Welcome to
Help Desk

Product Updates
Training
Support
Ideas Contact Support

Learn about the different issues Egnyte Secure & Govern will look for when scanning your supported content source and how to take action on those issues. 

All of the dismissed issues can be reopened from the associated list if necessary. 

Skip Ahead to...

Inactive Users

Public Links

External Sharing

Unusual Access

Suspicious Login (Formerly Compromised Account)

Probable Ransomware (Formerly Ransomware Infection)

Open Access

Individual Permissions

Empty Group

Unused Group

Issue Types 

Inactive Users

Detects users that have not logged in or had any activity within a content source.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

 

Focus on high severity issues involving external users first then review issues involving Non-Admins

Contact the person who originally added the user to the content source (e.g. issue initiator)

Contact the user to determine why they have not been active.

 

Fixes

Delete Links

Dismiss

 

Deactivate User Account: The user's account will be deactivated, and they will not be able to access any additional content from within the content source.

Dismiss: This Inactive User issue will be dismissed and the user will be whitelisted.  No new Inactive User issues will be created if the user. 

Note: Dismissed issues can be reviewed and re-opened using the “Dismissed” status filter within Secure & Govern issues view

 

 

 

 

 

Public Links

The folder or file is accessible via a public link without a password. The public link may or may not have an expiration date.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

 

Focus on high severity issues and issues with sensitive data.

If a public link is older than six months to a year, delete the link.

If it's a newer link, contact the user to discuss deleting the link or re-issuing it with password protection or as a private link.

 

Fixes

Delete Links

Dismiss

 

Delete Links: All Public links will be deleted for the folder/file, but users can create a new link with a password or as a private link (if the link is still needed). When the links are deleted, they'll be inaccessible immediately. A new Public issue will be created the next time a user generates a public link.

Dismiss: The issue will be marked as dismissed and the folder/file will be whitelisted. No new issues will be created if the folder/file is shared through a public link again.

Note: Public links with an expiration date will appear as an open issue until the expiration date passes. After the date passes, the issue will be immediately resolved.

Note: Dismissed issues can be reviewed and re-opened using the “Dismissed” status filter within Secure & Govern issues view

 

Egnyte Collaborate Controls

Link Controls: Disable public links, public links without a password, or public links without an expiration date. Set default expiration date limits.

Folder-based Controls: Disable public links from specific folders.

 

Secure & Govern Controls

Content Safeguards: Disable public links containing specific types of content

 

 

External Sharing

A folder is shared with Standard Users (Egnyte) or External Users within a content source.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

 

Focus on high severity issues and/or issues with sensitive data.

Contact the user to assess the necessity of the access level and determine whether ongoing collaboration is necessary. Additionally, discuss the scope of the access and whether it should be narrowed to just what is necessary (e.g., a sub-folder instead of a main folder).

Tip: Review audit reports in Egnyte Collaborate or other supported content sources to assess the level of external sharing.

 

Fixes

Remove Permissions

Dismiss

 

 

Remove Permissions: Permissions will be adjusted to comply with the least-privileged access.

Dismiss: The issue will be dismissed, and additional issues will not be created if the item is externally shared again.

Note: Dismissed issues can be reviewed and re-opened using the “Dismissed” status filter within Secure & Govern issues view

 

Remove/Adjust Permissions: If the level of access is not necessary, remove or adjust the permissions in the content source.

Adjust External Sharing Allowed List: The External Sharing allowed list, found in Secure & Govern, should be reserved for long-term collaborators. If possible, leverage Groups to simplify control.

 

 

Unusual Access

Egnyte Secure & Govern builds a profile of how each user typically downloads and deletes data. When a large number of files are downloaded or deleted, the activity is compared to the profile. Variances from the pattern, which takes seasonality into account, will be flagged.

Please Note: For Unusual Access detections to occur, our ML model requires 60 days of history for each user. Waiting 60 days ensures our ML model is properly trained on a user's usage patterns and to prevent a high number of false-positives.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

 

Focus on high issues with high variance and issues with sensitive data or involving very large numbers of files (e.g., >500, >1000, etc.).

Contact the user for an explanation unless the behavior is clearly suspicious or user is known to be disgruntled.

Note: Egnyte Secure & Govern requires 60 days of user data collection to build a profile for user behavior; this includes events prior to Egnyte Secure & Govern being enabled.

 

Fixes

Deactivate User Account

Dismiss This Occurrence

Mark as Resolved

 

 

Deactivate User Account: The user's account will be deactivated, and they will not be able to access any additional content from within the content source.

Dismiss This Occurrence: This instance of unusual access will be dismissed. Egnyte Secure & Govern will continue to monitor the user for unusual access.

Mark as Resolved: This instance of unusual access will be resolved. Egnyte Secure & Govern will continue to monitor the user for unusual access.

 

 

Adjust Threshold Settings: Unusual access threshold settings can be adjusted to reduce the number of issues created.

