Condition where a user uses the the Windows 10 search bar and write there the network address for the network folder, we receive the false positive for a folder in the same structure that the user doesn't have access.
In this case the subfolder is shared directly. Windows is generating an event and therefore it is not a false positive that a Folder open event is generated. The folder is being opened and an access denied is being generated:
Unfortunately, process exclusions do not work when files\folders are accessed through a share since Windows does not provide the process name formation in the connection.
Using "Access based enumeration" can help prevent these types of false positives
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center