Confirm that the default filters have not removed final "Ignore" wildcard:
Enforce > System > Servers > Overview > {endpoint server} > Configure > Agent Monitoring
Ignore CD/DVD, Local Drive type = *
If leaving a wildcard in place is unacceptable, at a minimum, be sure the above filter includes *.ini. That is because this issue relates to the desktop.ini file (a hidden file).
Additionally, this may be related to having both SEP & DLP on the machine - in at least one case the following was recorded by the DLP Agent log:
DIM File Detection Request Details :
file: C:\Users\<username>\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
In the above instance, it was found that "If SEP excludes the users directory, or if we ignore *.ini for CD/DVD, then there is no issue".
Regardless of the detail, this seems to occur only if customers have changed the default filters on the Agent Monitoring tab in an Endpoint Server's configuration.
--------------