Local & CIFS / SMB Data Scans
Last updated: March 11, 2026
Local & CIFS / SMB Data Scans are used to identify sensitive data stored on local disks and network file shares. These scans help organizations locate exposed credentials, regulated data, and other sensitive information that may increase risk if improperly stored or accessed.
This article explains how these scans work, what they require, what data they collect, and their operational limitations, without relying on interface-specific instructions.
Agent Requirement
Local & CIFS / SMB Data Scans are performed using a Windows-based scan agent.
Windows agents are the only supported scanning source for local and CIFS / SMB data scans.
Mac and Linux agents do not perform data scans and are not available for selection when configuring these scans.
This behavior is enforced by the platform.
What Local & CIFS / SMB Data Scans Do
Local & CIFS / SMB Data Scans inspect file systems for sensitive data patterns based on selected categories. These scans are commonly used to:
Identify exposed passwords or credentials stored in files
Locate regulated data such as credit card numbers
Assess data exposure risk across endpoints and shared storage
Support remediation and compliance workflows
Scans can be performed against:
Local disks on the Windows agent host
Remote CIFS / SMB file shares accessible from the Windows agent
Sensitive Data Categories Scanned
When configuring a Data Sensitivity Scan, you must select at least one scan category. Categories define the types of sensitive data patterns the scan searches for. Selecting a large number of categories may significantly increase scan duration.
Common Categories
Bank Accounts
Credit Cards
Drivers Licenses
Passport Numbers
Passwords
Social Security Numbers
Finance Categories
Tax ID Numbers
Financial Keywords
Healthcare Categories
Genetic Disorder Keywords
ICD10 Diagnoses
General Healthcare Keywords
Medication Drug Names
Mental Health Disorders
Medicare Numbers
National Provider ID's
Provider DEA Numbers
Medicaid CIN Numbers
PII Categories
Addresses
Alien USCIS Numbers
Dates of Births
Email Addresses
GPS Coordinates
Phone Numbers
Race - Ethnicity
Religious Beliefs Keywords
Sex - Gender
Social Media
Organization Categories
HR Keywords
IP Addresses
MAC Addresses
UNC Paths
URL Addresses
VIN Numbers
Custom Category (Custom Regex / Keywords)
The Custom category is available for organization-specific patterns. By default, Custom contains no categories until configured.
To add Custom categories, navigate to:
Admin → Custom Regex / Keywords
Adding a New RegEx
Data Sensitivity Scans use built-in scan categories, but if unique patterns need to be scanned, custom RegEx can be created.
Add New RegEx:
Click Add New RegEx in the Custom Regex section.
Fill out the following fields:
Name: Provide a meaningful name for the RegEx.
Description: Add a brief description of the purpose of this RegEx.
Score: Assign a risk score between 1 and 13 for each match. Scores are cumulative across occurrences in a file.
RegEx: Enter the actual regular expression used to identify the pattern.
Submit the completed form.
Using Custom RegEx in Scans:
When configuring a Data Sensitivity Scan, custom RegEx patterns appear under the Custom category for selection.
Adding a New Keyword List
Keyword lists allow scans to identify specific terms in files.
Add New Keywords:
Click Add New Keywords in the Custom Keywords section.
Fill out the following fields:
Name: Provide a name for the keyword list.
Description: Add a description of the list’s purpose.
Score: Assign a risk score (1–13) for each keyword match. Similar to RegEx, scores are cumulative.
Keywords: Enter a list of keywords to search for during scans.
Submit the completed form.
Using Custom Keywords in Scans:
Keyword lists appear under the Custom category when setting up a Data Sensitivity Scan.
Execution Model
Execution: User-installed Windows scan agent
Supported scanning agent: Windows only
Credential behavior:
Local scans do not require credentials
Remote CIFS / SMB scans require credentials with read access to the target share
Credentials must use NT / NetBIOS format when accessing Windows-based systems or shares
Prerequisites
Windows Agent Placement
The Windows scan agent must be installed on a host that:
Has network access to the file systems or shares being scanned
Can authenticate to CIFS / SMB resources
Is not restricted by endpoint protection controls
When scanning network shares hosted on other systems, the Windows agent must have network connectivity and appropriate access permissions.
Access to CIFS / SMB Shares
When scanning network shares:
The Windows agent must be able to access the share path
The agent service account must have read permissions to the files being scanned
Network controls must allow SMB communication
Data Collected
Depending on scan configuration and scope, Local & CIFS / SMB Data Scans may collect:
File paths and file metadata
Matches for sensitive data patterns, including:
Passwords (displayed to validate false positives)
Credit card numbers (masked for validation)
Supporting evidence required for remediation review
Only files within the defined scan scope are evaluated.
Performance Considerations
Data scans can be resource-intensive, particularly when:
Scanning large file volumes
Scanning remote network shares
Using broad sensitive data categories
Recommended practices:
Start with narrow directories or specific shares
Avoid scanning entire file servers initially
Schedule scans during off-peak hours where possible
Common Limitations
Files inaccessible to the Windows agent are skipped
Encrypted or locked files may not be scanned
Scan performance is affected by network throughput when scanning remote shares
Endpoint protection may interfere if allowlisting is not configured
Best Practices
Use a Windows scan agent located close to the data source
Use dedicated service accounts with least-privilege access
Validate access before scanning large file shares
Ensure endpoint protection allowlisting is in place
Review findings carefully to confirm true positives