What is a one sentence summary of your feature request?
Add a recovery method for files that were encrypted via eDiscovery after a clean scan has been run
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Hello everyone, I noticed while working with customers that the eDiscovery module could encounter potential data loss if not used correctly. For example, if an administrator runs a scan on a workstation, encrypts a file from the results and then clears the logs, or runs a clean scan, they currently have no method for decrypting the file afterwards. Also, if the admin tries to scan the client again, it will not see the original file as it is now encrypted. I am proposing there either be a method for users to import backed up logs for eDiscovery so they can point to the location of the encrypted file and decrypt it, or Netwrix support have a 3rd party tool available to decrypt the file in the event it cannot be decrypted from the EPP console.
How do you currently solve the challenges you have by not having this feature?
To avoid this situation, I have been advising customers on how to avoid this scenario, but there is still concern about an admin accidentally clearing logs after a file has been encrypted, thereby causing it to become inaccessible. I have also suggested using security groups to limit which accounts have access to clear logs or run clean scans, to prevent accidentally clearing the logs. However, there is not currently a work around to directly restore the files outside of external backups for the file location.
Please let me know your feedback, or if there are already plans to address this internally.
Thank you!
Jason Anderson
2 Likes
Hi Jason,
Welcome to the Netwrix Community!
We appreciate your insightful feedback regarding Endpoint Protector.
I would like to inform you that your suggestion aligns with our ongoing discussions, as we are dedicated to enhancing our eDiscovery module to ensure an optimal user experience.
Your excellent proposal is indeed pertinent and will be carefully considered. Following a thorough review, we will strive to develop the most effective solution for the recovery of encrypted files via eDiscovery, particularly in circumstances like this where logs have been cleared.
While we’re working on the best solution, we advise using the workarounds you’ve already mentioned and keep managing the file encryption and decryption carefully.
Thank you once again for your valuable contribution!
Cheers,
Simona
3 Likes
Simona,
Thank you for your response and for letting me know this is a concern that is being addressed!
I also wanted to mention another possible suggestion I thought of for resolving this issue in future updates:
There could also be a protection put in place when a file is encrypted that prevents the logs for that client from being cleared, or a clean scan from being run. For example, when a file in the logs for a client is encrypted, a Boolean value is changed to enable protection for the scan logs of that client. If an administrator attempts to clear the logs, or run a clean scan, they receive a notice/error that the logs cannot be cleared due to a file in the logs remaining encrypted. After the admin decrypts the file, the protection is set to 0 and they are now able to clear logs or run a clean scan for that client.
This would prevent concerns about losing logs that contain the path to the encrypted file and make EPP admins in an organization aware of any lingering encrypted files that may have been previously missed when logs are cleared.
Hopefully this suggestion is helpful!
Thanks,
Jason Anderson
1 Like
We really appreciate your valuable and helpful suggestions, Jason!
We recognize the potential of your approach and assure you it will be thoughtfully considered in our ongoing discussions. Certainly, this proposal is well grounded and holds promise as an effective solution.
Be confident that our team is committed to thoroughly investigating this matter to develop the most effective solution. Please stay tuned for updates!
Wishing you all the best,
Simona
2 Likes