This document contains frequently asked questions for the Spirion endpoint application and console.
What does Spirion do exactly? Spirion’s endpoint application scans the endpoint for potential restricted or sensitive
data, collates the results, and sends the results to the console (and potentially the endpoint user)
in an encrypted format. It is possible to take actions through the application such as shredding
files, ignoring false positives, or quarantining files.
How long will a Scan take? Scan time will change depending on the scan configuration (locations scanned, file
types scanned, match types scanned for), the computer hard drive, and processing power. Scans can
take from 1 minute to several hours depending on the above variables. Typically, scans on a
workstation take less than an hour if configured appropriately (not scanning system files and
Appdata) Most servers take 6 - 12 hours to scan, so the most common practice is to run the scan
overnight or on a weekend.
File servers, databases, and other large storage space take longer to scan, and require more
processing power than the machine you need to scan. Scanning on this scale requires a Discovery
Team, a group of computers working together, to complete the scan. As of this writing, The Office of
Cybersecurity initiates scans that require a Discovery Team. If you need to scan a large server or
database, send an email to email@example.com with the subject line of
either "Spirion Database Scan" or "Spirion Scan of Large Server" as appropriate.
What Operating Systems are compatible with Spirion?
Windows Server 2012 r2, 2016, 2019
MacOS 11 Big Sur: limited functionality
macOS 10.15: Catalina
macOS 10.14: Mojave
macOS 10.13: High Sierra
macOS 10.12: Sierra
OS X 10.11: El Capitan
OS X 10.10: Yosemite
OS X 10.9 Mavericks
Red Hat Enterprise 64 Bit, versions 5.1 and later
How do I go about getting set up with Spirion?
Please reach out to us at
you’d like to get set up on the Spirion Console and obtain installers for your IT department.
It's too good to be true. Are there any disadvantages of doing this? Without proper configuration such as filepath exclusions Spirion will often flag
numerous false positives. This can be fixed by the IT administrator if they adjust their policies to
exclude searching system files, appdata, and program files. Please feel free to reach out to us at
firstname.lastname@example.org if you have any questions
regarding this process.
What are my options if I find what appears to be Sensitive Data in a search? Your first step should be to verify whether the sensitive data is legitimate. Examine
the filepath for the match. If the filepath for the file with the match is in the System or Appdata
folder, it is likely a false positive. However, if the filepath seems to lead to a legitimate file
containing Sensitive Data, it is best to coordinate with the end user to determine whether the file
is real, and to take next steps going forward. Some of these steps might include deleting the data
or moving it to a secure encrypted drive.
Can I schedule recurring scans? Can I set scans to search for different data types
depending on the endpoints being scanned? You can schedule scans to run on a one time, daily, weekly, or monthly basis. Results
from these scans will come in to the console as they complete. You can create policies to apply to
specific endpoints or endpoint tags – which allows you to change the types of data scans on those
machines search for. This can be useful if you have a subset of machines on your environment that
are more likely to handle restricted data – you can set the scans to search for additional data
types that you wouldn’t necessarily want to search for across your entire environment.
Hey! I’m certain this match is a false positive! If you believe a match to be a false positive you can select to ignore it (either
within the Endpoint Application or from within the Console). If you wish to prevent this match from
occurring on other machines you could add the filepath to the list of excluded search locations in
your search policy as defined in the console.
Will the endpoint agent consume a lot of resources on users' endpoints? Generally, the endpoint client consumes minimal resources, but resource intensity can
increase greatly when a scan is running. This is particularly noticeable on older, less powerful
machines – on new machines there is generally little to no performance impact during scans. There
are settings you can configure to reduce resource consumption, but this will increase scanning time.
Often, a better option is to leave the machine to run a scan overnight, or at another time when
resources are not otherwise in use.
Will DoIT Cybersecurity staff be able to see any sensitive information or restricted
data found on my endpoints? DoIT Cybersecurity can see the same items that you can see in the console. For this
reason, and others, we do not recommend configuring your policies to send full matches to the
console (there is an option to send partial matches and one to send no match, just the match file