Evaluating Identity Finder Results in Windows
- You will receive an email from the Identity Finder Enterprise Console with the results
of the PSI scan on your computer. If you are trying to evaluate the results of a
scan that was not initiated by the management console, but instead run by yourself
see our other documentation on evaluating scan results from the Windows client.
Evaluating Scan Results Using the Identity Finder Client on Windows
- Open the email, right click the attachment, and select “Save As”.
- Browse to wherever you would like to save the file, name the file, and click “Save”.
- Browse to where you saved your file and open it by double clicking it.
- The document will look something like this when you first open it. Feel free to resize
- These are the columns we are mainly interested in.
- The “Owner” column lists the owners of each document that has been flagged as possibly
containing sensitive information.
- The “Identity Type” column lists the type of information the scan believes it has
- The “Identity Match” column lists the whole or partial data of the sensitive information
it believes it found in a file. (Ex. It may list a full social security number or
just a partial number.)
- The “Match Quantity” column lists how many times the information in question was found
in the file.
- The “Location” column lists the location of the file on the computer.
- The “Location Type” column lists the type of document containing the information.
- You will now look through all of the results to determine if the information found
is truly PSI as defined by the IT Policy or if it is just a false positive.
- Start by right clicking the “Location” cell of the first result and selecting “Copy”.
- Next open a Windows Explorer window. Do this by clicking the Windows Explorer Icon
in Windows 7 or it can be done by opening “My Computer”.
- Paste the location you copied from your document into the browser bar by first left
clicking it to select the bar, then right clicking the bar and selecting “Paste”.
- Once the file path is in the browser bar press the “Enter” key to open the document.
- Here is the document opened in the example. At first glance you can tell it contains
PSI and is not a false positive.
- Say you determine that you do not need this PSI on your machine therefore you will
- Close the document then repeat steps 14-16 to enter the location of the document in Windows Explorer again. However, instead
of hitting enter this time you will select the text on the right hand side of the
last “\” and delete it using either the "Backspace" key, the "Delete" key, or by right
clicking the selected text and clicking "Delete". This is so that you point Windows
Explorer to the location of the document instead of directly to the document. Once
the filename text is removed you can press the “Enter” key.
- Now locate the file, right click it, and delete it.
- You will then click on the “Desktop” to navigate to the “Recycle Bin”.
- Right click on the “Recycle Bin” and select “Empty Recycle Bin”.
- Return to my list of Identity Finder results repeat steps 14-17 to open the next document to be evaluated.
- This example is a large Excel spreadsheet. You can tell the document is fairly large
due to the small scroll bar on the right. You do not see any PSI at first glance.
- To make searching for the information in question faster, go back to the Identity
Finder scan results document to copy the information in question. This is so you can
enter the data into Internet Explorer in order to try and find the information quickly
and determine if it is PSI or a false positive. Right click and copy the cell in question
from the Identity Match column.
- Now go back to the file you had opened and press the “Ctrl” and the “F” key simultaneously
to open the Find Bar.
- Right click and “Paste” the data you obtained from the spreadsheet into the Find Bar
- This should then take you to the section of the document that displays the data you
are interested in. This is a false positive triggered by a document that was fabricated
for this demonstration. False positives can either be ignored or deleted.
- It should be noted that using this find technique will work in most of the large documents
you come across. You should now have the tools you need to evaluate Identity Finder
Scan Results from the .csv file.