Linux Agent File Creation Control Rule or a Rapid Config (ex: Linux Hardening) reporting some file modifications as deletes, examples:

An attempt to delete '/etc/hosts' by 'root' was blocked because of Custom Rule.

'/etc/hosts' was deleted by 'root'.

• Linux Agent: All Supported Versions

• Report Write Rules do not track just writes, they include the following operations:

  Write, Delayed Write, Delete, Rename, Create, ChangePermission, ChangeOwner

• When editing files, depending on how the editor modifies the files the Operating System may only report Delete.
  • The Agent relies on what operations the Operating System reports.

• There is no workaround in this situation as the Agent relies on the Operating System to report these operations.
• The editor is performing those operations, as reported by the Operating System to the Agent.