"

Why reports reflect folders that were not supposed to be scanned?

Last review: Oct 10, 2013
https://kb.netwrix.com/805
Copy Article URL Copied

A few shares are enabled, but in the reports, you are seeing a folder that wasn’t supposed to be scanned.


For the most part, the product collects events from the Windows Security log. If a UNC path is specified in Managed Items as “\server\share\folder”, but the actual share is “\server\share”, in your report¬†you can get events related to “\server\share\folder2” which was not supposed to be scanned. Take a closer look at the reported folders’ audit settings – it can be inherited from some of the root folders and make it appear in reports. Also, you can use the omitstorelist.txt file which is located in the product installation directory to exclude any folder or file from being reported.

Go Up