Endpoint Prevent Filesystem Monitoring Creating Duplicate Incidents

book

Article ID: 159607

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

I have Hard Drive Monitoring turned on for Endpoint Prevent.  When someone edits a Word Document with sensitive data, I get multiple incidents for the same file.

Resolution

Endpoint checks the files to determine the filetype, not relying on the file name.  Microsoft Office products create temporary files while a file is being edited.  This tempory file is saved on regular intervals.  If this file is being saved into a directory that is being monitored, we will monitor the temporary files. 

This is expected behavior.