Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Settings and Resources
Additional Resources
Reports
Reporting API
Customer Support Articles
How to Follow Data Through the Search PipelineEndpoint for Windows Configuration Reference GuideEndpoint Software Command Line InterfaceBasic Troubleshooting Steps (Enterprise Console)Endpoints or Results Fail to be Displayed in the ConsoleMongoDB and TLS 1.3SQL Client SQL Exception ErrorHow to Troubleshoot Spirion Client Search Failures and How to WhitelistCustomer Notice – Spirion Agent Update & Security Assessment for PostgreSQLHow to Enable Verbose/Debug Logging for the Endpoint ServiceHow can I monitor the status of a queue job?Can I monitor the job queue status automatically?Troubleshooting: "Unable to find job queue: search_queue"How to Verify the Discovery Agent's StatusHow to check if port 6433 is open on your networkWhat is the SDM Translator Service?How to Create a Single Tenant App for OneDrive and Exchange Online SearchesHow to Configure Spirion for Sybase DiscoveryHow to Use Certificates to Authenticate with SharePoint OnlineHow to Quarantine to a Remote Location Using Spirion Sensitive Data PlatformA Server Error has Occurred: How to use the Chrome Developer ToolsWhy doesn't my Oracle 19c Database scan?How to Enable Full Disk Access on a Mac AgentWhy is My Scan Node Running Out of Disk Space?What to do about Message Processing and Delays, also known as 'Lag,' in SpirionDetails About the Box API used by Spirion to Search Box AccountsHow to Build a Mac Package (PKG)How to Sanitize AgentsHow to Set User and Role AccessHow to Enable SSL Communication between Linux Agents and the Spirion ConsoleHow to Enable HTTPS for the Spirion ConsoleHow to Search BoxFAQ: How do I avoid being prompted to re-login to the Spirion console?Spirion Sensitive Data Platform Scan PerformanceHow to Authenticate to SharePoint On-PremiseHow to Configure Spirion Sensitive Data Platform to Connect to an Oracle DatabaseFAQ: Linux 12.5 Client Package Build WorkaroundTroubleshoot Exchange Online Using Microsoft Graph ExplorerFAQ: What to do when an agent will not start the discovery team scan?Required SQL Server PermissionsHow to Scan Microsoft Teams with Spirion Sensitive Data PlatformField Input Using Linux Machines Anti-virus Alerts Received during Spirion SearchVersion 13.6 MSI Installation Issues - Exe file not signedWhat are common firewall rules needed for distributed scans?
Release Notes

Endpoint for Windows Configuration Reference Guide

This article contains information about configuring Windows endpoints to communicate with the Spirion console.

Identity Finder Endpoint for Windows can be managed via the Spirion Console. 

This management includes the application of policies, scheduling of tasks, reporting of results and logs, remediation, and collection of diagnostic information. Additionally, the endpoint software can be used interactively by end users and/or executed via the command line at a command prompt

To configure Windows endpoints to communicate with the console, it is necessary to install configuration information on each endpoint that includes the location of the console as well as the encryption information necessary to securely communicate with the console. 

Before a search can be executed on the endpoint, it is necessary for each endpoint to have license information that is provided via a license file (identityfinder.lic) or created via the activation process.

It is also possible to customize the automated execution and/or user experience through the use of policies, configuration settings in the Windows registry, or via command line configuration files (XML). 

NOTE: For version 11.x ensure you have installed the 2013 and 2015 C++ redistributables before upgrading or installing version 11.x of the Client. Those redistributables can be found here: https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads
NOTE: Firstrun settings configure initial user preferences, system language, and environment setups for applications, operating systems, or hardware upon their first launch. Key examples include initializing Microsoft Office 365/Office 2013 (via firstrun.exe), configuring Edge browser startup experiences, setting up Raspberry Pi OS initial user/network, or configuring vehicle infotainment systems.

To detail the above, this article contains information about:

Additional information about the operation of the client and storage locations for logs are also included.

For details on configuring a single system or creating an installer, refer to the following articles:

Client/Console Communication

To configure communication between the client and the console, it is necessary, at a minimum, to configure the settings to point to the enterprise console, establish the encryption key used for communication, and to enable communication. 

The easiest way to obtain these settings is to browse to http://consoleserver/Services where consoleserver is the name or IP address of the enterprise console.  On that page, there are two links entitled, "Identity Finder for Windows 32-bit" and "Identity Finder for Windows 64-bit." 

Clicking on the appropriate link will provide a .reg file containing the aforementioned settings.  When using this file for inclusion in the custom package that is created for deployment to all Windows systems, the 32-bit link must be used. Alternatively, this file can be distributed to those systems via any exiting software distribution method. It is important to note that a custom installation package must be configured to install the endpoint service.  If a custom installation package is not used, the default package must be executed with the /endpoint switch.  If the endpoint service is not installed, communication with the console will not be possible.

