We have noticed a steady increase in events related to MacOS endpoints and removable media activity for an application called doubledagent. it appears that this is related to the file storage/system’s format and how MacOS handles extended attributes of files (saving parts of them in two files).

Multiple detection requests from DoubleAgent.framework in macOS is causing duplicate incidents

Work around:  add doubleagentD to application monitoring and whitelist.

Code correction in 25.1 will address several issues introduced by doubleagentD