ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Endpoint Prevent Filesystem Monitoring Creating Duplicate Incidents


Article ID: 159607


Updated On:


Data Loss Prevention Endpoint Prevent


I have Hard Drive Monitoring turned on for Endpoint Prevent.  When someone edits a Word Document with sensitive data, I get multiple incidents for the same file.


Endpoint checks the files to determine the filetype, not relying on the file name.  Microsoft Office products create temporary files while a file is being edited.  This tempory file is saved on regular intervals.  If this file is being saved into a directory that is being monitored, we will monitor the temporary files. 

This is expected behavior.