Forum Discussion
Performance in scanning
We are trying to search for CUI data on internal file stores. Last week, I decided to run another discovery scan, this time using ALL instead of Policy Only. It took much longer and left the scanner...
Hi sagedogusa,
This is expected behavior when switching from Policy Only to ALL, you're essentially classifying every file against every built-in sensitive information type, which is significantly heavier on both CPU and I/O.
A few things worth checking:
- Scan scope: 3.5M files in ~4 days is actually within normal range for an on-prem scanner, but 41K failures worth investigating, pull the scanner log and look for access denied or timeout patterns.
- Policy Only is usually the right call for CUI discovery: define your SIT-based policy targeting the CUI types you care about (ITAR, NIST 800-171 categories, etc.), then run in enforce-off mode. You get the match data without the full classification overhead.
- 98K excluded files: worth reviewing your exclusion rules to make sure you're not inadvertently skipping containers where CUI might live.
The 572K files with matched information types is your real number to work with, what types are matching? That'll tell you whether your policy is scoped correctly before you run another full scan.