When Safetica analyzes files for sensitive content, the analysis can result in different states - from fully or partially analyzed files to failures for various reasons. This article explains the different states that content analysis can end up in.
In the Data section > Sensitive content analysis column, you can see whether the content analysis finished successfully or not. You can also filter the records based on specific content analysis states:
- Analysis failed: File encrypted – The file could not be analyzed because it was encrypted.
- Analysis failed: Unreadable content – The file could not be analyzed because its contents couldn’t be processed (this happens mostly in case of binary or multimedia files (exe, db, mp4, mp3, etc.)).
- Fully analyzed – The entire file was analyzed successfully.
- Partially analyzed – Only part of the file was analyzed because the analysis timed out before completion.
- Not analyzed – No analysis was performed (usually due to policy settings).
Time limits for content analysis
Safetica uses different timeout durations depending on when the analysis occurs:
- Data in motion analysis: Timeout is shorter to avoid disrupting users’ work (files are analyzed while users are actively working with them). Partial analyses are more likely.
- Data at rest analysis: Timeout is longer to allow for a more complete analysis, and because performance impact is less critical (analysis runs in the background - e.g., data discovery). Partial analyses may still occur for unusually large or complex files.
Behavior of content analysis with Allow policies
When an Allow policy is applied:
- Content analysis is skipped: The file content is not analyzed for sensitive data.
- Operation is still recorded in the Data section:
- Sensitive content analysis column shows: Not analyzed.
- Operation Context column shows: Content not analyzed – allow policy. This explicitly indicates that content analysis was bypassed due to policy configuration.