DISCOVER Frequently Asked Questions

Can I customise the types of sensitive data DISCOVER searches for?

Yes, you can customise the types of sensitive data DISCOVER searches for. DISCOVER provides flexibility to customise scan jobs according to your organisation’s specific data governance needs. You have the option to include predefined data (PCI and PII) or custom data types.

Custom data types can be defined as:

Regular expressions: for pattern-based detection (e.g., employee ID formats, internal codes).
Filename expressions: to detect files with specific naming conventions or keywords.
Sensitive words: to locate documents containing custom phrases, particular terms, or confidential references.

When configuring a scan job, you can select or deselect predefined data types, such as PII (Personally Identifiable Information) and PCI (Payment Card Information), as well as custom data types.

What is different between a One-time Scan and an Ongoing Scan?

One-time Scan and Ongoing Scan differ in how DISCOVER executes and maintains scan jobs:

One-time Scan

Runs only once when initiated manually.
Ideal for quick assessments, targeted scans, or validating scan configuration changes.
After completion, the scan won’t run again unless manually initiated.
No automatic re-scan or scheduling is attached.

Ongoing Scan

Configured to run at scheduled intervals.
Automatically scans new or modified data sources according to the defined schedule.
Used for routine monitoring, compliance tracking, and detection of newly introduced sensitive data.

How does agentless scanning work compared to agent-based scanning?

Agentless scanning and agent-based scanning differ primarily in how DISCOVER connects to and inspects target systems.

Agentless Scanning

Agent-Based Scanning

The DISCOVER agent is installed on a host or virtual machine.

The DISCOVER agent is installed directly on each endpoint.

The agents installed on servers connect remotely to target devices to perform scans and report findings back to the DISCOVER server.

The agent performs local scans and reports findings back to the DISCOVER server.

Ideal for environments where software installation is restricted, or for scanning large numbers of devices and services.

Suitable for endpoints that are often outside the organisational network.

Performance depends on network connectivity and access permissions.

Requires agent deployment and maintenance on each endpoint, as the agents communicate with the DISCOVER server over the network.

What types of files does DISCOVER scan?

DISCOVER scans a wide range of file types across endpoints and storage systems, including:

Category

File Types /Extensions

C Family

.c, .h, .cpp, .cc, .cxx, .hpp, .hh, .hxx, .cs, .m, .mm

Java & JVM

.java, .kt, .kts, .scala, .sc, .groovy, .gvy, .gy, .gsh, .clj, .cljs, .cljc, .edn

Web & Scripting

.js, .mjs, .cjs, .ts, .tsx, .html, .htm, .css, .scss, .sass, .less, .php, .php3, .php4, .php5, .php7, .phtml, .py, .pyw, .pyi, .rb, .erb, .rake, .gemspec, .lua

Systems & Functional

.rs, .go, .swift, .hs, .lhs, .erl, .hrl, .ex, .exs, .ml, .mli, .mll, .mly, .fs, .fsi, .fsx, .fsscript

Legacy / Academic

.f, .for, .f90, .f95, .f03, .f08, .cbl, .cob, .cpy, .pas, .pp, .dpr, .adb, .ads, .ada, .lisp, .lsp, .cl, .scm, .ss, .pro

Microsoft & ASP.Net

.vb, .bas, .frm, .cls, .asp, .aspx, .ascx, .config, .vbhtml, .cshtml

Shell & Admin

.sh, .bash, .zsh, .ksh, .bat, .cmd, .ps1, .psm1, .psd1, .pl, .pm, .t

Data Science / Analytics

.r, .rmd, .m, .jl, .sql, .psql, .sas, .sps, .do

Modern / Niche

.dart, .cr, .nim, .nims, .zig

Assembly / HDL

.asm, .s, .inc, .vhd, .vhdl, .v, .sv, .svh

Other Languages

.cfm, .cfc, .st, .apl, .dyalog, .ijs, .hack, .hh

Build / Infra / Config

Makefile, Dockerfile, CMakeLists.txt, BUILD, WORKSPACE, .mk, .cmake, .gradle, .gradle.kts, .bzl, .tf, .tfvars, .csproj, .vbproj, .fsproj, .json, .yaml, .yml, .md, .xml

Scripts & Source Code

.ps1, .bat, .cmd, .sh, .pl, .rb, .py, .php, .js, .ts, .java, .c, .cpp, .cs

Autodesk

.dwg, .dxf, .dwt, .ipt, .iam, .idw, .ipn, .rvt, .rfa, .nwc, .nwd, .f3d, .fbx, .3ds, .max, .mb, .ma

SolidWorks

.sldprt, .sldasm, .slddrw

PTC Creo

.prt, .asm, .drw, .neu, .xpr, .xas

CATIA

.catpart, .catproduct, .catdrawing, .cgr

Siemens NX / Solid Edge

.prt, .par, .asm, .dft

STEP / IGES (Neutral Exchange)

.step, .stp, .iges, .igs

3D Modeling / 3D Designs

.stl, .obj, .ply, .3ds, .fbx, .gltf, .glb, .usd, .usdz, .vrml, .wrl, .lwo, .lws, .lxo, .ztl, .zpr, .hip, .hiplc, .hipnc, .prefab, .unity, .uasset, .umap, .pak, .amf, .3mf, .gcode, .pts, .ptx, .e57, .xyz, .las, .laz, .usdz, .gltf, .glb, .vrml, .x3d

