cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

CA Unable to modify a search thats setup

Go to solution
allanh1
Level 3

‎02-05-2014 03:05 AM

We are running CA 10.0.4 and have searches setup on a daily schedule to collect the emails against the hotword for the compliance team to review. 

 

They have started providing email addresses to block, so i can see we need to do this under the freeform email addresses area. 

 

I created a new search to test this, which is fine and works - but I am unable to go back into the search and modify the email exclusions to include any new ones that they add..

I have created a new role that has all the permissions selected and it still doesnt allow me to modify the search.  Is this a restriction of the product or is there a way to do this and to also remove old searches under the search screen in Departments?

 

Any assistance gratefully recieved!

 

 

0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Kenneth_Adams
Level 6
Employee Accredited Certified

‎02-05-2014 04:55 AM

What you have encountered is a built-in restriction in the product.  Legal issues demand that a scheduled search not be modified beyond certain components.  For example, you can modify a scheduled search's schedule selection or add an end date when the search will no longer be run.  You can also modify any contents of a hot work group that is specified in the criteria, but you cannot modify individually specified hot words in the criteria.

What you'll need to do is stop the current scheduled search, create a new scheduled search using the current one as a template, then add the e-mail exclusions in the freeform address field.

Be sure to put the schedule start date in the new search as the date you ended the current search so you don't get data older than you want in the first run of the new search.

 

View solution in original post

0 Kudos
Reply
3 REPLIES 3

Go to solution
Kenneth_Adams
Level 6
Employee Accredited Certified

‎02-05-2014 04:55 AM

What you have encountered is a built-in restriction in the product.  Legal issues demand that a scheduled search not be modified beyond certain components.  For example, you can modify a scheduled search's schedule selection or add an end date when the search will no longer be run.  You can also modify any contents of a hot work group that is specified in the criteria, but you cannot modify individually specified hot words in the criteria.

What you'll need to do is stop the current scheduled search, create a new scheduled search using the current one as a template, then add the e-mail exclusions in the freeform address field.

Be sure to put the schedule start date in the new search as the date you ended the current search so you don't get data older than you want in the first run of the new search.

 

0 Kudos
Reply

Go to solution
allanh1
Level 3

‎02-05-2014 05:09 AM

Thanks for the update - that makes sense. 

 

How do people normally spend time configuring this?  Do you wait until compliance have a list of most of the addresses they want excluded and then setup a search or start a new scheduled search every time a new address needs adding to the exclusion?

 

Seems like its going to be quite a lot of manual work for something that should be straight forwards. 

 

 

0 Kudos
Reply

Go to solution
Kenneth_Adams
Level 6
Employee Accredited Certified

‎02-05-2014 05:27 AM

How people handle this is really up to the individuals.  My recommendation would be to get as many exclusion addresses as you can before creating a new search based on the current scheduled search.

There is another option, though.  If the e-mail addresses to be blocked are to always be blocked, you can add Data Classification Service (EV-DCS) to your environment (yes, it's an additional set of costs - sorry).  DCS can put an exclusion tag on messages based on specific criteria, such as SMTP address.  With exclusion tag in place, you can configure CA to never include items with the exclusion tag in any search results.  With this option, you don't need to worry about creating a new scheduled search each time they want to add or remove SMTP addresses to be excluded.  You just update the DCS policy and continue about your normal duties.

A third option is to delete those items from the journal mailbox before they are archived.  This option should only be used if ALL messages from those SMTP address are NEVER to be searched for inclusion in any search hits.  This option entails using a custom filter to hard delete messages with the specified SMTP addresses in the author (FROM:) field.  We don't lightly recommend this option as it could be interpreted by compliance regulators as intentionally exclusing items that could potentially be needed to maintain compliance with laws, rules and regulations.

 

0 Kudos
Reply