When files are being saved or uploaded to a SharePoint or cloud storage destination they are generating incidents. This happens when the ignore filter is configured in the agent configuration for that specific http(s) website.
This issue usually manifests as detection on files being saved from Microsoft Office products to Cloud storage / SharePoint locations.
First check the following items.
1. Check the Agent Overview and verify the Agent Configuration matches the configuration that has the filter applied.
2. Verify that the Agent Configuration has been applied to the Agent Group and is updated.
3. Make sure the agent has an updated configuration by checking the time / date stamp on the cg.ead file on the client or looking at the last update time in the Agent Overview in Enforce.
If the issue persists then check the format of the filter. A valid http(s) filter for web sites looks something like: (note the following is not valid for SharePoint shares / Cloud storage)
While that filter will prevent incidents from generating http(s) incidents to the test.com web site it will not work for Cloud sync applications.
As per the Administrator guide, under Cloud Storage settings, the filter must have an asterisk after the filter entry. To properly filter SharePoint / Cloud storage saves to test.com the filter entry must look like:
After applying the above syntax to the Agent Configuration filter the agent will no longer generate incidents when saving to the share. See the Admin Guide for more details.