When to run an on-demand scan:

Prerequisites:

Before running an on-demand scan, confirm the following:

• At least one PII Scanner client agent is Online in the PII Scanner Server web UI
• The agent has read access to the path you want to scan
• At least one target host (LT Auditor ^MP) is configured in Admin → Target Hosts
• The PII detection rules relevant to your scan are enabled in Admin → PII Patterns
• No firewall is blocking communication between the agent and the PII Scanner Server or between the PII Scanner Server and LT Auditor ^MP

Running an on-demand scan:

Log in to the PII Scanner Server web UI at:

https://<PII_Scanner_Server_IP>:52766

2. Navigate to Admin → Jobs
   
3. Click Add Job
   
4. Configure the job:
   
   Job Name Use a name that clearly identifies this as an on-demand scan and captures its context:
   
   • On-Demand — HR Share Audit Prep — May 2026
   • Incident Response Scan — FileServer01 — 2026-05-15
   • New Share Baseline — Finance Q2 2026

Client Select the agent that has access to the path you want to scan. Confirm the agent shows as Online in the dropdown.

Path to Scan Enter the full path to the directory or share to scan:

Windows:

\\fileserver01\departments\hr

C:\SensitiveData

 Linux:

/mnt/shares/finance

/home/shared/legal

 Include Extensions (optional) For a focused on-demand scan, limit to the most relevant file types to reduce scan time:

*.docx, *.xlsx, *.pdf, *.txt, *.csv

5.  Leave blank to scan all file types for a comprehensive sweep.
   
   PII Classes Select the PII detection patterns relevant to this scan. For an incident response or audit scan, consider enabling all available classes for maximum coverage.
   
   Target Host Select your LT Auditor ^MP server as the destination for scan results.
   
6. Click Queue Job
   

The job is submitted immediately with a status of Queued. The assigned agent will claim it on its next poll cycle (default: every 1 minute) and begin scanning.

Monitoring the scan in progress:

1. Navigate to Admin → Jobs
2. Locate your job — the status will update from Queued to Running once the agent claims it
3. Review the job progress:
   • Started — the time the agent began scanning
   • Records Processed — the number of files scanned so far
   • Status — current state of the job
4. Refresh the page periodically to see updated progress

For large directories, scans can take a significant amount of time. The agent scans files sequentially and forwards matches to LT Auditor ^MP in real time as they are found — you do not need to wait for the scan to complete to begin reviewing results.

Viewing results as the scan runs:

Because PII matches are forwarded to LT Auditor ^MP in real time, you can begin reviewing results before the scan completes:

1. Log in to the LT Auditor ^MP Web UI in a separate browser tab
2. Navigate to View
3. Select the environment and category configured to receive PII Scanner data
4. Set the date range to Today or Last Hour
5. Filter by Source — PII Scanner
6. Results will populate as the agent finds and forwards matches
7. Click any result row to view full details:
   • File Path — where the PII was found
   • PII Class — the type of sensitive data matched
   • Line Number and Context — the location and surrounding content in the file
   • Timestamp — when the match was detected
   • Agent — which client agent performed the scan

Confirming scan completion:

1. Return to the PII Scanner Server web UI
2. Navigate to Admin → Jobs
3. Locate your scan job
4. Confirm the status has updated to Succeeded
5. Note the Completed timestamp and Records Processed count for your records

If the job status shows Failed:

1. Review the error details in the job record
   

Check the agent logs for more specific error information:

Linux:

cat /opt/bluelance/scanner/scanner.log

 Windows:

C:\Program Files\Blue Lance 2-0\LTA_PII_Scanner\logs\

3. Resolve the identified issue and requeue the job if needed
   

Documenting on-demand scan results:

For scans run in response to audits, incidents, or compliance queries, document the scan and its results:

1. Note the job name, scan path, date, time, agent, and PII classes used
2. In LT Auditor ^MP, navigate to View and filter for the scan results
3. Export the results:
   • Click Export
   • Choose PDF for audit submission or CSV for detailed analysis
   • Click Download
4. Retain the export as evidence of the data discovery activity

[Your administrator should establish a standard process for documenting and retaining on-demand scan records, particularly those run in response to security incidents or compliance audits.]

Best practices:

• Always confirm the assigned agent is online before queuing an on-demand scan — a job assigned to an offline agent will remain in Queued status until the agent comes back online
• For incident response scans, enable all PII classes for maximum coverage rather than limiting to a subset
• Use specific, descriptive job names that capture the date, scope, and reason for the scan so the jobs list serves as an auditable record
• For very large directories, consider breaking the scan into multiple smaller jobs by subdirectory — this makes progress easier to monitor and reduces the impact of a failure partway through
• Begin reviewing results in LT Auditor ^MP as the scan runs rather than waiting for completion — this is especially important during incident response when time is critical
• Export and retain scan results immediately after completion, particularly for incident response or audit-driven scans

[Your administrator should document the on-demand scan process as part of your organization’s incident response and compliance procedures so it can be followed consistently by any team member.]