Skip to main content

How can we help you?

Druva Documentation

How do I resolve a compliance violation?

License editions: To understand the applicable license editions, see Plans & Pricing.

Overview

As an inSync Cloud administrator, you can manually resolve the compliance violations as per the process that is defined in your organization. You can take any of the following remedial actions:

  • Resolve the non-compliant files or emails

    When you resolve non-compliant files or emails, inSync resolves all the non-compliance violations for those files or emails. 

  • Quarantine the non-compliant files or emails

    When you quarantine non-compliant files or emails, inSync moves the non-compliant files or emails into a protected area so that the compliance violation cannot cause any more harm. You can also choose to delete the quarantined files from the data source. This ensures that the user cannot share the violated files with others in your organization.

  • Delete the non-compliant files and emails

    When you delete the non-compliant files or emails, inSync deletes the files or emails from the data source or from both data source and snapshot as per your selection. Deletion is useful when you want to prevent exposure of a sensitive file or email and remove all its occurrences from the data source and storage. 

 

  • File and email deletion is available by default for customers with Sensitive Data Governance  Add-On service.
  • inSync only deletes files and emails that are displayed in either Federated Search or Sensitive Data Governance search results.
  • Common file or an email that resides in both Federated Search results and  Sensitive Data Governance violations listing when deleted from either of the results (Federated Search or Sensitive Data Governance/Compliance), it gets deleted from both the entries.
  • You cannot delete emails for the following users:
    • Users put on legal hold
    • Disabled users
    • Preserved users
    • Data Lock is enabled for users
  • For Exchange Online users, you cannot delete emails residing in the Recoverable Items folder and In-Place Archive mailbox of a user.
  • File deletion is supported only with inSync Client v5.9.5 or higher.
  • File deletion is not supported on user devices with Linux OS.
  • File deletion is not supported on Smartphones and Tablets.

 

  • Mark the violation as Acceptable Risk or mark it as a False Positive
    If you believe that the violation reported is false, or not harmful as per the organization's policies, mark the violated file or email as Acceptable Risk. inSync resolves the violation for that file or email. If you believe that the violation is not harmful and might reappear for other users and files, then, mark the violation as False Positive. Then, inSync whitelists the hash value of the file and skips scanning the file during subsequent compliance scans.

Impact of resolving non-compliant files or emails

The following table provides information about each resolution action and its impact on inSync end users.

Action taken by administrator Action taken by inSync Impact on inSync end user

Marks the violation as Acceptable Risk

or

Marks the violation as a False Positive

  • Administrator can choose to resolve only the latest version of a file or email. However, all the previous versions of the file or email are resolved by default. 
  • inSync resolves all the non-compliance violations that were reported in the respective file or email violation. 
  • Additionally, inSync auto resolves a non-compliant file in any of the following scenarios:
    • The file is no longer configured for backup.
    • The file is deleted from the source by the end-user.
    • The file was reviewed offline and genuinely resolved by the inSync end user.

Note: inSync does not auto resolve non-compliant emails. However, you can manually resolve the non-compliant emails. 

  • inSync moves the file or email from the Active tab to the Resolved tab on the Sensitive Data Governance  Dashboard.

  • The administrator will be able to restore the resolved file to the inSync end user's device.

  • inSync retains all the resolved violations and displays the details in the Resolved tab on the Sensitive Data Governance  Dashboard.

  • If the violation is marked as False Positive, inSync whitelists the hash value of the file and skips scanning the file during subsequent compliance scans. You can view the list of all whitelisted files hashes in Whitelist > File Hash Whitelist.

The False Positive resolution is not available for email violations.

inSync end user can download or restore the resolved file or email through inSync Web or through inSync Client.

Quarantine the latest version or the previous version of the non-compliant file or email
  • Administrator can choose to quarantine only the latest version of a file or email. However, all the previous versions of the file or email are quarantined by default.
  • inSync moves the file or email to a protected area, where the violation won't cause any more data compliance risks.  
  • While quarantining, if you choose to delete the files from the data source, inSync deletes the files during the next backup cycle.
  • inSync retains all the non-compliance violations for the respective file or email.
  • The administrator will not be able to restore the quarantined file to the inSync end user's device.
  • The administrator can choose to unquarantine the violation. However, inSync does not recommend restoring the unquarantined violation.
  • Once resolved, inSync moves the file or email from the Active tab to the Quarantined tab on the Sensitive Data Governance  Dashboard.
  • inSync retains all the quarantined violations and displays the details in the Quarantined tab on the Sensitive Data Governance  Dashboard.

inSync end user can download or restore the non-compliant file or email through inSync Web or through inSync Client. However, the restored or downloaded file is blank and displays zero data.

Delete the non-compliant file from data source
  • Before deleting the files, inSync displays a list of files that it will not be able to delete along with a reason on why it was unable to delete a file.
  • inSync deletes all non-compliant versions of the file from the data source so that the violation won't cause any more data compliance risks. inSync deletes the non-compliant files from the data source even if the file is owned by a different user.
  • Although inSync deletes the files from the data source, it retains all non-compliant versions of the file in the snapshot.
  • The administrator will be able to restore the deleted file to the inSync Client user's device.
  • Once deleted, inSync moves the file from the Active tab to the Resolved tab on the Sensitive Data Governance  Dashboard.
  • inSync retains all the resolved violations and displays the details in the Resolved tab on the Sensitive Data Governance  Dashboard.
  • In case inSync is unable to delete the file, inSync creates an entry in the admin audit trail listing why it was unable to delete the file and moves the violation to the Active tab.

inSync end user can download or restore the non-compliant file or email through inSync Web or through inSync Client. However, the restored or downloaded file is blank and displays zero data.

