SCSP / DCS flags a File Modification events when a change is made to the files Access Control List (ACL).
Last Updated January 14, 2015
You wish to know why a file modification event is generated by the DCS / SCSP IDS File Watch collector when only the ACL of a file is changed and not the actual file content.
A file modification event is triggered when there is change to a files attributes. If the ACL of a file is changed, the permission bitmask of that file is also changed, triggereing a file modification event.
If the contents of the file are changed, then the modified date of the file will also be changed. However, if only the ACL of the file is modified and not the content, the event description will not have modified date information.
This behavior is by-design.
Imported Document ID: TECH227591
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe