When Identity Finder completes a scan and finds nothing, essential a clean
scan, it prompts the user for a New Scan, or to Exit, but there is no evidence
that a scan has run and that it was clean, (besides the logs, but I'll get to
that). We are using Identity Finder in Guest Mode only, so I don't know if that
behavior is different while using profiles.
To give a little back story on this, we were using Cornell University's Spider
Scanner before we launched Identity Finder. After the "Spider Scan"
was complete, the user had a spreadsheet on their desktop called
SpiderResults.csv. Actually, once the scan started, the file was created and as
matches were found, they were added to the spreadsheet. The transition to
Identity Finder has been very smooth, and I only had this questions/issue come
Our program is setup so we have Data Stewards in each of our departments and
they are responsible for getting their computers scanned and
reviewing/remediating the results. We have an issue in one department where
some of the users have not been willing to comply and scans have not been done.
So this request may sound like a policing effort, but after thinking about it,
I thought it may be beneficial. With Identity Finder, and the ability for the user
to scan and remediate their results, the Data Steward for this department has
raised concerns that, since there is no evidence of a scan, clean or not, a
user could say, "Yes, I've scanned, I found X, Y, Z, deleted them, and now
my computer is clean".
Now, from the Console's perspective, yes, it would show how many, if any, scans
were done, and what was found. But our Data Stewards don't have access to the
console, and probably never will. The endpoint logs, if enabled, would
have information about the scans, but asking the Data Stewards to dig through
log files isn't practical. So what I’m asking for is some type of notification,
whether it be a generated email, a small text file, or something else, that
marks an endpoint as scanned and clean, in the event of a clean scan. Whatever “it”
is, would then be the proof that the scans were done.
I hope this is clear enough, but if you need more info, or
have any suggestions, please let me know.