Oct 30
Spirion Searching USB Devices

USB Devices

A USB would be handled the same way as if it were a local workstation drive or file server location.  When its inserted it will create a mount which Spirion can then scan as a local drive.  A user can then perform various remediation actions such as Redact, Shred, Encrypt, etc. which you can see here in the client set of actions.

Searching Removable Drives

The Removable Drives button specifies that Spirion will search the currently mounted USB drives and devices.  These drives are typically flash drives, thumb drives, even mp3 players.  If this option is selected, the Removable Drives button on the Locations ribbon will be highlighted.

Encrypting Personal Information

When a location has sensitive data match information in it and you wish to keep the item and securely keep the personal information, you can utilize the Encrypt feature.  

The Encrypt button is located on the Main ribbon.  When Spirion locates a Data Match in any of the following location types, you will be able use the Encrypt feature with encryption to protect your data such as Microsoft Office Files, Microsoft Access Databases, Compressed Files, Adobe Acrobat PDF Files, Outlook, Cloud repositories, and many other file types.

Searching File Locations

File Locations are enabled if you enable searching for Files.  You may select whether you want to search within your My Computer (which includes all of your hard drives), your My Documents (including User Settings), your removable drives (any drive connected to your computer via USB), your Cloud Folders (the local storage location for folders synchronized with cloud storage services such as Dropbox or Microsoft OneDrive), Custom Folders of your choice, or entire other Remote Machines.  Once specified, Spirion will search for files (for example Common File Types or a Custom file type list) and optionally Compressed Files within those drives or folders and all of their subfolders.  Your currently selected option will be highlighted.

Sep 28
Cyber Security Summit New York 2018 - PANEL 3: Protecting your Enterprise from the Human Element: Your Employees and Corporate Spies

Cory Retherford is an experienced information security practitioner and information technology thought leader with more than 20 years of experience. He has led many large data access and security stewardship projects through successful adoption.

As a Solutions Engineer for Spirion, Cory provides architectural expertise to augment and expand upon data stewardship using Spirion to meet compliance and reduce the risk of data loss by implementing controls such as data classifications and user awareness.

Prior to Spirion, Retherford spent 17 years in Higher Education in management and as an architect. His vast real world operational data security experiences in varied environments will bring insight to the discussion around the complex process to secure data.

Specializing in security architecture and data management. SANS certifications and (ISC)² Member and certifications. 20 years as an IT professional with focus in data security and operational data security risk reduction. Real world solutions implementation experience in large and complex environments.

PANEL 3: Protecting your Enterprise from the Human Element: Your Employees and Corporate Spies https://cybersummitusa.com/newyork18/

With 90% of organizations feeling vulnerable to insider attacks and a majority of organizations confirming insider attacks against their organizations in the past 12 months, insider threat proves to be even more virulent than malicious attacks by actors beyond your network walls. On your payroll in one way or another, these dissatisfied employees, corporate spies and the like, have the means to harm your business. These insiders also have the ability to cause harm without meaning to! This panel will enlighten you on what insider threat & corporate espionage put at risk in your business. You will learn how identify threats inside your business (malicious and accidental) and leave with strong takeaways that will allow you to fortify your company defenses.

Moderated by Sean O'Brien, President & CEO, @RISK Technologies, Inc.


Aug 14
Explorer.exe Verbose Logging

If Explorer.exe is crashing and you are unable to identify the root cause, you can implement Explorer verbose logging by adding the following to the Windows registry. When explorer.exe crashes it will create a DMP file at C:\CrashDumps.


  1. Copy and paste the following in Notepad and save as a .reg file

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\explorer.exe]



  2. Right-click the .reg file and select "Merge" to add to the registry
  3. Replicate the process to cause Explorer to crash and review the .dmp file located in the C:\CrashDumps folder.


You can use this information to debug the Explorer.exe crash(s) further.


Jun 01
Spirion Search API

Spirion provides an Application Programming Interface (API) that allows developers to create their own rules and definitions for finding personal information and sensitive data. This provides functionality to create logic to find a pattern of numbers or characters near certain other keywords if certain other keywords are not in a file.

File Modification

Download the SearchDLL folder and modify the SearchDLL.cpp file as appropriate.

  • This file is self-documenting and is only supported when building with Visual Studio 2015.
    • During testing – you will need to build the release version of your dll – only that will work with your application

Spirion Policy

Configure the following setting in a System Policy applied to the endpoint(s).

  • Initialization > Plugins > Enable to 1


File Placement

Place the compiled .dll in a subfolder of the folder where IdentityFinder.exe is installed.

  • The folder should be named "Plugins" or placed in a folder that the full path is defined in the following setting in a System Policy applied to the endpoint(s).
    • Initialization > Plugins > Path


On the Console's > Admin > Sensitive Data Types screen you select to Add then for the type select Search API.

