While scheduled scans handle routine data discovery automatically, there are situations where you need to run a scan immediately โ in response to a security incident, ahead of an audit, when a new file share is provisioned, or when investigating a specific location for sensitive data. This article covers how to create and monitor an on-demand scan job in PII Scanner.
When to run an on-demand scan:
| Situation | Reason |
| New file server or share provisioned | Establish a baseline of sensitive data present from the start |
| Security incident involving file access | Determine whether sensitive data was present in accessed locations |
| Pre-audit preparation | Confirm current state of sensitive data across key directories |
| New department or team onboarded | Scan newly created shared directories before they are widely used |
| Remediation verification | Confirm sensitive data has been removed after remediation |
| Ad-hoc compliance check | Spot-check a specific location in response to a compliance query |
Prerequisites:
Before running an on-demand scan confirm the following:
- At least one PII Scanner Agent is registered and showing as Online in the Clients page
- The intended agent has read access to the path you want to scan
- At least one target is configured in the Targets page
- The PII detection classes relevant to your scan are enabled in the PII Classes page
Creating an on-demand scan job:
- Log in to the PII Scanner Server web interface at:
- Navigate to Jobs
- Click Add Job
- Configure the job:
Job Name Use a name that clearly identifies this as an on-demand scan and captures its context:
Examples:
On-Demand โ HR Share Audit Prep โ June 2026
Incident Response Scan โ FileServer01 โ 2026-06-08
New Share Baseline โ Finance Q2 2026
Client Select the agent that has access to the path you want to scan. Confirm the agent shows as Online in the dropdown.
Path to Scan Enter the full path to the directory or share to scan:
Windows:
\\fileserver01\departments\hr
C:\SensitiveData
Linux:
/mnt/shares/finance
/home/shared/legal
Include Extensions (optional) For a focused on-demand scan, limit to the most relevant file types to reduce scan time:
*.docx, *.xlsx, *.pdf, *.txt, *.csv
Leave blank for a comprehensive sweep of all file types โ recommended for incident response scans.
PII Classes Select the PII detection classes to apply. For incident response or pre-audit scans consider enabling all available classes for maximum coverage.
Target Host Select your LT Auditor-MP server as the destination for scan results.
- Click Queue Job
The job is submitted immediately with a status of Queued. The assigned agent will claim it on its next poll cycle and begin scanning.
Monitoring the scan:
- Navigate to Jobs
- Locate your job โ the status updates from Queued to Running once the agent claims it
- Review job progress:
| Field | Description |
| Status | Current job state โ Queued, Running, Succeeded, or Failed |
| Started | When the agent claimed and began the scan |
| Records Processed | Number of files scanned so far |
| Completed | Populated when the scan finishes |
- Refresh the page periodically to see updated progress
For large directories scans can take significant time. PII matches are forwarded to LT Auditor-MP in real time as they are found โ you do not need to wait for the scan to complete before reviewing results.
Viewing results as the scan runs:
Because PII matches are forwarded to LT Auditor-MP in real time you can begin reviewing results before the scan completes:
- Log in to the LT Auditor-MP Web UI in a separate browser tab
- Navigate to View
- Select the PII Scanner environment and category
- Set the date range to Today or Last Hour
- Results populate as the agent finds and forwards matches
- Click any result row to view full details:
- File Path โ where the PII was found
- PII Class โ the type of sensitive data matched
- Timestamp โ when the match was detected
Confirming scan completion:
- Return to the PII Scanner Server web interface
- Navigate to Jobs
- Confirm the job status has updated to Succeeded
- Note the Completed timestamp and Records Processed count for your records
If the job status shows Failed:
- Review the result details in the job record for error information
Check the agent logs for more specific error details:
Linux:
cat /opt/bluelance/scanner/scanner.log
Windows:
C:\Program Files\Blue Lance 2-0\LTA_PII_Scanner_Agent\logs\
- Resolve the identified issue and create a new job to rerun the scan if needed
Documenting on-demand scan results:
For scans run in response to audits, incidents, or compliance queries, document the scan and its results:
- Note the job name, scan path, date, time, assigned agent, and PII classes used
- In LT Auditor-MP navigate to View and filter for the scan results
- Export the results:
- Click Export
- Choose PDF for audit submission or CSV for detailed analysis
- Click Download
- Retain the export as evidence of the data discovery activity
[Your administrator should establish a standard process for documenting and retaining on-demand scan records, particularly those run in response to security incidents or compliance audits.]
Best practices:
- Always confirm the assigned agent is Online before creating a job โ a job assigned to an Offline agent will remain Queued indefinitely
- For incident response scans leave the Include Extensions field blank and enable all PII classes for maximum coverage
- Use descriptive job names that capture the date, scope, and reason for the scan so the Jobs page serves as an auditable record
- Begin reviewing results in LT Auditor-MP as the scan runs rather than waiting for completion โ this is especially important during incident response
- Export and retain scan results immediately after completion, particularly for incident response or audit-driven scans
- For recurring scans of the same path consider creating a schedule rather than repeatedly creating manual jobs
[Your administrator should document the on-demand scan process as part of your organization’s incident response and compliance procedures so it can be followed consistently by any team member.]