Delete the non-compliant file from data source and snapshot

You cannot delete files within Data Sources for which Data Lock is enabled. 

  • Before deleting the files, inSync displays a list of files that it will not be able to delete along with a reason on why it will be unable to delete that file.  
  • inSync deletes all non-compliant versions of the file from the data source and snapshot so that the violation won't cause any more data compliance risks. inSync deletes the non-compliant files from the data source even if the file is owned by a different user.
  • inSync retains all compliant versions of the file. 
  • Administrator will not be able to view or search the file.
  • Once deleted, inSync moves the file from the Active tab to the Resolved tab on the Sensitive Data Governance  Dashboard. 
  • inSync retains all the resolved violations and displays the details in the Resolved tab on the Sensitive Data Governance Dashboard.
  • If inSync is unable to delete the file, inSync creates an entry in the admin audit trail listing why it was unable to delete the file and moves the violation to the Active tab. inSync creates separate audit trail entries for failure to delete from snapshot and failure to delete from data source. 
  • If inSync succeeds to delete the file from data source but fails to delete it from snapshot, inSync moves the violation to the Active tab. The file continues to exist in storage and administrators can search, download and restore the file.
  • If inSync succeeds to delete the file from snapshot but fails to delete from data source, inSync moves the violation to the Active tab. The file continues to exist only in the data source and administrators cannot search, download or restore the file; they can delete the file from the data source. 
inSync end user can download or restore the non-compliant file or email through inSync Web or through inSync Client. However, the restored or downloaded file is blank and displays zero data. 
Delete the non-compliant emails from the data source

 

  • Before deleting the emails, inSync displays a list of emails that it will not be able to delete along with a reason why it was unable to delete an email.

  • inSync deletes all non-compliant emails from the data source so that the violation won't cause any more data compliance risks. inSync deletes the non-compliant emails from the data source even if the file is owned by a different user.

  • Although inSync deletes the emails from the data source, it retains all non-compliant emails in the snapshot.

  • The administrator will be able to restore the deleted email to the inSync Client user's device.

  • Once deleted, inSync moves the email from the Active tab to the Resolved tab on the Sensitive Data Governance  Dashboard.

  • inSync retains all the resolved violations and displays the details in the Resolved tab on the Sensitive Data Governance  Dashboard.

  • In case inSync is unable to delete the email, inSync creates an entry in the admin audit trail listing why it was unable to delete the email and moves the violation to the Active tab.

inSync end user can download or restore the non-compliant file or email through inSync Web or through inSync Client. However, the restored or downloaded file is blank and displays zero data.
Delete the non-compliant emails from data source and snapshot

You cannot delete emails within Data Sources (Exchange Online and Gmail) for which Data Lock is enabled.  

  • Before deleting the emails, inSync displays a list of emails that it will not be able to delete along with a reason on why it will be unable to delete that email.
  • inSync deletes all non-compliant versions of the email from the data source and snapshot so that the violation won't cause any more data compliance risks. inSync deletes the non-compliant emails from the data source even if the email is owned by a different user.

  • inSync retains all compliant versions of the emails.

  • Administrator will not be able to view or search the deleted email.

  • Once deleted, inSync moves the email from the Active tab to the Resolved tab on the Sensitive Data Governance  Dashboard.

  • inSync retains all the resolved violations and displays the details in the Resolved tab on the Sensitive Data Governance  Dashboard.

  • If inSync is unable to delete the email, inSync creates an entry in the admin audit trail listing why it was unable to delete the email and moves the violation to the Active tab. inSync creates separate audit trail entries for failure to delete from snapshot and failure to delete from the data source.

  • If inSync succeeds to delete the email from data source but fails to delete it from the snapshot, inSync moves the violation to the Active tab. The email continues to exist in storage and administrators can search, download and restore the file.

  • If inSync succeeds to delete the email from a snapshot but fails to delete from the data source, inSync moves the violation to the Active tab. The email continues to exist only in the data source and administrators cannot search, download or restore the email; they can delete the email from the data source.

inSync end user can download or restore the non-compliant file or email through inSync Web or through inSync Client. However, the restored or downloaded file is blank and displays zero data.

Procedure

To resolve a compliance violation

  1. Click the  icon to access the Global Navigation Panel and select Sensitive Data Governance . The  Sensitive Data Governance  Overview page appears.
  2. If you want to resolve non-compliant files, click File Violations. If you want to resolve non-compliant emails, click Email Violations. The list of violations appear.
  3. Click the Active tab. The list of active violations appear. 

    new file violations.png
  4. Select the file or email that you want to resolve. You can select multiple violations. 
  5. Click Resolve. The Resolve Violation dialog box appears. 
  6. From the Resolution list, select whether you want to mark the violation as acceptable risk, or as false positive, quarantine the violation, resolve the violation, or delete the file or email from the data source. If you choose to delete the file or email, you can choose to delete the file or email only from the data source or from both data source and snapshot.

    clipboard_e525c8a6d7cedbe4b3d787a94c65e7d8e.png
  7. In the Comments box, enter the resolution action details.
  8. Click Done

 You cannot undo a file and email delete action.

inSync resolves the non-compliant file or email as per your preference and moves the violation from the Active tab to the Resolved tab.