​ ​

For results of this type to appear in the console, the custom data type dll must also exist on every Windows endpoint performing a search for results of this type. The following settings in a policy applied to an endpoint must be configured.

Initialization > Plugins > Enable
Initialization > Plugins > Path

The Search API Page is used to select the custom data types that allow a client to search for data unique to your environment. The custom data type is in the form of a dll that you provide.

May 31
Spirion Save Local Results File (Scheduled Tasks "Background")

When scanning using a Scheduled Task "Background" scan and you want to have a local encrypted file (.idf file) for those results saved to the client being scanned, use these settings.

  1. Remove from existing policy and value(s) set for the SaveKey within the Scheduled Task in the Web Console policies and update the client(s) policy.
    1. As you proceed through this policy be aware that this is not a single client specific process, this process is generating a unique key that can be used for all clients.
    2. During this process it will warn that your profile password will be saved in clear text, this will be removed as soon as the key has been generated. This password is used to salt the encryption key so it's not reversible.
  2. Use the following settings for the Policy.

  3. After running the Scheduled Task (Background) scan, results will be saved to the specified location you set in the policy.


May 30
Spirion Console Password Recovery

When you lose or forget your local password for the Spirion console, you can recover the password by running the following SQL on the backend SQL server to regain local access.

For the Console you can recover the password by running this SQL (replacing secret with your database encryption password): 

SELECT CASE WHEN Encrypted = 1 THEN CONVERT(nvarchar(max), DECRYPTBYPASSPHRASE('secret', Value)) ELSE CONVERT(nvarchar(max), Value) END AS Value FROM GlobalSettings WHERE Name = 'Auth.AdminUserPassword'


When the SQL is run, you will be presented with the admin password so you can log into the console and reset the credentials.

May 29
How Spirion Search’s Exchange

Spirion uses the Exchange services page https://ExchangeLocation/ews/exchange.asmx page.

Among the many other data repositories that Spirion searches (Dropbox, Amazon Cloud Drive, Microsoft Office 365 "Exchange", Google Drive, Box Sync, etc.) this includes Exchange on-premise and off premise deployments.

Spirion uses a process to query an Exchange services page /ews/exchange.asmx that all Exchanges services sites provide out of the box. This Exchange page provides functionality to connect to and examine information for Exchange. More information about this Spirion integration is located at http://my.spirion.com/Help/EnterpriseConsole/index.htm#3392.htm?Highlight=exchange for the console.

To begin the Spirion search of a Exchange site verify that you are able to open the Exchange site that the list service is running, for example - https://outlook.office365.com/ews/exchange.asmx. The page service is always accessed by appending /ews/exchange.asmx to any root site.

Now that you can resolve the list data you can add this working URL to the Spirion console using these instructions - http://my.spirion.com/Help/EnterpriseConsole/index.htm#3392.htm?Highlight=exchange.


May 02
Spirion “Limit the number of "Local" sessions opened”

Spirion provides functioinality to limit the number of sessions used or that remain open after a file is accessed when searching for PII.  When an  application makes a local connection to authenticate (access file resources) it will create a session.  Under normal circumstances, all sessions are closed when a search is completed.  If an application exits unexpectedly then the session is orphaned.  The operating system should close these during its normal clean up process however its possible that sessions could remain open.

Spirion strives to mitigate any behavior that could cause undesirable behavior and has a policy option to control this behavior.  These are Policy Settings available in the Console:

The following policy changes will prevent the lingering NuanceLS sessions for the local scans.

Settings\Locations\Files\OCR\ErrorHandling (Set this to MaxLocationProcessTime "1")
Settings\Locations\Files\OCR\ErrorHandling (Set this to MaxShutdownWaitTime "5")
Settings\Locations\Files\OCR\Version (Set this to "Use legacy")

Apr 02
Spirion G Suite Overview



The connection to Google services for G Suite (GDrive/Gmail/Calendar) is done through the following process. This is connection process using he API for Spirion to Google - https://my.spirion.com/help/enterpriseconsole/index.htm#3594.htm?Highlight=google.  You must use the Google Admin Authorization account, this account cannot be an account that has user roles such as GDrive, etc.








When downloaded to the desktop you can view its Tag (Data Classification) using Windows Explorer.




When a file is sent through Gmail and saved to the desktop you can see both the icon overlay which depicts the data classification, by viewing the file properties (right click) tab, or by opening the file to view the classification which is displayed in the Ribbon or menu options.

Mar 25
Solar Power Potential

This is a very useful web map for solar power potential that Google has created - ​https://www.google.com/get/sunroof


1 - 10Next
Copyright © | CoryRetherford, LLC | Contact MeNetwork Storage and Security Solutions, LLC, Rights Reserved.®
TLS 1.2, AES with 256 bit encryption

 ‭(Hidden)‬ Blog Tools