search cancel

SCSP / DCS flags a File Modification events when a change is made to the files Access Control List (ACL).


Article ID: 161623


Updated On:


Critical System Protection Data Center Security Server Advanced


You wish to know why a file modification event is generated by the DCS / SCSP IDS File Watch collector when only the ACL of a file is changed and not the actual file content.


A file modification event is triggered when there is change to a files attributes. If the ACL of a file is changed, the permission bitmask of that file is also changed, triggereing a file modification event.


If the  contents of the file are changed, then the modified date of the file will also be changed. However, if only the ACL of the file is modified and not the content, the event description will not have modified date information.

This behavior is by-design.