Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Glossary of TermsRabbitMQ LogsHow to Remove All RabbitMQ and Erlang Artifacts from Previous Installations (v13-v13.5)Service Task Type 10Can a Spirion Agent be set to run as "low priority"?Tips: How can I monitor pagefile usage during a scan?Tips: What are the Best Practices to Optimize Memory Usage During Scans?Tips: How does Despeckle interact with other OCR settings like Deskew?Tips: How to find the Outlook Folder GUIDs to use?Tips: How do I handle permission issues with Folder GUID scanning?Tips: What are common errors when Folder GUID permissions are insufficient?Tips: How to automate retrieving Folder GUIDs for multiple usersWhat permissions are needed for service accounts scanning GUIDs?What are the risks of scanning Email (Exchange) Public Folders in large organizations?Can I scan both Cached and Online Exchange Stores simultaneously?Tips: What are best practices for scanning large (Exchange) mailboxes?Tips: What are the Best Ways to Handle Duplicate Results from Scans of (Email) Public Folders?What are common mistakes when configuring Global Ignore Lists?Tips: How does scanning Online Archives affect scan duration?How can I optimize scan policies for Online Archives?What does a report for health information look like?How do I customize data types in the health information report?How do I test my custom RegEx before deployment?How to Install and Set Up the PostgreSQL ClientWhat Common File Types are Supported?Test Data for Local Spirion ClientWhat Version is My Spirion Sensitive Data Platform?What is Residual Data and Why is it Important?
FERPA
CCPA
CMMC
HIPAA
Release Notes
Reporting API
Customer Support Articles

What are the risks of scanning Email (Exchange) Public Folders in large organizations?

Scanning Exchange public folders in a large organization carries significant operational, technical, and data-governance risks.

Because Public Folders are designed for shared, multi-user access and often contain massive historical archives, they interact poorly with endpoint-based scanning Agents.

The primary risks include the following:

1. Extreme Network and Server Congestion

In a large organization, if a scan policy is deployed to thousands of endpoints with public folder scanning enabled, every single Agent attempts to crawl the same shared folders simultaneously.

  • The "DDoS" Effect: This creates a "Distributed Denial of Service" effect on your Exchange servers. The server must handle thousands of concurrent requests for the same data, which can lead to Outlook connectivity issues for all employees and even server crashes.
  • Bandwidth Exhaustion: If the agents are not in the same physical location as the Exchange server (e.g., remote workers on VPN), the massive amount of data being pulled down to each endpoint can saturate the company's internet or VPN pipes.

2. Massive Data Redundancy (The "Multiplier" Problem)

Public folders are shared.

If 500 employees have access to a "Finance" Public Folder containing one file with 1,000 Social Security Numbers:

  • Redundant Reporting: Spirion will report that same file 500 times (once for every user's scan).
  • Database Bloat: Your Spirion Console database will be flooded with duplicate results, making it extremely difficult for security teams to identify the actual "source" of the risk or perform meaningful remediation.

3. "Infinite" Scan Durations

Public folders often act as the "attic" of an organization, containing decades of data and millions of small items.

  • The "Stuck" Agent: Because endpoint agents are optimized for personal mailboxes (usually 5–50GB), they are not equipped to handle Public Folder databases that can reach Terabytes in size.
  • Timeout Failures: Scans may run for days or weeks, eventually failing due to network timeouts or the endpoint being rebooted, meaning you never get a completed result.

4. Permission and Access Complexity

Public folder permissions are notoriously complex and often inconsistent.

  • Incomplete Visibility: An endpoint agent can only scan what the logged-in user can see. This creates a "false sense of security"—you might think you've scanned the Public Folders, but you've actually only scanned the small subset visible to that specific user.
  • Access Denied Errors: Agents may spend a significant amount of time attempting to access restricted sub-folders, generating thousands of MAPI_E_NO_ACCESS errors in your logs.

5. Remediation Conflicts

If Spirion Agents discover sensitive data in a public folder and an automated "Quarantine" or "Delete" action is triggered:

  • Operational Disruption: A single user's scan could delete a file that 1,000 other people were actively using for their daily work.
  • Version Control Issues: Deleting or moving items in a shared environment without proper coordination can lead to data loss and broken workflows for entire departments.

The Recommended Alternative: "Centralized Scanning"

To mitigate these risks, archTIS recommends the following strategy:

  1. Exclude Public Folders from all general workstation/user scan policies.
  2. Create a Dedicated Scan: Set up a single, isolated scan task on a high-performance server (not a user's laptop).
  3. Use a Service Account: Run this scan using a dedicated Exchange Service Account with "Owner" or "Full Access" to the Public Folders.
  4. Scan Once: This ensures the data is scanned exactly one time, results are reported once, and there is zero impact on the end-user population.

Summary

  • Scanning Public Folders from endpoints is a "high-risk, low-reward" activity.
  • It risks crashing Exchange, saturating the network, and flooding your reports with duplicates.
  • Always use a single, centralized scan for shared organizational data.


Was this article helpful?

Powered by Product Fruits