Office Documents

.doc, .docx, .dot, .dotx, .rtf, .odt

Spreadsheets

.xls, .xlsx, .xlsm, .xlsb, .csv, .ods

Presentations

.ppt, .pptx, .pps, .odp

Text & Notes

.txt, .log, .md, .nfo

PDF & Publishing

.pdf, .xps, .pub

Email & Messaging

.msg, .eml, .pst, .ost, .mbox

Databases / Structured Data

.sql, .db, .sqlite, .mdb, .accdb, .dbf, .ora, .myd, .ibd

Config & Code Snippets

.ini, .cfg, .conf, .yaml, .yml, .json, .xml, .env

Images / Media

.jpg, .jpeg, .png, .gif, .bmp, .tif, .tiff, .ico, .heic

Backup & Export

.bak, .bkf, .gho, .vhd, .vhdx, .qcow2, .ova, .ovf

Logs & Monitoring

.log, .evt, .evtx

Financial / Accounting

.qbw, .qbb, .qfx, .ofx, .mny, .gnucash

Healthcare / PHI

.dcm, .hl7, .cda

What happens if the Agent device or the target device goes offline during a scan?

DISCOVER scans involve multiple connections:

Agent ↔ Server connection:
- If this connection goes offline, both the server and the agent will continuously attempt to re-establish a connection.
- Data transfer from the agent to the server is temporarily halted, but the scan continues.
Agent ↔ Target device connection:
- If a target device goes offline, the scan for that specific device pauses.
- Once the target comes back online, the scan resumes from where it left off.
- Other targets assigned to the same agent continue scanning uninterrupted.
Agent self-scan:
- This does not require network connectivity. It continues even if the agent or server is offline.
- However, data cannot be sent to the server until the agent-server connection is restored.

How do I monitor the progress of ongoing scans?

You can monitor ongoing scans via the DISCOVER Management Console:

Navigate to DISCOVER > Scans.
In the scans list, check each scan's status.

Status

Explaination

Not Started

The scan has been created but has not yet begun.

In Progress

The scan is currently running.

Completed

The scan has been completed.

Terminated

The scan was stopped manually.

Make sure to refresh the page to see the latest status, as this will update the display with any recent changes to the agent’s connectivity or activity.

How can I generate reports of discovered sensitive data?

Reports are automatically generated after each scan job. To download the generated reports:

Go to DISCOVER > Results.
Select a completed scan job from the list and click Download.

Reports will be downloaded as Excel (.xlsx) files.

Which environments and platforms does DISCOVER support?

DISCOVER supports scanning across a range of Windows environments and select Microsoft cloud services.

Supported Environments

Windows Operating Systems:
- Windows 10 and 11
- Windows Server 2019, 2022, and 2025
File Servers:
- SMB-based file servers

Supported Cloud Services

Microsoft Exchange
Microsoft SharePoint

DISCOVER connects to these systems using protocols such as SMB, WinRM, and SSH, enabling scanning across environments.

What are the firewall or port requirements for DISCOVER?

Yes, DISCOVER requires the following firewall and ports:

Port

Service

SSH

445

SMB

443

HTTPS

5986

WinRM (HTTPS)

3306

MySQL

6379

Redis

Can I schedule scans or run them on-demand?

Yes, DISCOVER allows both on-demand and scheduled scans:

On-demand scans:
- You can run a scan immediately whenever needed.
- If a scan is already running on the same agent or host, the new scan is queued and will start once the current scan completes.
- One scan task per agent can run at a time; additional scans are processed sequentially.
Scheduled scans:
- You can configure recurring scans on a fixed schedule (daily, weekly, monthly, or custom intervals).
- Each scan job can have its own schedule, data scope, and sensitivity rules.
- Ideal for continuous monitoring and compliance checks without manual intervention.

What should I do if the DISCOVER Agent cannot connect to the Management Console?

If the Management Console cannot connect to the DISCOVER Agent:

Check Network Status – Ensure the Management Console service and the Agent can establish inter-communication over the network.

If the network is functioning correctly but the agent still appears offline,

Check Registry Configuration – Open the Windows Registry Editor and navigate to: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\GuardWare\DISCOVER.
Confirm that the organizationName matches your Organisation
Confirm that the serverPort entry contains the correct HTTPS port value.
Confirm that the serverIP and serverName point to the correct domain address.

If the given values are incorrect, you will need to reconfigure the DISCOVER Agent and re-establish the connection. To do this:

Click the Windows key (⊞), type Task Scheduler, and press Enter.
Search for GuardWare Discover Agent Task, right-click it, and select End.

Launch Task Manager by pressing Ctrl + Shift + Esc keys together.

Search for GuardWare Scan Utility, right-click the process, and select End task.
Open File Explorer, navigate to C:\ProgramData\Guardware\GWScanningAgent, and delete all the contents of the folder.

Navigate to C:\Program Files\Guardware\Discover Agent
Right-click GuardWareDiscoverAgent.exe and select Run as administrator.

In your browser, refresh the Management Console page to see the reflected changes.

Who can I contact for technical support or further assistance?

For assistance, contact GuardWare support at [email protected].

NextPROTECT Frequently Asked Questions

Last updated 6 hours ago