Identity Finder: FAQ
- How do I decide what to do with the results?
- Can I install Identity Finder on my home computer?
- How do I install Identity Finder?
- Do I have to be connected to the University's network to run an Identity Finder search?
- I get a warning saying Windows Firewall blocked Identity Finder. What do I do?
- How will I know if Identity Finder is running a scheduled search (one I did not start myself)?
- What is Identity Finder configured to search?
- I'm using the Zimbra Connector for Outlook to access my Zimbra email on Windows. Will my email be searched?
- Can I search my home drive (personal network share) with Identity Finder?
- What actions can I take on a match?
- Identity Finder says the file is read only and can't be shredded. Help!
- What email within Outlook will be searched?
- If an email attachment has a finding and I shred it, what happens?
- Can I search Entourage on a Mac?
- Identity Finder keeps freezing on my Mac and I can't complete a search. What can I do?
- Should the Identity Finder title bar show “(Guest Profile)”?
- What information is reported back to the central server?
- Why can’t I scrub this file?
- What if I don’t know what a file is?
- Why do I get a message saying “No Identity Match Selected” when trying to ignore an identity match?
- Why does Identity Finder show a message saying Mac OS has reported a disk error?
- Why does Sophos Antivirus alert me that I have a virus every time Identity Finder runs?
- How can I "Gather Data" from Identity Finder?
- Where can I get other help with Identity Finder?
1. If the files are no longer needed, Shred (delete) them - even if they are documents that reside in email.
2. If the files are needed, but the identifying information is not needed, remove the identifying information from the files. The Scrub function in Identity Finder is able to automatically redact some file types.
3. If the match is a false positive, use the Ignore option within Identity Finder to remove them from the results list. You only have to ignore a file or match one time - once the collection is ignored, Identity Finder will not flag it in successive runs.
4. If the files are needed and the identifying information must be kept:
a. Determine if they can be moved to a more secure location such as a department file share.
b. if the file can't be moved, do not take any action with Identity Finder.
i. Validate that your PC/Mac is encrypted.
ii. The collection/machine must be reported to University IT through the following website - http://www.rochester.edu/it/policy/ssn-pii/.
A. No. The University of Rochester license covers only University owned computers. Personal computers are not covered under the University’s license. However, Identity Finder offers a free version for home use with limited functionality, available from their web site here: http://www.identityfinder.com/
A. Visit the web page http://www.rochester.edu/it/security/data/identity_finder.html and log in to download the client. You must be connected to the University network when installing the software. The University network includes being physically plugged in on campus, connected over the UR_Internal_Secure, UR_DomainAuth, UR_Connected wireless networks, or over VPN. UR_RC_Guest will not work. After the software is installed, you can then run searches when you are not connected to the University's network.
A. No, you do not need to be connected to the network to run a search. The initial software installation is the only time when you must be connected to the University's network.
A. When Identity Finder is first installed or is upgraded, sometimes a Windows 7 computer will show an alert that the firewall blocked Identity Finder from connecting:
When you receive this message, choose "Allow access" to allow Identity Finder to function. If you receive the message again, try selecting all three options - Domain, Private and Public - and then choose "Allow access."Q. How will I know if Identity Finder is running a scheduled search (one I did not start myself)?
A. University IT may periodically schedule your computer to be searched with Identity Finder. You will be notified by the software when a search starts.
On Windows an icon will appear in your system tray and show this notification alert:
You can double click the system tray icon at any time to view the status of the search. Another notification will appear when the search has finished, and you will be presented with a report of the results for you to take action.
On a Mac, the Identity Finder application will appear briefly, then be minimized to your dock. You can maximize the application at any time to view the status of the search. When the search completes, the application will maximize and present a report of the results for you to take action.
A. On a Mac, Identity Finder will search files on all locally attached devices, including thumb drives and CD-ROMs. Folders in your personal profile such as Desktop and Documents are included in the search. Email is not searched.
