# Scans

The Scans section is where you configure and run scans against discovered targets. DISCOVER offers three scan options:

* **One-Time Scan** runs a single, non-recurring scan on selected targets and data types.
* **Ongoing Scan** runs repeatedly on a defined schedule, continuously monitoring selected targets.

The location of the installed scanning agent determines how scans run for both One-Time and Ongoing scan types.

<figure><img src="/files/1OpDE3Mlnl2VLd6uXdS3" alt=""><figcaption></figcaption></figure>

<table><thead><tr><th width="143"></th><th width="212">Local Scanning</th><th>Agentless Scanning</th></tr></thead><tbody><tr><td><strong>How it works</strong></td><td>The agent is installed on the target device itself</td><td>Agent is installed on a separate host or VM Scanning Server.</td></tr><tr><td><strong>What it scans</strong></td><td>The device's own local files</td><td>Other devices, file shares, or cloud services across the network</td></tr><tr><td><strong>Best for</strong></td><td>Single device coverage</td><td>Scanning multiple targets from one central host</td></tr></tbody></table>

## One-Time Scan

Create and run a one-time scan to investigate a specific target, test new data type configurations, perform an ad-hoc compliance check, or scan a newly discovered device before adding it to ongoing monitoring.

![](/files/6c3f8234302c21d937acbfff470662ea9c6ba2e4)

1. Navigate to **DISCOVER** > **Scans** and click **+New Scan**.
2. Select **One Time Scan** and click **Proceed**.
3. Enter a **Scan Name** that clearly identifies the purpose of the scan (e.g., *Finance SharePoint - Credit Card Check*). Add an optional **Description** for additional context and click **Next**.<br>

   <div align="left"><img src="/files/9eae0ea13c282c7dd71694488d49cc255936dd72" alt="" width="563"></div>
4. From the data types list, check the boxes next to the data types you want to scan for and click **Next**. Use the search box to locate specific types quickly. <br>

   <div align="left"><img src="/files/93d79bb3afd47c899fe3d740e3679fbbd8b8034a" alt="" width="563"></div>
5. **Select Targets / Services**. You'll see three tabs representing different target types:
   1. **Devices:** Displays all discovered devices (workstations, laptops, file servers, network storage).
   2. **Exchange:** Displays all discovered Exchange Online mailboxes.&#x20;
   3. **SharePoint:** Displays all discovered SharePoint Online sites and document libraries.<br>

      ![](/files/6c8b3008d6a5aadf2e4911a5ceb77cb2ad2a4b61)

You can select targets across multiple tabs (e.g., scan both devices and SharePoint sites in the same scan job). Click **Next** after selecting all targets.

6. Configure **File Handling Options**:
   1. **Archive File Handling:** Enable to process compressed files (ZIP, RAR, 7z, etc.). When enabled, DISCOVER extracts and scans the contents of archive files. When disabled, archive files are skipped.
   2. **OCR for Images:** Enable to extract and scan text from image files (JPG, PNG, GIF). Enable if sensitive data may exist in screenshots or photographed documents.
   3. **OCR for Documents:** Enable to extract text from files such as PDFs, TIFF files, etc.
   4. **Enable New Files Since Last Scan:** Enable this to scan only files that have been created or modified since the last time this target was scanned. This significantly speeds up subsequent scans by skipping unchanged files.&#x20;
   5. **Select Exchange Date:** For Exchange scans, specify a start date to scan only emails received from that date forward. Set this to a reasonable timeframe (e.g., the past 90 days) unless historical email coverage is required.<br>

      <div align="left"><img src="/files/827f1e1d036410fffb4add93377015b9979038d8" alt="" width="563"></div>
7. **Filter Directories and Files Types** allows you to include or exclude specific folders and file types from the scan. If you skip this configuration, DISCOVER **will scan all directories and file types** for sensitive data. You have multiple options for controlling which directories and file types are scanned:
   1. **Scan Only the Selected Folders and File Types**\
      Limit the scan to specified locations and file formats. Only what you explicitly select will be scanned. Use this when you know exactly where sensitive data exists and want to focus only on those locations.

      <div align="left"><figure><img src="/files/d18d2091293a756806c74acaf9a32c720a0bdf41" alt="" width="563"><figcaption></figcaption></figure></div>

      1. **Include System Folders (Toggle):** Enable to include Windows system directories (`C:\Windows`, `C:\Program Files`). Generally not recommended unless you have a specific reason to scan system folders.
      2. **Selected Folder Paths:** Click **+Add** to add directories to scan. Enter the full path (e.g., `C:\Users\Public\Documents`, `\\fileserver\HR\Payroll`). Add multiple paths as needed—only these directories will be scanned.\\
      3. **Include All File Types (Toggle):** Enable to scan all supported formats (documents, spreadsheets, presentations, images, archives, emails). Disable it to limit scanning to specific extensions only.
      4. **Include Custom File Types:** Click **+Add** to specify extensions to scan uncommon or proprietary file extensions not in DISCOVER's standard list. Only files matching these extensions will be scanned.
   2. **Scan All Content Except the Selected Folders and File Types**\
      Scan everything except selected directories or file types. Use this when you want broad coverage while skipping known irrelevant areas like system folders, logs, or temporary directories.