For details on configuring a single system or creating an installer, refer to the following articles:

License Files

To use Identity Finder for Windows, either a license file must be supplied or an activation number must be used to activate the application. 

When using a license file, the user is not prompted with an activation or licensing process as long as the license file has been placed on the system prior to the first execution of the application. 

The file must be named identityfinder.lic and must be placed in the same folder with the Identity Finder application (IdentityFinder.exe).

  • For example: "C:\Program Files\Identity Finder 7\identityfinder.lic"
  • The license file should be included in the custom package

Activation Information

To use Sensitive Data Manager for Windows, either a license file must be supplied or an activation number must be used to activate the application. 

  • When using an activation number, the user will be prompted to complete the activation process the first time the application is launched. 
  • Note that when using activation numbers, the client must be activated for scheduled tasks to execute successfully. 

After Sensitive Data Manager is activated, the activation information is stored at app.dat in the following folder:  

%ALLUSERSPROFILE%\Application Data\Identity Finder\Application\{04964656e-7469-7479-2046-696e6465720}\
  • Under normal circumstances, this folder should never be modified or deleted.  Refer to, "Identity Finder Does Not Allow Licensed Features" for additional information on when it may be necessary to delete activation information.
  • Rather than requiring users to type in their activation number in the Activation Wizard, it is possible to pre-populate the activation number field by creating an activation.txt file.  Activation.txt is a plain text file that may be placed in the same folder as the Identity Finder application (IdentityFinder.exe). 
    • For example: C:\Program Files\Identity Finder 6\activation.txt
  • This file will be automatically read into the application if the application is not already activated or licensed.  The contents of this file consist of one valid Identity Finder activation number with no additional header or footer information.

Configuration Settings (Windows Registry)

The Identity Finder for Windows application settings are stored in the Windows registry. 

  • After the first time the application is executed, user settings are written to the location noted below - system and system firstrun settings will never be automatically created. 
  • Other than the settings necessary for client/console communication, archTIS recommends no additional settings are specified in the custom installation package as all other settings should be managed via policies from the enterprise console.
  • When settings are present in the system location (or included in a system policy), they are considered to be authoritative and the corresponding options in the UI will be disabled and therefore users will be unable to change those settings. 
  • To set alternate defaults, but allow the user to change those settings in the UI, use the system firstrun location (or a user default policy). 
  • To set defaults that are different than the application defaults, enable the user to change those settings in the UI, but reset those custom defaults each time Identity Finder is launched, use the system firstrun location (or user default policy) and ensure that the setting Initialization\Configuration\AlwaysUseFirstRun is set to "Always reset settings" (1).

System (32-bit):

HKEY_LOCAL_MACHINE\Software\Identity Finder\Client\

system (64-bit):

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Identity Finder\Client\

system firstrun (32-bit):

HKEY_LOCAL_MACHINE\Software\Identity Finder\Client\FirstRun\

system firstrun (64-bit):

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Identity Finder\Client\FirstRun\

user (32-bit Windows, Windows 7 64-bit and later, include Windows 2008/2008 R2):

HKEY_CURRENT_USER\Software\Identity Finder\Client

user (64-bit Windows prior to Windows 7):

HKEY_CURRENT_USER\Software\Wow6432Node\Identity Finder\Client
Note: When Identity Finder is started, by default, FirstRun is set to 1.  After a search is successfully completed, a value of 0 for FirstRun is written to the user settings in the registry.  Whenever the value of FirstRun is set to 1 or AlwaysUseFirstRun is set to 1, the settings will be read from the firstrun registry path.  Only when the value of FirstRun is 0 (after a successful search) are the firstrun settings ignored.

The full list of settings may be obtained by viewing the policy editor within Identity Finder Enterprise Console version 4.5 or later or via the Identity Finder Settings Viewer.

Configuration Settings (XML)

Settings can be supplied to the client via the /configurationfile command line switch.  When settings are present in an xml configuration file, they are considered to be authoritative and the corresponding options in the UI will be disabled and therefore users will be unable to change those settings.  Creating a configuration file from scratch is possible, but it is recommended that an existing file is modified with the desired information to ensure proper formatting.

Endpoint Service Information

When the Windows client is used with the enterprise console, an endpoint service application is used to communicate with the console to obtain tasks and policies and send results and logs to the console. 