On a Windows computer, Identity Finder will search files on all locally attached devices, including thumb drives and CD-ROMs. Folders in your personal profile such as the Desktop and My Documents are included in the search. Additionally, your Exchange email account will be searched, including your primary mailbox, PST mail archives, and any shared mailboxes to which Outlook is attached.
A. Yes, when using the Zimbra Connector for Outlook, your email will be searched with Identity Finder.
A. Yes, you can manually search your home drive with Identity Finder. To search your home drive, open My Computer and right click on your home drive. Select the Identity Finder submenu and choose Search. Identity Finder will open and begin searching.
A. Shred (secure delete), Scrub (redact just the PII information from a file), and Ignore options are available within the Identity Finder software.
A. Identity Finder will not shred a file if it is marked as "Read Only" by Windows. To change this property and allow Identity Finder to shred the file, right click on the file and choose "Properties." Under "Attributes" unselect "Read-only" and click "OK." Then try shredding the file again from within Identity Finder.
A. If multiple profiles are set up with different types of accounts or accounts for different people, they will all be searched. All shared mailboxes such as departmental mailboxes attached to those profiles will be searched. Exchange Public Folders are not searched. Both email messages and attachments are searched.
A. If an email attachment has a match and an action is taken, the whole message is affected. For example, if you shred an attachment, the whole email message is shredded.
A. No, Exchange email through Entourage or Outlook on a Mac cannot be searched. If you need to search your email, you should log into a Windows computer that has Outlook installed and use Identity Finder on that computer to search your mailbox.
A. A search in the Identity Finder Mac client can take a long time depending on the size of your hard drive and the types of files stored on it. If it appears that Identity Finder is frozen, try pausing and resuming the search. If it successfully pauses and resumes but still appears stuck on the same file, let it sit for at least one hour.
If you have an external hard drive connected that is used for Time Machine, you can also try disconnecting it and running another search.
A. Yes, it should. The University's Identity Finder policy configuration requires that the guest profile be used.
A. Computer information, match locations and counts, and user name are reported back to the server. The actual match data itself is not sent (for example, the SSN numbers are not reported).
A. The Scrub option can only be performed on certain types of files – specifically plain text and non-proprietary file types. Email messages, attachments, PDF files, and files within .zip files cannot be scrubbed.
A. If you don’t know what the file is, don’t delete it. Consult with your IT support representative first to make sure that the file is not critical to an application or the operating system.
A. This occurred because you were selecting a file with multiple matches. To use Ignore Identity Match, you must expand the file to view all the matches and select one particular identity match number to ignore.
A. Occasionally, when running an Identity Finder search on your Mac, you may be prompted with a message notifying you that Mac OS has reported a disk error. These errors occur during regular use of your Mac computer. To fix them, please run the Disk Utility following the instructions in this Identity Finder KnowledgeBase article: http://www.identityfinder.com/kb/Troubleshooting/588472
A. When an Identity Finder search runs, it looks in every file and email attachment on your computer. Some files such as .zip files must be copied to a temporary folder to be searched. As the files are opened, Sophos also checks the file for malware. If Sophos finds malware in the file, it will only be able to clean the file from the temporary location where Identity Finder put it to be searched. To determine the original location of the infected file and clean it, you should run a full virus scan of your computer. Please note that the full virus scan will not search your email messages or attachments, so any malware from email will have to be located manually.
A. When troubleshooting an issue with Identity Finder, University IT may ask you to obtain "Gather Data" information from the software. Use this guide to collect this diagnostic information to send to University IT.
A. Please review the University's Identity Finder Quick Start Guide for your platform.
Also, Identity Finder software guides are available for Windows and Mac.
Finally, the University IT Help Desk is available to answer other questions by calling 275-2000, or emailing UnivITHelp@rochester.edu. When working on an issue with University IT, they may ask you to obtain "Gather Data" information.