About the search criteria options
Compliance Accelerator groups the search criteria options into multiple sections, which are described below. Click the arrow icons at the right to expand or collapse the sections.
When you construct a search that contains multiple options, pay attention to how each option interacts with the others in the search properties pane. Compliance Accelerator links all the selected options together with Boolean AND operators rather than OR operators. For example, suppose that you construct a search whose criteria include the following:
A data range in the Date range section
A search term in the Search terms section
A file extension in the Attachments section
The search results contain only those items that match all the search criteria. Compliance Accelerator ignores any items that match some of the search criteria options but not others.
The search properties pane has the following sections:
The Search section identifies the search and specifies when it runs.
Identifies the department or research folder in which the search will run. In
the case of an application-wide search, this is <All Departments>.
Specifies a name for the search, such as "Daily Message Capture
Based on Search
select an existing search as the basis on which to set the criteria for the new search.
Save results in
If displayed, lets you
select a location in which to save the results. Select New folder in
<Context> in the drop-down list if you want to specify the details of a new
folder in which to save the results.
This option is available only
when you create a search in a folder that is not linked to any department (you have selected "My Research" in the left
Specifies whether the search runs immediately or at a scheduled time. If
you select Scheduled, you can specify a period during which the search is to run. You can also choose from one of a number
of existing schedules.
See Building Compliance Accelerator search schedules
can also conduct guaranteed sample searches. Each guaranteed sample search runs at the selected
sampling time, which is 1:00 A.M. by default. If the search returns fewer results than your monitoring policy demands,
Compliance Accelerator adds randomly-sampled items to the review set to make up the shortfall. In effect, therefore, you can
assemble more focused review sets that are weighted towards search-specific results instead of purely randomly-sampled
Automatically accept search results
Specifies whether to add the search results to the review set
automatically. This option may be useful for any proven searches that you intend to run on a regular basis. If you check
, you cannot reject the results and change the search
criteria. We recommend that you uncheck until you have
tested that the search returns the expected results.
A search that returns an error from any archive is not
automatically accepted, regardless of this setting.
Include items already in review
Specifies whether the search results can include the items that you have
previously captured and added to the review set. For an immediate search or scheduled search, we recommend that you check
this box to ensure that the results include the items that may already be in review from other searches.
The Sampling section lets you sample the search results and add a random selection of items to the review set.
Compliance Accelerator does not deduplicate randomly-sampled items.
Specifies the percentage of
search results to include in the review set. You can specify fractions, as in 10.25.
You may not be able to
change the sampling percentage if the owner of department has locked this setting in the department properties.
Minimum per author
Specifies the minimum number of items per author to
include in the review set. If there are no items for an author in the search results, none can be included in the sample.
Note that as the authors can be from outside the selected department, you may return more search results than
Sets an upper limit on the total number of search
results to add to the review set. This option takes precedence over any values that you set in the Percentage box and
Minimum items per employee box.
Date range section
The Date range section lets you search for items according to when they were sent or received.
Today / Yesterday / Last 7 days / Last 14 days / Last 28 days
Limits the search to items that were sent or received during the selected
period. The date ranges are relative to when the search runs, which is today in the case of an immediate search.
You may find these options useful when creating a scheduled, recurrent search that runs once every day,
week, two weeks, or four weeks. For example, if the search runs once a week, select
to limit the range to the days since the search last ran.
Specific date range
Lets you search the items that were sent or received during a longer or
more specific period than the other date range options permit. To enter a date, click the options at the right of the
From and To boxes and then select the required date. Unlike the other date range
boxes, a specific date range remains static and not relative to when the search runs.
Since search last ran
For a scheduled search only, lets you search the new items that have
arrived since the last time you ran the search. This option is similar to options such as Today and Yesterday. However, it
lets you set an explicit start date for the first run of the search.
By default, this option searches from the date of the last run (or the start date for the first search)
to the current day minus 1 (that is, up to yesterday).
Authors and Recipients section
The Authors and Recipients section targets the departments for the search and the direction of the items to search. Any departments that you have organized into partitions can only search items to and from departments in the same partition.
Specifies the direction
in which the items for which you want to search have traveled. You can search for the items that are to or from the
selected departments, and for the items that have traveled between the selected departments and other
The available message route options can depend on the date range that you have specified and on
how Compliance Accelerator has been configured.
Specifies whether to apply the search to any of or all of the selected
departments and employees.
automatically include new departments
For application-wide searches only, lets you
specify whether to apply the search to the subdepartments of the selected departments. By default, any new departments that
are subdepartments of others automatically inherit any active, recurring searches that you have applied to those
departments. This is also true of any existing departments that you move under departments that have recurring
Specifies the departments and employees that you want to include in the
search. Click the arrows to the left of the department names to expand them and view the nested departments and exception
When you select a department, you do not automatically include any exception employees in the
department. To search exception employees, you must select each one explicitly.
Freeform email addresses / domains
Lets you type one or more email addresses and domains. Type each address or domain on a line of its
own to search for the items whose From, To, CC, or BCC field contains any of the addresses or domains. Type all the
addresses and domains on a single line to search for items in which they are all present.
Place the minus sign
(-) in front of an address or domain to exclude it from the search. To exclude multiple addresses or domains, type them all
on a single line.
