search cancel

How to configure a DLP Discover Scan to return a list of PST files on a target

book

Article ID: 163666

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

It is desired for DLP Network Discover to return a list of incidents that, in effect, create a list of PST files found on a Discover Target.

Environment

This functionality is not germane to the use-case for DLP, but it is possible to do.

Resolution

The configuration for this to work is very specific:

Policy:

Message Attachment or File Type Match - Microsoft Outlook (MSG, PST)

--AND--

Message Attachment or File Name Match - *.pst

The Discover server MUST have Outlook installed.

The Discover scan must NOT have "Scan PST Files" selected.

This is the only configuration that will return a list of PST files.

As an alternative, you can leverage the dir command from an Admin cmd prompt, with the content root as the current directory on the cmd prompt:

dir /b /s *.pst >list.txt

This will return a text file called list.txt in the current directory of all the files ending with .pst.