Data Loss Prevention

Can someone detail to me the difference between the sharepoint scanner object and the sharepoint scan object?  We have been working with support to get our Sharepoint servers to scan and after creating a sharepoint scanner object we were able to manually trigger a scan from the sharepoint server.  However, the sharepoint scanner target doesn't seem to give us the ability to scan the sharepoint without manual interaction on the sharepoint server.

Thanks,

Jeremy

Jeremy,

There are essentially two ways to scan SharePoint. I encourage you to read this thread and see if that doesn't answer your question. If not, we can address it.

https://www-secure.symantec.com/connect/forums/whats-difference-between-scans-and-scanners

Aaron

I had read that thread previously.  It seems like there is no reason to install the symantec software on the web front end, and scanning it entirely through the web interface is the preferred method.  That then leads me to wonder why support would have wanted us to install the scanning software when we were just trying to scan a sharepoint and have the proper credentials to do it.

Jeremy

So support wanted you to install the Scanner (agent installed on the SharePoint server and has a Start menu entry)? In my opinion that scanner isn't the best way to go. I much prefer the WFE "plug-in".

What was the initial issue you were having?

The initial issue was that the scan wasn't working.  Then the support tech got hung up on port 8090 not responding, but it doesn't respond unless you have an active scanner setup.  What is the WFE plug-in?  Is that the piece that installs onto the Sharepoint instance and has the .wsp extension?

Yes, that's the WFE (Web Front End) scanner (what I call plug-in). If that port isn't working, you can tell it to use another port, like 8091 or whatever. Is there a way you can tell if a firewall is maybe blocking your ability to get the server talking with the other system?

Or, perhaps, try installing the WFE scanner and go that route. The docs on installing it are pretty accurate.

Aaron

the WFE plugin can be throttled and scan at different times... the other older methid is on and run...

I use WFE on everything and have never had a issue, i believe this is also the preffered method from support also. As for the docs the are right on, i used it the first time and it worked, i still refer to the doc from time to time.

It's not a firewall issue.  The port isn't listening on the discover server, so the web front end can't communicate to it.  After we created a scanner and started it the port was open, but that doesn't appear to be the way we want to do it.

Jsneed:

The appropriate method to answer the question on the differences that you initially asked is to try to determine your end goal and what data it is you are hoping to return from the scan. We have a couple of products Data Loss Prevention (DLP) which will review the contents and metadata of a file and DataInsight (SDI) which will return the ownership and access of the files.

You are able to configure monitoring, scanning, discovery to the sharepoint server. In SDI using a sharepoint client associated with the Web Application URL you have the ability to:

Automatically discover and add site collections in this Web Application

Monitor SharePoint accesses to this Web Application

   Automatically enable auditing for site collections of the web application

Enable Scanning for this Web Application

Data Insight monitors access events on the SharePoint servers and maps all SharePoint access types such as checkout, view, check in, write, update, delete, and move to Data Insight meta access types - Read, Write, Delete, and Rename. To complete this level of data collection the Admin must have installed and configured the Data Insight Web service on the SharePoint server.

Tabs available in the application allow for access to view by user or folder. A folder view would have the following tabs: