Analysis rules identify issues within your content sources. Each rule embodies a different type of problem.

Empty Group

Detects groups that do not contain any users. This rule helps you keep your data repositories clean so they are easier to manage. Removing empty groups means your users are less likely to grant permissions to the wrong users. 

External Sharing

Detects files and folders accessible by people outside your organization. In the case of Egnyte Connect, this rule flags files and folders shared with Standard Users.

Individual Permission

Detects folders that are directly permitted to individual users, rather than to groups. It is a general security best practice to grant permissions to groups of users rather than individuals.

Malformed Permission

Detects folders where NTFS permissions are not working correctly, due to ACL ordering issues or orphaned inheritance. Malformed Permissions is only supported for Windows File Servers (WFS) and Common Internet File Systems (CIFS)


Open Access

Detects folders that are permitted to groups containing many users. In such situations, folders may be accessible by many more people than intended.

Certain groups will automatically be included in this rule such as All Power Users, but if you’d like to add additional groups, you can select them by clicking on the rule and then clicking on the setting under General Rule Settings.


Public Link

Detect files and folders accessible via public links. These are any links that do not require a password and are not limited to domain users (i.e. they are open to the public).

Unused Group

Detects groups not used to grant any folder permissions. The group may or may not have users in it, but it is not being used in any of the content repositories that Egnyte Protect is overseeing. This rule helps you keep your data repositories clean so they are easier to manage.


Probable Ransomware

Detects user accounts that are potentially compromised by ransomware. This rule allows you to detect ransomware infections early and stop them by disabling impacted user accounts


Unusual Access

Detects users who download or delete an unusually large number of files, which may indicate malicious activity. This rule helps you keep a close tab on the activity of all your users and reduce insider threats to your data.

Suspicious Login

Detects anomalous user login activity that may indicate a compromised account. The rule looks for concurrent logins that originate from two different locations and logins from restricted countries. It helps you ensure that all the user accounts are safe. You can customize the rule to your needs by allowing a range of IP addresses from which you would expect your users to log in, flagging user accounts that you expect will have concurrent logins, or removing countries from the restricted list. 


For more information, please see the following articles