Discover incidents shows date modified older than date of creation of a file.
search cancel

Discover incidents shows date modified older than date of creation of a file.

book

Article ID: 263411

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Endpoint Discover Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Discover

Issue/Introduction

While reviewing DLP discover incidents, you observe incidents are generated for a file with older date of modification than date of creation of the file.

Environment

DLP 15.8 and above.

Cause

NA

Resolution

This happens due to how windows explorer handles date of a creation and date modified of a file.

If you move a file from one location to another the date of creation changes to the current date however the date modified remains the same (older date).

Due to this behavior files can have date modified older than date created.

Powered by Wolken Software