ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SCSP / DCS flags a File Modification events when a change is made to the files Access Control List (ACL).

book

Article ID: 161623

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Advanced

Issue/Introduction

You wish to know why a file modification event is generated by the DCS / SCSP IDS File Watch collector when only the ACL of a file is changed and not the actual file content.

Cause

A file modification event is triggered when there is change to a files attributes. If the ACL of a file is changed, the permission bitmask of that file is also changed, triggereing a file modification event.

Resolution

If the  contents of the file are changed, then the modified date of the file will also be changed. However, if only the ACL of the file is modified and not the content, the event description will not have modified date information.

This behavior is by-design.