search cancel

Endpoint Prevent Filesystem Monitoring Creating Duplicate Incidents


Article ID: 159607


Updated On:


Data Loss Prevention Endpoint Prevent


I have Hard Drive Monitoring turned on for Endpoint Prevent.  When someone edits a Word Document with sensitive data, I get multiple incidents for the same file.


Endpoint checks the files to determine the filetype, not relying on the file name.  Microsoft Office products create temporary files while a file is being edited.  This tempory file is saved on regular intervals.  If this file is being saved into a directory that is being monitored, we will monitor the temporary files. 

This is expected behavior.