Issue Types and Remediation

Learn about the different issues Protect will look for when scanning your Egnyte Connect source and how to take action on those issues.

Most of the ignored issues can be reopened from the associated list if necessary.

Skip Ahead to...

Public Links

External Sharing

Unusual Access

Compromised Account

Ransomware Infection

Open Access

Individual Permissions

Empty Group

Unused Group

Issue Types
 

Public Links

The folder or file is accessible via a public link without a password. The public link may or may not have an expiration date.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

Focus on high severity issues and issues with sensitive data.

If a public link is older than six months to a year, delete the link.

If it's a newer link, contact the user to discuss deleting the link or re-issuing it with password protection or as a private link.

Fixes

Delete Links

Ignore

Delete Links: Delete the link and reissue it with a password or as a private link (if the link is still needed). When the links are deleted, they'll be inaccessible immediately.

Ignore: The issue will be marked as ignored and an issue will not be created if the item is shared through a public link again.

Note: Public links with an expiration date will appear as an open issue until the expiration date passes. After the date passes, the issue will be immediately resolved.

Connect Controls

Link Controls: Disable public links, public links without a password, or public links without an expiration date. Set default expiration date limits.

Folder-based Controls: Disable public links from specific folders.

 

Protect Controls

Content-based Controls: Disable public links containing specific types of content (Coming Q2 2019)

 

 

External Sharing

A folder is shared with Standard Users within Egnyte Connect.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

Focus on high severity issues and/or issues with sensitive data.


Contact the user to assess the necessity of the access level and determine whether ongoing collaboration is necessary. Additionally, discuss the scope of the access and whether it should be narrowed to just what is necessary (e.g., a sub-folder instead of a main folder).

Tip: Review audit reports in Connect to assess the level of collaboration.

Fixes

Remove Permissions: If the level of access is not necessary, remove or adjust the permissions in Egnyte Connect.

Adjust External Sharing Whitelist: If ongoing collaboration is needed, add the Group or email domain to the whitelist in Settings under User Directories.

Ignore

 

Remove Permissions: Permissions will be adjusted to comply with the least-privileged access.

Adjust External Sharing Whitelist: Sharing with Standard Users in the specified Group or domain will no longer create an External Sharing issue in Protect.

Note: The whitelist should be reserved for long-term collaborators. If possible, leverage Groups to simplify control.

Ignore: The issue will be ignored, and additional issues will not be created if the item is externally shared again.

Protect Controls

External Sharing Whitelist: Determine the long-term external parties commonly collaborated with and proactively add them to the whitelist.

 

 

Unusual Access

Egnyte Protect builds a profile of how each user typically downloads and deletes data. When a large number of files are downloaded or deleted, the activity is compared to the profile. Variances from the pattern, which takes seasonality into account, will be flagged.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

Focus on high issues with high variance and issues with sensitive data or involving very large numbers of files (e.g., >500, >1000, etc.).


Contact the user for an explanation unless the behavior is clearly suspicious or user is known to be disgruntled.

Fixes

Disable Account

Ignore This Occurrence

 

Disable Account: The user's account will be disabled, and they will not be able to access any additional content from within Connect.

 

Ignore This Occurrence: This instance of unusual access will be ignored. Egnyte Protect will continue to monitor the user for unusual access.

Note: Because unusual access issues are event-based, if ignored, they will not appear under ignored status.

Note: Egnyte Protect requires 60 days of events in Egnyte Connect to build a profile for user behavior; this includes events prior to Egnyte Protect being enabled.

 

 

Compromised Account

Access from two different locations at a similar time or access from a restricted country.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

For Concurrent Login issues, contact the user to investigate issue trigger.


For Restricted Country Login issues, contact the user to determine whether the login was legitimate.

Fixes

Reset Password

Disable User Account

Ignore This Occurrence

Add User Exception

Edit IP Address Whitelist

Edit Restricted Country List

Reset Password: The user's password will be disabled, and they will be prompted to reset their password. The user can reset their password, thus re-enabling their access to Connect with updated credentials.

Disable Account: The user's account will be disabled, and they will not be able to access any additional content from within Connect.

Ignore This Occurrence: Only this compromised account instance will be ignored. Egnyte Protect will continue to monitor this user for evidence of a compromised account in the future.

Add User Exception: When IT members remote into employee's machines to troubleshoot, you can add them to the list in Settings, under Analysis Rules, in the Compromised Account section.

Edit IP Address Whitelist: When users must utilize a VPN, you can exempt their IP address range in Settings, under Analysis Rules, in the Compromised Account section.

Edit Restricted Country List: Remove countries with known employees from the Restricted Country list.

Protect Controls

User Exception and IP Address Whitelist: Determine users who share credentials and IP ranges of VPNs and proactively add them as exceptions.

 

 

Ransomware Infection

Indicates the possibility of a ransomware infection due to the presence of known "ransom notes" or file extensions associated with ransomware.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

Contact the user to confirm the ransomware infection (e.g., files encrypting, file extensions changing, file names becoming garbled) and disable the user account. The originating virus must be identified and removed as malware. Work with Egnyte to identify affected files and roll back to the last good version.

If the user cannot confirm further evidence of ransomware, determine with the user whether the file detected as a ransom note is valid.

Fixes

Disable User Account

Ignore

Disable Account: User's account will be disabled, and the ransomware virus will not be able to use the credentials to encrypt or change any more data.

Ignore: Only this ransomware instance will be ignored. Egnyte Protect will continue to monitor this user for evidence of ransomware in the future.

 

 

 

Open Access

A folder is shared with designated large groups (All Standard Users and/or All Power Users are the default groups).

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

Focus on issues involving sensitive data

Fixes

Remove Permissions

Ignore

Reset Password: Permissions for the group must be manually adjusted or removed in Egnyte Connect.

Ignore: Sharing from that folder with the group(s) designated under Open Access will no longer trigger an issue.

 

 

 

Individual Permissions

The folder has been shared with an individual rather than a group. Best practices dictate that folders should be shared with groups.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

Focus on issues involving sensitive data.

Investigate with the folder owner whether group sharing can be enabled or whether individual permissions are required.

Fixes

Remove Permissions

Ignore

Remove Permissions: Permissions for the individual must be manually removed in Egnyte Connect. 

Ignore: Sharing from that folder with the individual will no longer trigger an issue.

 

 

 

Empty Group

A group doesn't contain any users.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

Contact the group owner to determine if the group will be used in the future.

Fixes

Delete Group

Ignore

Delete Group: Delete the group in Egnyte Connect if it will not be used in the future. This action cannot be undone.

Ignore: The specific empty group will no longer trigger an issue.

 

 

 

Unused Group

A group isn't used to grant any folder permissions.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

Contact the group owner to determine if the group will be used in the future.

Fixes

Delete Group

Ignore

Delete Group: Delete the group in Egnyte Connect if it will not be used in the future. This action cannot be undone.

Ignore: The specific unused group will no longer trigger an issue.

 

Egnyte Community

Egnyte Community

Want to connect with other Egnyte users and our Egnyte team? Share ideas and ask questions in our Community .