Applies To: WatchGuard Data Control
With WatchGuard Data Control, you can delete and restore the indexed files from a computer inventory. You can also Review Deleted and Restored Files.
Delete Files
When you delete a file in the management UI, the endpoint agent receives the request and deletes the file when it meets these conditions:
- The file is not in use.
- The content of the file is the same as the file stored in the inventory.
- The computer user has not deleted the file in the time between when Data Control generated the inventory and when you sent the delete request.
- The computer is online. If the computer is offline, Data Control marks the file as Pending Deletion until the computer connects to the WatchGuard server.
Because file deletion is an asynchronous operation, files can have these statuses:
- Deleted — The file moved to the backup area.
- Pending Deletion — Data Control is waiting for the computer to connect to the WatchGuard Endpoint Security server in order to delete it.
- Error — Data Control could not delete the file because of an error.
To delete files:
- In WatchGuard Cloud, select Monitor > Endpoints.
- Select Status.
- From the left pane, in the My Lists section, click Add.
- Select the Files with Personal Data list.
A list shows the files with PII found on the network.
- Next to the file you want to delete, click
, and select Delete.
Or, to delete more than one file, select the check boxes next to the files you want to delete. In the top, left corner, click Delete.
A confirmation dialog box opens.
- Click Delete.
The files appear as red with an icon to indicate that they are Pending Deletion.
Restore Deleted Files
WatchGuard Data Control does not permanently remove deleted files from the computer. Deleted files move to a backup area where they remain for 30 days, after which, Data Control permanently deletes them. This area is automatically excluded from inventories, searches, and the file monitoring feature, and software installed on user computers cannot get access to the area.
You can restore deleted files from the backup area to their original location. File restore is an asynchronous operation that starts when the agent receives a request from the WatchGuard server. Because file restore is an asynchronous operation, the files can have the following statuses:
- Restored
- Pending restore
- Error
Data Control restores files that meet these conditions:
File Remains in the Backup Area
Deleted files remain in the backup area for up to 30 days after deletion. After that period, you cannot restore deleted files.
There is No File with the Same Name in the Restore Path
When there is another file with the same name in the restore path, Data Control restores the file to the Lost & Found folder.
Restore Path Exists
When the restore path does not exist, Data Control restores the file to the Lost & Found folder.
Computer is Online
If the computer is offline, Data Control marks the file as Pending Restore until the computer connects to the WatchGuard server.
To restore deleted files:
- In WatchGuard Cloud, select Monitor > Endpoints.
- Select Status.
- From the left pane, in the My Lists section, click Add.
- Select the Files Deleted by the Administrator list.
A list shows files deleted by the administrator.
- Next to the file you want to restore, click , and select Restore.
Or, to restore more than one file, select the check boxes next to the files you want to restore. In the top, left corner, click Restore.
A confirmation dialog box opens.
- Click Restore.
The file status changes to Restoring.
Review Deleted and Restored Files
Use the Files Deleted by the Administrator list to review deleted and restored files.
To review deleted files:
- In WatchGuard Cloud, select Monitor > Endpoints.
- Select Status.
- From the left pane, in the My Lists section, click Add.
- Select the Files Deleted by the Administrator list.
A list shows all files with PII found on the network that were previously deleted or restored.
Search Files with Data Control