This field is not available for all possible message
Search terms section
The Search terms section specifies the words or phrases for which Compliance Accelerator should search in the subject lines of items and their bodies. By default, when you search for words in both the subject of an item and its content, Compliance Accelerator finds those items that meet one or both criteria. However, it is possible to set up Compliance Accelerator so that only those items that meet both criteria are found.
Searches for those items
that contain any or all of the specified words or phrases in either their subject lines or the file names of their
Searches for those items that contain any or all of
the specified words or phrases in their bodies and any searchable attachments.
The words or phrases that you specify here are highlighted in the Review pane when you review the items that this search has found.
Observe the following guidelines when you type the words and phrases:
Compliance Accelerator searches are case-insensitive.
If you type multiple words on the same line, Compliance Accelerator treats them as a phrase.
Type each word on a line of its own if you want to use the option or option to refine the search criteria.
In the following example, Compliance Accelerator joins together the three words with an OR operator ("server OR group OR cluster"). Any item that contains one or more of the words matches the search criteria.
Any Of: server
In the next example, Compliance Accelerator joins together the three words with an AND operator ("server AND group AND cluster"). Only those items that contain all three words match the search criteria.
All Of: server
In the following example, Compliance Accelerator joins together the phrase "server group" and the word "cluster" with an AND operator ("'server group' AND cluster"). Only those items that contain both the phrase "server group" and the word "cluster" match the search criteria.
All Of: server group
You can use an asterisk (*) wildcard to represent zero or more characters in your search. Use a question mark (?) wildcard to represent any single character.
A wildcard search always finds items that match your search criteria and that were archived in Enterprise Vault 10.0 or later. To ensure that the search results also include older matching items that are in your archives, enter at least three other characters before the wildcard.
Place a minus sign (-) at the start of a line to indicate that you want to exclude from the search results any items that contain the following word or phrase. For example, the following search term finds the items that contain either of the words "server" and "group" but do not contain the word "cluster" ("(server AND NOT cluster) OR (group AND NOT cluster)"):
Any Of: server
A search term cannot comprise an excluded word or phrase only. When you specify such words or phrases, you must also specify a positive word or phrase that you want to appear in the search results.
Click to choose from a list of hotwords and phrases, if you have previously created one.
See Defining hotwords to search for
Compliance Accelerator ignores any nonalphanumeric characters in the search term, except for those that have special significance, such as the plus sign, minus sign, and question mark.
For example, a search for the term US@100 may find instances not only of US@100 but also of US 100 and US$100. Including nonalphanumeric characters in the search term may therefore return more results than you expect.
The Attachments section lets you search for items with a certain number or type of attachments.
Specifies the required number of attachments. The default option, "Does
not matter", means that the item can have zero or more attachments. All the other options require you to type one or two
values that specify the required number of attachments.
Specifies the file name extensions of particular types of attachments for
which to search. Separate the extensions with space characters. For example, type the following to search for items with
HTML or Microsoft Excel file attachments:
This search option evaluates attachments by their file names
only; it does not check their file type. For example, suppose that a user changes the file name extension of a
.zip file to
.zap and then sends the renamed file as an email attachment. A
Compliance Accelerator search for items that have attachments with a
.zip extension does not find the
email with the renamed attachment.
The contents of some attachments may not be searchable because Enterprise Vault has not indexed
them. In particular, file formats such as Fax and Voice do not have any indexable content.
Some Enterprise Vault registry entries prevent it from indexing the
contents of selected file types. For example, this is the case with the ExcludedFileTypesFromConversion entry. For more
information, see the Enterprise Vault Registry Values guide.
For more information on how
Compliance Accelerator conducts searches in which you have specified file name extensions, see the following article on the
Symantec Support website:
The Miscellaneous section lets you search for items of a certain size and type or that have the specified retention category.
Specifies the size in kilobytes of each item for which to search, as reported by the
message store (Microsoft Exchange, Lotus Domino, and so on). The item size includes the size of any attachments.
Searches for items of the selected types. This option is only
Searches for items to which Enterprise Vault has assigned the selected
The Policies section lets you search for items according to the tags with which any additional policy management software has classified them.
Lets you search for the items that match certain classification policies. There are
several types of policies:
Inclusion. Any item that your policy management
software has classified for inclusion in the review set may be guilty of the most serious offenses, such as swearing,
racism, or insider trading. You would normally want to ensure that the items exhibiting any of these
features were included in your review set.
Exclusion. Spam items and newsletters are
typical examples of the items that your policy management software may classify for exclusion from the review
Category. Your policy management software may categorize the items that exhibit
certain characteristics, such as containing Spanish text. This type of policy provides no information on whether an item
should be included in or excluded from the review set.
These policy types are not mutually exclusive. Your policy management software may apply multiple policies of
different types to the same item.
Select the required policy type and
then check the names of the policies for which you want to search. Alternatively, you can select
as the policy type and then type the names of one or more policies. Separate multiple
policy names with commas, like this:
If you choose to search for multiple policies, the search results will contain
items that match any one of the policies.
Filter policies by current
Lets you omit from the list those policies
that are not in use in the current department.
See Creating and running Compliance Accelerator searches
See Guidelines on conducting effective searches
See Selecting the archives in which to search