  • The endpoint service application should be deployed through the custom installation package. 
  • If the endpoint service is not properly installed and registered, all communication with the console will fail. 
  • The application binary and supporting files (including downloaded tasks and policies) are stored in the following folder:

Windows XP/2003:

%ALLUSERSPROFILE%\Application Data\Identity Finder\

Windows Vista/7/2008:

%ProgramData%\Identity Finder\

 Profile Information

The Identity Finder profile consists of Settings and UserData.  The settings are stored in the Windows Registry while the UserData is stored on disk in the following locations:

Settings (Windows registry) for all 32-bit versions of Windows and Windows 7 64-bit and later:

HKEY_CURRENT_USER\Software\Identity Finder\Client

Settings (Windows registry) for all 64-bit versions of Windows prior to Windows 7:

HKEY_CURRENT_USER\Software\Wow6432Node\Identity Finder\Client

UserData on disk for Windows XP/2003:

%userprofile%\Local Settings\Application Data\Identity Finder\identityinfo.dat %userprofile%\Local Settings\Application Data\Identity Finder\identityinfo.sqlite

UserData on disk for Windows Vista/7/2008:

%localappdata%\Identity Finder\identityinfo.dat %localappdata%\Identity Finder\identityinfo.sqlite

The UserData consists of lists or individual pieces of information added to Identity Finder in the Website list, Database list, Custom Folder list, Remote Machine list, OnlyFind Identity list, and Ignore list. 

With the exception of folder names, all of the UserData information is AES-256-bit encrypted with the user profile password; if the user Profile password is lost or forgotten, the contents of this file cannot be recovered. 

  • Editing of this file is not supported
  • To add UserData information to Identity Finder, use console policies or supply it via a configuration (XML) file
  • To obtain properly formatted UserData information for use in a configuration file, add the information to the relevant list in the client application GUI and then export the current profile

Additional Application Paths

Client Logs (User Context)

By default, when the client is run under the user context (interactively or as a scheduled task), the client log files are stored in the logs subfolder of the user profile folder. 

The logs can be moved to any local or UNC path to which the user has write access.

XP/2003: %userprofile%\Local Settings\Application Data\Identity Finder\logs\
Vista/7/2008: %localappdata%\Identity Finder\logs\

Client Logs (System Context)

By default, when the client is run under the system context as a scheduled task, the client log files are stored in the logs subfolder of the shared data folder for the Identity Finder application. 

The logs can be moved to any local or UNC path to which the user has write access.

Version 7.x and later
XP/2003: %ALLUSERSPROFILE%\Application Data\Identity Finder\Logs\SystemSearch\
Vista/7/2008: %ProgramData%\Identity Finder\Logs\SystemSearch\
Version 6.x and earlier XP/2003: %SYSTEMDRIVE%\Documents and Settings\Default User\Local Settings\Application Data\Identity Finder\logs\ Vista/7/2008: %SYSTEMDRIVE%\Users\Default\AppData\Local\Identity Finder\logs\

External Module Logs

The main client application invokes several 32-bit and 64-bit modules to provide support for text extraction and filtering. Regardless of the user context under which the search was executed (user or system), if a 64-bit module is invoked, it will log to the shared data folder for the Identity Finder application:

XP/2003: %ALLUSERSPROFILE%\Application Data\Identity Finder\Logs\LocalExtLogs\
Vista/7/2008: %ProgramData%\Identity Finder\Logs\LocalExtLogs\

Endpoint Service Logs

The endpoint service logs are stored in the shared data folder for the Identity Finder application:

XP/2003: %ALLUSERSPROFILE%\Application Data\Identity Finder\Logs\EPS\
Vista/7/2008: %ProgramData%\Identity Finder\Logs\EPS\

Autorecover File

When enabled, the autorecover file is stored in the user profile folder as autorecover.  The location of this file cannot be changed.

XP/2003: %userprofile%\Local Settings\Application Data\Identity Finder\autorecover
Vista/7/2008: %localappdata%\Identity Finder\autorecover

Search History Databases

When enabled, the Search History databases are stored in the databases subfolder or the user profile folder.  The location of these files cannot be changed.

XP/2003: %userprofile%\Local Settings\Application Data\Identity Finder\databases\
Vista/7/2008: %localappdata%\Identity Finder\databases\

Temporary Files

During certain operations, Identity Finder will create temporary files.  These operations include, but are not limited to:

  • Detaching and searching e-mail attachments
  • Creating mail summary information files when searching Thunderbird and MBOX mail files
  • Download and searching web files
  • Extracting files from compressed files/archives for searching
  • Performing the Scrub action

Any temporary files created for searching purposes that are found to have identity matches are shredded and all other temporary files are deleted. 

To shred all temporary files created during the search, enable the setting "ShredAllTempFilesCreatedDuringSearch" found in the following directory: Settings\Locations\Files\ShredAllTempFilesCreatedDuringSearch

To create a temporary folder, Identity Finder asks Windows for the user’s temp path and creates a sub-folder named IDFTmpDir in that location: %TEMP%\IDFTmpDir\

Was this article helpful?

Powered by Product Fruits