Threshold:

Low = most issues

high = fewest issues

Minimum number of files: Increasing the default setting of 10, will reduce the number of issues

 

Default Threshold Configuration Settings

mceclip3.png

Note: Initially, customers may see in an increase in Unusual Access detections involving Windows Explorer (explorer.exe). This is due to the current limitation of Windows Explorer which prevents differentiating between files accessed during a windows search and actual user file downloads. The number of detections will reduce over time as our ML model adjusts to a users behavior.

Learn more about detecting unusual access by watching a Quick Tip on Egnyte University: Detect Unusual Access of Content

 

 

Suspicious Login

Identifies unusual and impossible user login activity between two locations or from a restricted country.

Please Note: Only Public IP addresses can be used when whitelisting an IP address. Local IP addresses are not supported.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

 

For Unusual or Impossible Login issues, contact the user to investigate issue trigger.


For Restricted Country Login issues, contact the user to determine whether the login was legitimate.

 

Fixes

Reset User Password

Deactivate User Account

Add Exceptions

Edit IP Address Whitelist

Edit Restricted Country List

Dismiss This Occurrence

Mark as Resolved

 

Reset User Password: The user's password will be disabled, and they will be prompted to reset their password. The user can reset their password, thus re-enabling their access to the content source with updated credentials.

Deactivate User Account: The user's account will be deactivated, and they will not be able to access any additional content from within content source.

Add Exceptions: Add a concurrent login exception for a user which allows the user to login from multiple locations.

OR

Edit restricted country list to allow access from a specific country.

Edit IP Address Whitelist: When users must utilize a VPN, you can exempt their IP address range in Settings, under Analysis Rules, in the Suspicious section. Please note, both IP addresses must be whitelisted to prevent further detections for the user.

Dismiss This Occurrence: Only this suspicious login instance will be dismissed. Egnyte Secure & Govern will continue to monitor this user for evidence of a suspicious login instance in the future.

Mark as Resolved: This instance of suspicious login will be resolved. Egnyte Secure & Govern will continue to monitor the user for suspicious logins.

 

Secure & Govern Controls

User Exception and IP Address Allowed list: Determine users who share credentials and IP ranges of VPNs and proactively add them as exceptions.

Note: Impossible user login activity are logins that occur from distant locations within a time window that would be impossible for an individual to travel between the two points

 

 

Probable Ransomware

Indicates the possibility of a ransomware infection due to the presence of known "ransom notes" or file extensions associated with ransomware.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

 

Contact the user to confirm the ransomware infection (e.g., files encrypting, file extensions changing, file names becoming garbled) and disable the user account. The originating virus must be identified and removed as malware. Work with Egnyte to identify affected files and roll back to the last good version.

If the user cannot confirm further evidence of ransomware, determine with the user whether the file detected as a ransom note is valid.

 

Fixes

Deactivate User Account

Restore Content

Whitelist File Extension

Dismiss This Occurrence

Mark as Resolved

 

Deactivate User Account: User's account will be disabled, and the ransomware virus will not be able to use the credentials to encrypt or change any more data.

Restore Content: Restore your content to a specific point in time using snapshots. Please note, this action is only available for Egnyte content sources.

Whitelist File Extension: Whitelist detected file extensions to prevent future probable ransomware detections for those file extension(s).

Dismiss This Occurrence: The user will NOT be whitelisted. Egnyte Secure & Govern will continue to monitor this user for evidence of ransomware in the future.

Mark as Resolved: This instance of Probable Ransomware will be resolved. Egnyte Secure & Govern will continue to monitor the user for probable ransomware.

 

Note: Because entropy-based Probable Ransomware issues are event-based, if ignored, they will not appear under ignored status.

 

 

 

Open Access

A folder is shared with designated large groups (All Standard Users and/or All Power Users are the default groups).

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

 

Focus on issues involving sensitive data

 

Fixes

Remove Permissions

Dismiss

 

Remove Permissions: Permissions for the group are removed for the selected folder.

Dismiss: Sharing from that folder with the group(s) designated under Open Access will no longer trigger an issue.

 

 

 

Individual Permissions

The folder has been shared with an individual rather than a group. Best practices dictate that folders should be shared with groups.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

 

Focus on issues involving sensitive data.

Investigate with the folder owner whether group sharing can be enabled or whether individual permissions are required.

 

Fixes

Remove Permissions

Dismiss

 

Remove Permissions: Permissions for the individual user are removed for the selected folder.  

Dismiss: Sharing from that folder with the individual will no longer trigger an issue. 

 

 

 

Empty Group

A group that doesn't contain any users.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

 

Contact the group owner to determine if the group will be used in the future.

 

Fixes

Delete Group

Dismiss

 

Delete Group: The specified group is deleted from the content source. This action cannot be undone.

Dismiss: The specific empty group will no longer trigger an issue.

 

 

 

Unused Group

A group isn't used to grant any folder permissions.

Issue Review Process Issue Resolution Options Resolution Impact Preventing the Issue

 

Contact the group owner to determine if the group will be used in the future.

 

Fixes

Delete Group

Dismiss

 

Delete Group: The specified group is deleted from the content source. This action cannot be undone.

Dismiss: The specific unused group will no longer trigger an issue.

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful

For technical assistance, please contact us.