Where to see whether content analysis finished successfully

When Safetica analyzes files for sensitive content, the analysis can result in different states - from fully or partially analyzed files to failures for various reasons. This article explains the different states that content analysis can end up in.

In the Data section > Sensitive content analysis column, you can see whether the content analysis finished successfully or not. You can also filter the records based on specific content analysis states:

  • Analysis failed: File encrypted – The file could not be analyzed because it was encrypted.
  • Analysis failed: Unreadable content – The file could not be analyzed because its contents couldn’t be processed (this happens mostly in case of binary or multimedia files (exe, db, mp4, mp3, etc.)).
  • Fully analyzed – The entire file was analyzed successfully.
  • Partially analyzed – Only part of the file was analyzed because the analysis timed out before completion.
  • Not analyzed – No analysis was performed (usually due to policy settings).

 

Time limits for content analysis

Safetica uses different timeout durations depending on when the analysis occurs:

  • Data in motion analysis: Timeout is shorter to avoid disrupting users’ work (files are analyzed while users are actively working with them). Partial analyses are more likely.
  • Data at rest analysis: Timeout is longer to allow for a more complete analysis, and because performance impact is less critical (analysis runs in the background - e.g., data discovery). Partial analyses may still occur for unusually large or complex files.

 

Behavior of content analysis with Allow policies

When an Allow policy is applied:

  • Content analysis is skipped: The file content is not analyzed for sensitive data.
  • Operation is still recorded in the Data section:
    • Sensitive content analysis column shows: Not analyzed.
    • Operation Context column shows: Content not analyzed – allow policy. This explicitly indicates that content analysis was bypassed due to policy configuration.