      <div align="left"><figure><img src="/files/c491e6ab76202487ed410367373945097736aa4e" alt="" width="563"><figcaption></figcaption></figure></div>

      1. **Exclude System Folders (Toggle):** Enable to skip all Windows system directories. Recommended for most scans, as system folders rarely contain user-generated sensitive data.
      2. **Exclude Custom Folder Path:** Click **+Add** to specify directories to exclude. Enter the full path (e.g., `C:\Windows\Temp`, `\\fileserver\Backups`, `D:\Logs`). These directories will be skipped during the scan.
      3. **Exclude All File Types (Toggle):** Enable to skip file content scanning entirely and only examine file metadata (filenames, paths). Rarely used—typically only for filename-based data types.
      4. **Exclude Custom File Types:** Click **+Add** to specify extensions to exclude uncommon or proprietary extensions you don't want scanned (e.g., `.backup`, `.cache`).\
         Click **Next** to proceed.
8. Review the scan configuration summary and click **Save Scan**. The scan initiates automatically and appears in the Scans list with a status indicator.

Once the scan completes, click **View Result** to see the findings.

## Ongoing Scan

Use ongoing scans for continuous monitoring required by regulations or policies, to establish a baseline and track trends in sensitive data exposure across your environment, to monitor all devices and services without manual intervention, or to provide regular reporting on data security status.

![](/files/92600f6dd2743e91d8339abca1694c3848f6c882)

1. Navigate to **DISCOVER** > **Scans** and click **+New Scan**.
2. Select **Ongoing Scan** and click **Proceed**.
3. Select data types and click **Next**.

![](/files/4fa7e469ac7a971a72ad47906ad89020d740bebf)

4. Select all devices and services you want to monitor continuously and click **Next**.

![](/files/6c8b3008d6a5aadf2e4911a5ceb77cb2ad2a4b61)

5. Configure file handling options following the same process as a one-time scan, with one additional option:
   * **Auto Scan Newly Discovered Device:** Enable to automatically include devices and services discovered after the scan is created. On each scheduled run, any newly discovered targets are added to the scan automatically.

<figure><img src="/files/9a5d5cf864961733da63a674ceb3077ad21d7292" alt="" width="563"><figcaption></figcaption></figure>

6. **Filter Directories and Files Types** allows you to include or exclude specific folders and file types from the scan. If you skip this configuration, DISCOVER **will scan all directories and file types** for sensitive data. You have multiple options for controlling which directories and file types are scanned:
   1. **Scan Only the Selected Folders and File Types**\
      Limit the scan to specific locations and file formats. Only what you explicitly select will be scanned. Use this when you know exactly where sensitive data exists and want to focus only on those locations.

      <figure><img src="/files/d18d2091293a756806c74acaf9a32c720a0bdf41" alt="" width="563"><figcaption></figcaption></figure>

      1. **Include System Folders (Toggle):** Enable to include Windows system directories (`C:\Windows`, `C:\Program Files`). Generally not recommended unless you have a specific reason to scan system folders.
      2. **Selected Folder Paths:** Click **+Add** to add directories to scan. Enter the full path (e.g., `C:\Users\Public\Documents`, `\\fileserver\HR\Payroll`). Add multiple paths as needed—only these directories will be scanned.
      3. **Include All File Types (Toggle):** Enable to scan all supported formats (documents, spreadsheets, presentations, images, archives, emails). Disable it to limit scanning to specific extensions only.
      4. **Include Custom File Types:** Click **+Add** to specify file type extensions to scan uncommon, proprietary, or file extensions not in DISCOVER's standard list. Only files matching these extensions will be scanned.
   2. **Scan All Content Except the Selected Folders and File Types**\
      Scan comprehensively while excluding specific areas or file types. Everything is scanned except what you explicitly exclude. Use this when you want broad coverage while skipping known irrelevant areas like system folders, logs, or temporary directories.

