Delete and Restore Indexed Files with Data Control

Applies To: WatchGuard Data Control

With WatchGuard Data Control, you can delete and restore the indexed files from a computer inventory. You can also Review Deleted and Restored Files.

Delete Files

When you delete a file in the web UI, the endpoint agent receives the request and deletes the file when it meets these conditions:

  • The file is not in use.
  • The content of the file is the same as the file stored in the inventory.
  • The computer user has not deleted the file in the time between when Data Control generated the inventory and when you sent the delete request.
  • The computer is online. If the computer is offline, Data Control marks the file as Pending Deletion until the computer connects to the WatchGuard server.

Because file deletion is an asynchronous operation, files can have these statuses:

  • Deleted — The file moved to the backup area.
  • Pending Deletion — Data Control is waiting for the computer to connect to the WatchGuard Endpoint Security server in order to delete it.
  • Error — Data Control could not delete the file because of an error.

To delete files:

  1. From the top navigation bar, select Status.
  2. From the left pane, in the My Lists section, click Add.

Screen shot of WatchGuard EPDR, Data Control lists

  1. Select the Files with Personal Data list.
    A list shows the files with PII found on the network.

Screen shot of WatchGuard EPDR, Data Control Files with Personal Data list

  1. Next to the file you want to delete, click , and select Delete.
    Or, to delete more than one file, select the check boxes next to the files you want to delete. In the top, left corner, click Delete.
    A confirmation dialog box opens.

Screen shot of WatchGuard EPDR, Data Control delete file confirmation dialog box

  1. Click Delete.
    The files appear as red with an icon to indicate that they are Pending Deletion.

Restore Deleted Files

WatchGuard Data Control does not permanently remove deleted files from the computer. Deleted files move to a backup area where they remain for 30 days, after which, Data Control permanently deletes them. This area is automatically excluded from inventories, searches, and the file monitoring feature, and software installed on user computers cannot get access to the area.

You can restore deleted files from the backup area to their original location. File restore is an asynchronous operation that starts when the agent receives a request from the WatchGuard server. Because file restore is an asynchronous operation, the files can have the following statuses:

  • Restored
  • Pending restore
  • Error

Data Control restores files that meet these conditions:

File Remains in the Backup Area

Deleted files remain in the backup area for up to 30 days after deletion. After that period, you cannot restore deleted files.

There is No File with the Same Name in the Restore Path

When there is another file with the same name in the restore path, Data Control restores the file to the Lost & Found folder.

Restore Path Exists

When the restore path does not exist, Data Control restores the file to the Lost & Found folder.

Computer is Online

If the computer is offline, Data Control marks the file as Pending Restore until the computer connects to the WatchGuard server.

To restore deleted files:

  1. From the top navigation bar, select Status.
  2. From the left pane, in the My Lists section, click Add.

Screen shot of WatchGuard EPDR, Data Control lists

  1. Select the Files Deleted by the Administrator list.
    A list shows files deleted by the administrator.

Screen shot of WatchGuard EPDR, Data Control new list

  1. Next to the file you want to restore, click , and select Restore.
    Or, to restore more than one file, select the check boxes next to the files you want to restore. In the top, left corner, click Restore.
    A confirmation dialog box opens.

Screen shot of WatchGuard EPDR, Data Control restore confirmation dialog box

  1. Click Restore.
    The file status changes to Restoring.

Review Deleted and Restored Files

Use the Files Deleted by the Administrator list to review deleted and restored files.

To review deleted files:

  1. From the top navigation bar, select Status.
  2. From the left pane, in the My Lists section, click Add.

Screen shot of WatchGuard EPDR, Data Control lists

  1. Select the Files Deleted by the Administrator list.
    A list shows all files with PII found on the network that were previously deleted or restored.

See Also

About Data Control Search

Search Files with Data Control

Create Advanced Searches in Data Control

Search for Duplicates with Data Control