matches the repository and classifications defined in a rule, McAfee DLP Discover can take action on the file. These options are available:

  • Take no action
  • Create an incident
  • Store the original file as evidence
  • Copy the file
  • Move the file
  • Apply an RM policy to the file
  • Classify File As
  • (Box scans only) Remove anonymous sharing for the file

Moving files or applying RM policy to files is not supported for SharePoint lists. These actions are supported for files attached to SharePoint lists or stored in document libraries. Some file types used for building SharePoint pages, such as .aspx or .js, cannot be moved or deleted.

Box scans support moving files only to CIFS shares. Database scans support only creating an incident and storing the original data as evidence.