      <figure><img src="/files/c491e6ab76202487ed410367373945097736aa4e" alt="" width="563"><figcaption></figcaption></figure>

      1. **Exclude System Folders (Toggle):** Enable to skip all Windows system directories. Recommended for most scans, as system folders rarely contain user-generated sensitive data.
      2. **Exclude Custom Folder Path:** Click **+Add** to specify directories to exclude. Enter the full path (e.g., `C:\Windows\Temp`, `\\fileserver\Backups`, `D:\Logs`). These directories will be skipped during the scan.
      3. **Exclude All File Types (Toggle):** Enable to skip file content scanning entirely and only examine file metadata (filenames, paths). Typically, only for filename-based data types.
      4. **Exclude Custom File Types:** Click **+Add** to specify extensions to exclude uncommon or proprietary extensions you don't want scanned (e.g., `.backup`, `.cache`).\
         Click **Next** to proceed.
7. Set a Schedule to define when and how often the scan runs.
   1. In the **Repeat Schedule Every** field, enter how frequently the scan should run.
      1. **Select an interval:** Select the rate at which the scans repeat monthly.
      2. **Select a time:** Select the time at which the scans start.\
         Example: Selecting **2** Months at **10:00** repeats the ongoing scan every 2 months at 10:00 AM.
   2. Choose the **Scan Start From** date
      1. **Specific Date:** Select a calendar date when the first scan should run. The scan will start on this date and then repeat according to the interval you set.
      2. **Day of the Week:** Select a specific day (Monday, Tuesday, etc.) when scans should run. This is useful for scheduling scans during low-activity periods (e.g., every Sunday).
   3. Ongoing scans can be resource-intensive (high CPU usage, network traffic, disk I/O); it's best to schedule them during off-hours when they won't impact user productivity. Use the **Avoid Scans** on option to specify when scans should NOT run, even if they're scheduled.

      1. Click **+Avoid Time** to add a restriction. Select the day(s) of the week when scans should be avoided. Select the time range to avoid (e.g., 8:00 AM to 6:00 PM for business hours). You can add multiple avoid time windows to accommodate different schedules.

      Click **Next** to continue.

![](/files/5780a8d81e91b30780b0083250bfd883fd4d80ac)

8. Review the configuration summary and click **Save Scan**. The scan initiates automatically and appears in the **Scans** list.

<details>

<summary><strong>View Scan Results</strong></summary>

After the scan completes, click **View Result** to see the findings.

1. Navigate to **DISCOVER** > **Scans**.

<div align="left"><figure><img src="/files/d1v13pM4Smv8mHUFyNqa" alt="" width="563"><figcaption></figcaption></figure></div>

2. Locate the completed scan and click **View Result**.
3. This opens the Results page filtered to show only findings from this specific scan (see the Results section below for detailed information on reviewing scan findings).

</details>

<details>

<summary><strong>View Scan Details</strong></summary>

1. Navigate to **DISCOVER** > **Scans**.&#x20;
2. Locate the scan and click **View** <i class="fa-eye">:eye:</i> . <br>

   <div align="left"><figure><img src="/files/3nvFBfcmDbbGSfo9WG2U" alt="" width="563"><figcaption></figcaption></figure></div>
3. This displays the complete scan configuration.

</details>

<details>

<summary><strong>Delete a Scan</strong></summary>

1. Navigate to **DISCOVER** > **Scans**.&#x20;
2. Locate the scan you want to remove and click **Delete** <i class="fa-trash-can">:trash-can:</i>.&#x20;

   <div align="left"><figure><img src="/files/hi2CDzfrKwbHt7yjwd6S" alt="" width="563"><figcaption></figcaption></figure></div>
3. A confirmation prompt will appear. Click **Delete** to confirm.

   <div align="left"><figure><img src="/files/46c5f10cf56ce7d21f31cf8b4c812895ee2e1163" alt="" width="375"><figcaption></figcaption></figure></div>

</details>

<details>

<summary><strong>Pause a Scan</strong></summary>

1. Navigate to **DISCOVER** > **Scans**.&#x20;
2. Locate the running scan and click **Pause** <i class="fa-pause">:pause:</i>. <br>

<div align="left"><figure><img src="/files/tWIes7kGuXzfOhebA3Wn" alt="" width="563"><figcaption></figcaption></figure></div>

3. The scan immediately pauses and stops processing targets. Targets that have already been scanned retain their results. Targets not yet scanned remain in the queue.

</details>

<details>

<summary><strong>Resume a Scan</strong></summary>

1. Navigate to **DISCOVER** > **Scans**.&#x20;
2. Locate the paused scan and click **Resume** <i class="fa-play">:play:</i>. <br>

   <div align="left"><figure><img src="/files/XNUooMqmS3SRsMsNA11k" alt="" width="563"><figcaption></figcaption></figure></div>
3. The scan resumes from where it was paused, continuing to process remaining targets in the queue.

</details>

<details>

<summary><strong>Terminate a Scan</strong></summary>

1. Navigate to **DISCOVER** > **Scans**.&#x20;
2. Locate the running scan and click **Terminate** <i class="fa-circle-xmark">:circle-xmark:</i>. <br>

   <div align="left"><figure><img src="/files/5tsbgOjZ4hR0IYSM7EYA" alt="" width="563"><figcaption></figcaption></figure></div>
3. A confirmation prompt will appear. Click **Terminate** to end the scan immediately.

   <div align="left"><figure><img src="/files/08db5b8f8f6e002be1871921524bb4de2cdfab83" alt="" width="375"><figcaption></figcaption></figure></div>

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.guardware.com/discover/scan/scans.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.