Activated the Securlet with "Selective Scan" option and configured scan policy for those specific user, group, or file path. However, Investigate events still show activity for additional users and directories, even those outside the scan policy. 

The Scan Policies are for Securlet reporting. The results showing on the Securlet dashboard will reflect the scan policy. Only risks and exposures within the scan policy will be reported on the Securlet dashboard and in Securlet reports. 

Working as designed.