Search a computer to locate and secure potentially dangerous data such as U.S. Social Security Numbers. In many instances, data found is data the computer user may not know exists.
Before deploying Identity Finder, your department should:
- assess risk of sensitive data already existing on local systems and ongoing risk of new sensitive data being saved on local systems
- develop departmental policies for sensitive data on local systems (allowed or not, encryption, laptop vs desktop, etc)
- determine required frequency of scans and develop regular schedule for scans of local systems (generally off-hours)
- develop procedures to deal with false-positive results
- develop remediation procedures (responsibility on local users, Identity Finder admins, etc.)
- develop standardized scan configuration for Identity Finder for department/organization
- establish buy-in from department head (to enforce policies and practices)
Penn preferred pricing and a site license exists for Identity Finder. It may be purchased from the Office of Software Licensing.
Support documents and additional information
Below are some tips and suggestions for running Identity Finder individually on Windows-based computers.
Identity Finder Tips
Identity Finder allows the desktop user to create a scheduled scan.
- The user’s current login credentials are stored along with the task that runs the scan. If the user changes their password, the scan will no longer run (since it’s running with the old password). The scheduled scan stops running and the user never notices.
- I.F. can only scan files the user has access to. If multiple users have logged on to this pc, then the scan may miss sensitive data in protected directories
- By default, scheduled scans run with whatever configuration the user made. The configurations are generally manually set (although you can create a config file for the user to import). Per user settings means results vary from user to user.
- By default, the user receives no feedback after the scan runs; they must remember to check the
- By default, the scan results are written to the user’s own “documents and settings”directories
- Create a configuration file by setting up a scheduled scan in Identity Finder and exporting the settings to an ini file
- Create a scheduled task that runs with admin credentials. The command line will look like this:
"C:\Program Files\Identity Finder\IdentityFinder.exe" /jobmode /inifile=<filename>
- Create a directory outside of documents and settings. Store configuration and write log and scan results there
- Send a regular email to users, reminding them to check results
- The task always runs, even after user changes their password
- All necessary files and folders are readable
- Predictable results for everyone
- Easily push out updated configuration to everyone
- Predicable location for files
- Users remember to check results
Identity Finder has a host of complicated settings. Expecting users to manually configure everything is unreasonable and unwise. Most settings are stored in the windows registry. By creating a text file with the necessary registry entries and using the regedit command line utility, you can standardize a host of settings for all your desktops.
Settings for an individual user:
HKCU\Software\Identity Finder\Identity Finder Enterprise Edition
Initial defaults, changeable by users:
HKLM\ Software\Identity Finder\Identity Finder Enterprise Edition\FirstRun
Mandatory settings not changeable by user:
HKLM\ Software\Identity Finder\Identity Finder Enterprise Edition|
There is an annoying but useful manual that documents each of the registry settings (provide a link to download). To generate the initial registry text file, configure I.F. on an individual desktop, then open regedit and export the settings under HKCU. Then open in a text editor and change the key strings from
- Decide what settings should be mandatory
- Configure Identity Finder on a desktop with all the defaults
- Export the set of registry keys for HKCU\Software\Identity Finder
- Create a text file with a subset of the desired keys
- For mandatory settings, change “HKEY_CURRENT_USER\\SOFTWARE\Identity Finder\Identity Finder Enterprise Edition” to “HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Identity Finder Enterprise Edition”
- For initial default settings, change “HKEY_CURRENT_USER\\SOFTWARE\Identity Finder\Identity Finder Enterprise Edition” to “HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Identity Finder Enterprise Edition\FirstRun”
Identity Finder generates two kinds of files with every scan:
- A scan log, with error messages and scan totals (*.log)
- A detailed listing of individual files (*.idf). By default, this is encrypted (and should be)
- If you do an incremental scan (only changed files or files changed since a particular date), Identity Finder will APPEND the results to the existing *.idf file. If the user has dealt with past problems, they will see those files listed in the scan results.
Quirks and bugs
We’ve seen a number of bugs and confusing quirks:
- A detailed results (*.idf) file is only generated if Identity Finder finds problems. If no sensitive data is found the *idf will be from the LAST SCAN, listing problems that no longer exist.
- If you quarantine sensitive data, Identity Finder does not retain the full path, only the filename. If you try to quarantine a second file with the same name you will get an error message.
- For some users, the scheduled scan starts and fails, or a real time scan starts and fails. Uninstall and reinstall Identity Finder
- If you are scanning for unformatted ssn’s (no dashes), you will find them EVERYWHERE. There is a setting (“ssn2threshold”) that tells Identity Finder to ignore files unless it finds a minimum number of matches. Tweak this until it works in your environment.