API Protection scans
API Protection utilizes two different types of DLP Scans to provide visibility and controls.
Ongoing Scan: Activates once a policy is defined for the instance AND when a file/action matches the policy scope
Only applies when any content is created or modified after policy deployment
Does NOT apply policy against any prior existing data (created/modified before policy deployed)
Malware policy is implicitly applied for any file activity from initial setup forward (it does not require explicit policy)
Retroactive Scan: Retroactively scans i.e., provides 'lookback' against all existing files matching the retroactive scan definition
Must be manually launched after defining instance scope and policy targets
Multiple policies can (and should) be combined in a single retroactive scan
