With the default configuration, when an end user Ignores a location or identity, it will be put in the user's Profile settings and then when a search is run interactively with the user logging into their Profile when they open Identity Finder, the items in their Ignore list will be honored. In this configuration when a search is run as a task from the console, or the user opens Identity Finder in Guest Mode, the user's Profile ignore list would not be honored.
However, there are three different modes that Ignore may function under using Global Ignore Lists. The storage method for the Ignore list can be configured in a policy using the following settings:
The following explains the Ignore Storage Methods that can be used:
Mode 0 (Use User Profile/Ignore Files by Path) (Default): In this mode, the Ignore List is saved within the user profile. Files are ignored by their full path. This method keeps the information encrypted with the user's profile password and therefore also requires that password to open. When scheduling tasks using this mode, the Ignore List can only be used when the user password is also supplied via a command line switch.
Mode 1 (Use User Databases/Ignore Files by Hash): In this mode, the Ignore List is stored in one or more databases on the local system. Files are ignored by a hash of their contents and not by their path. Identity match information is kept in a database encrypted with a machine key; location information is not encrypted. No user password is required to open the Ignore List and therefore it can be used with a scheduled task. The user experience in the UI is similar to Mode 0, however files added to the Ignore List will be added by their hash rather than their path and will appear as such in the UI.
Mode 2 (Use Administrator Databases/Ignore Files by Hash): In this mode, the Ignore List is stored in one or more databases on the local system. Files are ignored by a hash of their contents and not by their path. Identity match information is kept in a database encrypted with a machine key; location information is not encrypted. No user password is required to open the Ignore List and therefore it can be used with a scheduled task. The user experience in the UI is very different in this mode. Because the databases are provided by administrators from the DLP Console, users cannot add or remove items from the Ignore List via the GUI. When the users chooses to "Ignore this location" or "Ignore this identity match", the information is recorded to be sent to the DLP Console. Until and unless those Ignores are approved by an administrator via the console, they will not take effect.
The following explains the setting Settings\Actions\Ignore\AlwaysProcessGlobalIgnoreList:
By default, the client will read and apply all information contained in any Global Ignore Lists applied to it via policy. To only process Global Ignore Lists when StorageMethod is set to "Use Administrator Databases/Ignore Files by Hash" (2), set this value to "Only process when using Administrator Databases" (0).
The Identity Finder Settings Viewer is a stand-alone reference tool that describes all of the settings available for the client applications:
Giving a reason for an Ignore
When Ignoring a location or match from within the Console's Results screen or from within the Client you have the ability to give a reason for the Ignore. The default reasons are False Positive, Acceptable Risk and Manager Approval though they are not available by default as the setting "Allow entering a custom reason when ignoring results" is disabled by default. This setting is on the Console's>Admin>Application Settings screen:
Once the ability to enter a custom Ignore reason is enabled the user will be prompted for the reasons in the Manage Ignore Reasons setting on the Console's>Admin>Application Settings screen.
Manage Ignore Reasons
This provides the ability to add, modify and remove ignore reasons. The ignore reasons are the reasons from which a user may select when a result is ignored from the console or the endpoint.
The default reasons are False Positive, Acceptable Risk and Manager Approval though they are unused by default as the setting "Allow entering a custom reason when ignoring results" is disabled by default.
Click the Manage button and the Mange Ignore Reasons dialog will open, displaying the list of ignore reasons.
To remove an ignore reason from the list, click on the red 'X' to the left of the reason you wish to remove and the reason will be deleted.
To add an ignore reason to the list, click on the green + button where it reads, "Click here to add new item." Type the name of the ignore reason, press the enter key and the ignore reason will be added to the list.
To modify an existing ignore reason, double-click on the reason, make your changes and press the enter key.
When you have finished, click the OK button to save your changes. If you have entered a duplicate ignore reason you will see the following error message:"The ignore reasons are not unique".
Click the Cancel button to discard your changes.
The reason an Ignore was performed is not shown on the Results screen of the Console. However it is available in a Report when the following column is included in the list of columns on the Report:
Matches: Action Reason
The Ignore reasons performed from within the Client do not appear on the results screen because it is only available for Ignores performed on the Console's Results screen. Currently Ignore reasons given from within the Client are not available for reporting on from within the Console.